You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2022/04/20 13:13:00 UTC

[jira] [Updated] (NIFI-9919) RSA Private Key Authentication Fails for Azure Blob SFTP

     [ https://issues.apache.org/jira/browse/NIFI-9919?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Handermann updated NIFI-9919:
-----------------------------------
    Status: Patch Available  (was: Open)

> RSA Private Key Authentication Fails for Azure Blob SFTP
> --------------------------------------------------------
>
>                 Key: NIFI-9919
>                 URL: https://issues.apache.org/jira/browse/NIFI-9919
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Extensions
>    Affects Versions: 1.16.0, 1.15.0, 1.14.0
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Minor
>
> Microsoft [Azure Blob Storage|https://azure.microsoft.com/en-us/services/storage/blobs/] supports access using SFTP with either password or private key authentication. [SFTP support for Azure Blob Storage|https://docs.microsoft.com/en-us/azure/storage/blobs/secure-file-transfer-protocol-support] has a limited set of supported algorithms, including the following three algorithms for Public Key authentication:
> * ssh-rsa
> * ecdsa-sha2-nistp256
> * ecdsa-sha2-nistp384
> The documentation lists sshj 0.27.0 as supported, but changes in sshj 0.30.0 to support RSA SHA2 algorithms appear to have created problems with selection of the client key algorithm during the negotiation process. This issue persists in sshj 0.32.0, but appears to be resolved in the current development branch of sshj.
> As a result of this issue, SFTP processors are unable to authenticate to Azure Blob Storage SFTP and return the following error with a valid RSA Private Key:
> {noformat}
> net.schmizz.sshj.userauth.UserAuthException: Exhausted available authentication methods
> {noformat}
> It is possible to workaround the problem with RSA Private Keys using an ECDSA Private Key, which can be generated using the following command on compatible platforms:
> {noformat}
> ssh-keygen -t ecdsa
> {noformat}
> This issue may impact other SFTP servers that support RSA SHA2 host key algorithms, but do not support that algorithm for Public Key authentication.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)