You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Matt Hagenbuch (JIRA)" <ji...@apache.org> on 2019/07/02 13:49:00 UTC
[jira] [Commented] (NIFI-5816) SFTP cannot connect due to JSch
limitations
[ https://issues.apache.org/jira/browse/NIFI-5816?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16876986#comment-16876986 ]
Matt Hagenbuch commented on NIFI-5816:
--------------------------------------
The JSch limitation also applies to the NiFi Registry GitFlowPersistenceProvider. Basically, modern OpenSSH keys cannot be used to authenticate with Git servers using this library as discussed here [https://www.eclipse.org/forums/index.php/t/1095599/]
> SFTP cannot connect due to JSch limitations
> -------------------------------------------
>
> Key: NIFI-5816
> URL: https://issues.apache.org/jira/browse/NIFI-5816
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Affects Versions: 1.8.0
> Reporter: Laurenceau Julien
> Priority: Minor
>
> Hi,
> The JSch library used for SFTP does not support HostKeyAlgorithms=ed25519 whereas it is the current standard. This make SFTP / SSH unusable when dealing with recent openssh config.
> On dbeaver project they switched to sshj.
> [https://github.com/dbeaver/dbeaver/issues/2202]
> [https://community.hortonworks.com/answers/226377/view.html]
> https://stackoverflow.com/questions/2003419/com-jcraft-jsch-jschexception-unknownhostkey
> One more argument against JSch is that it does not support rsa key length other than default (2048).
> ssh-keygen -o -t rsa -b 4096 -f id_rsa -> does not work with nifi
> ssh-keygen -t rsa -f id_rsa -> works with nifi
> Thanks and regards
> JL
> PS : sorry but I do not know nifi deep enough to fill all fields.
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)