Network Automation Software We are currently migrating this forum
over to our HelpSystems domain. Please
post all new threads in our new
HelpSystems Community Portal.
Post to the HelpSystems Forum
You are not currently logged on. You must be logged on in order to post. Log on
Or Create a new account
AutoMate Discussion
Decrease font size
Increase font size
Topic Title: sftp connection with custom cipher
Topic Summary:
Created On: 05/09/2018 06:53 AM
Status: Read Only
Linear : Threading : Single : Branch
Search Topic Search Topic
Topic Tools Topic Tools
View similar topics View similar topics
View topic in raw text format. Print this topic.
 05/09/2018 06:53 AM
User is offline View Users Profile Print this message

Author Icon
Mr. MatthiasStaudt
n00b (>6 posts)

Posts: 4
Joined: 08/31/2017

Hello,

we have a working sftp task for an ftp server. Automate Version is 11.0.2.22. The sftp server owner changed his configuration and is now limiting the possible ciphers.

FTP Logon in our existing task isn't working after we changed our current automate task to connect to the new server. Filezilla (v3.20., actually an old version) can establish a working connection to the new server.
Sadly automate only returns "FTP failed (Error: Connection lost (error code is 10058))".

I'm pretty sure our error is the custom cipher key-exchange algorithm. What I tried as custom cipher (auto adjust doesn't work):

1. Encryption algorithm: Needs to be 'aes256-ctr' which in automate should be 'EA_AES256_CTR'? (Filezilla automatically used 'AES-256 SDCTR')
2. MAC algorithm: Needs to be 'hmac-sha2-256' which in automate should be 'HMAC_SHA2_256' (Filezilla used 'HMAC-SHA2-256')
3. Public key algroithm: RSA
4. Key-Exchange algorithm: It needs to be 'ecdh-sha2-nistp256' and this is where I think it doesn't work. Filezilla tells me it uses 'Doing ECDH key exchange with curve nistp256 and hash SHA-256'.

I can't figure out what I need to use as Key-Exchange algorithm to get it working or if automate can use nistp256?
 05/14/2018 10:58 AM
User is offline View Users Profile Print this message

Author Icon
Devin Cannon
HelpSystems

Posts: 398
Joined: 03/17/2016

Hi,

There's a few things with this. First, AutoMate is currently not compatible with the "HMAC_SHA2_256" option. This is a known issue (bug #21954) and should be addressed in a future update. There is also no "Curve" key-exchange option so another option would need to be selected for both of these settings. If the server will only accept these methods, then the connection will not work.

To work around this you can have WinSCP do the actual upload/download. WinSCP accepts commands via commandline (https://winscp.net/eng/docs/commandline). You can send the commands from AutoMate to WinSCP to do the transfers.

I apologize for the inconvenience with this. Please let me know if you have any further questions.

-------------------------

Devin Cannon | Support Analyst
AutoMate | Division of HelpSystems
HelpSystems, LLC | T: +1.213.738.1700 | F: +1.213.738.7665
Statistics
18258 users are registered to the AutoMate Discussion forum.
There are currently 0 users logged in.
The most users ever online was 5551 on 01/08/2018 at 11:11 AM.
There are currently 482 guests browsing this forum, which makes a total of 482 users using this forum.

FuseTalk Enterprise Edition v4.0 - © 1999-2019 FuseTalk Inc. All rights reserved.

Sitemap Network Automation Software Blog