David Handermann created NIFI-9919:
--------------------------------------
Summary: RSA Private Key Authentication Fails for Azure Blob SFTP
Key: NIFI-9919
URL: https://issues.apache.org/jira/browse/NIFI-9919
Project: Apache NiFi
Issue Type: Bug
Components: Extensions
Affects Versions: 1.16.0, 1.15.0, 1.14.0
Reporter: David Handermann
Assignee: David Handermann
Microsoft [Azure Blob
Storage|https://azure.microsoft.com/en-us/services/storage/blobs/] supports
access using SFTP with either password or private key authentication. [SFTP
support for Azure Blob
Storage|https://docs.microsoft.com/en-us/azure/storage/blobs/secure-file-transfer-protocol-support]
has a limited set of supported algorithms, including the following three
algorithms for Public Key authentication:
* ssh-rsa
* ecdsa-sha2-nistp256
* ecdsa-sha2-nistp384
The documentation lists sshj 0.27.0 as supported, but changes in sshj 0.30.0 to
support RSA SHA2 algorithms appear to have created problems with selection of
the client key algorithm during the negotiation process. This issue persists in
sshj 0.32.0, but appears to be resolved in the current development branch of
sshj.
As a result of this issue, SFTP processors are unable to authenticate to Azure
Blob Storage SFTP and return the following error with a valid RSA Private Key:
{noformat}
net.schmizz.sshj.userauth.UserAuthException: Exhausted available authentication
methods
{noformat}
It is possible to workaround the problem with RSA Private Keys using an ECDSA
Private Key, which can be generated using the following command on compatible
platforms:
{noformat}
ssh-keygen -t ecdsa
{noformat}
This issue may impact other SFTP servers that support RSA SHA2 host key
algorithms, but do not support that algorithm for Public Key authentication.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
