[jira] [Updated] (NIFI-9919) RSA Private Key Authentication Fails for Azure Blob SFTP

Mon, 25 Apr 2022 15:06:05 -0700 


     [ 
https://issues.apache.org/jira/browse/NIFI-9919?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

David Handermann updated NIFI-9919:
-----------------------------------
    Fix Version/s: 1.16.1

> RSA Private Key Authentication Fails for Azure Blob SFTP
> --------------------------------------------------------
>
>                 Key: NIFI-9919
>                 URL: https://issues.apache.org/jira/browse/NIFI-9919
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Extensions
>    Affects Versions: 1.14.0, 1.15.0, 1.16.0
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Minor
>             Fix For: 1.17.0, 1.16.1
>
>
> Microsoft [Azure Blob 
> Storage|https://azure.microsoft.com/en-us/services/storage/blobs/] supports 
> access using SFTP with either password or private key authentication. [SFTP 
> support for Azure Blob 
> Storage|https://docs.microsoft.com/en-us/azure/storage/blobs/secure-file-transfer-protocol-support]
>  has a limited set of supported algorithms, including the following three 
> algorithms for Public Key authentication:
> * ssh-rsa
> * ecdsa-sha2-nistp256
> * ecdsa-sha2-nistp384
> The documentation lists sshj 0.27.0 as supported, but changes in sshj 0.30.0 
> to support RSA SHA2 algorithms appear to have created problems with selection 
> of the client key algorithm during the negotiation process. This issue 
> persists in sshj 0.32.0, but appears to be resolved in the current 
> development branch of sshj.
> As a result of this issue, SFTP processors are unable to authenticate to 
> Azure Blob Storage SFTP and return the following error with a valid RSA 
> Private Key:
> {noformat}
> net.schmizz.sshj.userauth.UserAuthException: Exhausted available 
> authentication methods
> {noformat}
> It is possible to workaround the problem with RSA Private Keys using an ECDSA 
> Private Key, which can be generated using the following command on compatible 
> platforms:
> {noformat}
> ssh-keygen -t ecdsa
> {noformat}
> This issue may impact other SFTP servers that support RSA SHA2 host key 
> algorithms, but do not support that algorithm for Public Key authentication.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

Reply via email to