IBM Support

PH41181: SFTP CONNECTIONS FAIL

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • JSch-0.1.55 was updated to include support for multiple
variations of the ECDSA signature algorithm. However, our
modified version of the JSch JAR file was not updated correctly
to reflect the support for these multiple versions.


This results in failed SFTP connections and a service trace of
the failure shows the following:
SFTPService.JSCH TRACE  'INFO: ' , 'CheckSignatures:
ecdsa-sha2-nistp256, ecdsa-sha2-nistp384,ecdsa-sha2-nistp521'
SFTPService.JSCH TRACE  'INFO: ' , 'ecdsa-sha2-nistp256 is not
available.'
SFTPService.JSCH TRACE  'INFO: ' , 'ecdsa-sha2-nistp384 is not
available.'
SFTPService.JSCH TRACE  'INFO: ' , 'ecdsa-sha2-nistp521 is not
available.'

Local fix

  • NA

Problem summary

  • ****************************************************************
USERS AFFECTED:
All users of IBM Integration Bus and App Connect Enterprise
using the File nodes to connect to SFTP servers secured with the
ECDSA signature algorithm.


Platforms affected:
z/OS, MultiPlatform

****************************************************************
PROBLEM DESCRIPTION:
After upgrading JSch to version 0.1.55, SFTP connections using
the ECDSA signature algorithm start to fail. A service trace
shows the following JSCH TRACE entries:

JSCH TRACE 'CheckSignatures:
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521'
JSCH TRACE 'ecdsa-sha2-nistp256 is not available.'
JSCH TRACE 'ecdsa-sha2-nistp384 is not available.'
JSCH TRACE 'ecdsa-sha2-nistp521 is not available.'
JSCH TRACE 'ssh_dss_verify: signature false'

JSch version 0.1.55 was updated to support multiple variations
of the ECDSA signature algorithm and our product code was not
updated to reflect this.

Problem conclusion

  • The product has been updated to support multiple variations on
the ECDSA signature algorithm.

---------------------------------------------------------------
The fix is targeted for delivery in the following PTFs:

Version    Maintenance Level
v10.0      10.0.0.26
v11.0      11.0.0.16
v12.0      12.0.3.0

The latest available maintenance can be obtained from:
http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27006041

If the maintenance level is not yet available,information on
its planned availability can be found on:
http://www-1.ibm.com/support/docview.wss?rs=849&uid=swg27006308
---------------------------------------------------------------

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PH41181
    • 

  • Reported component name
    IIB Z/OS
    • 

  • Reported component ID
    5655AB100
    • 

  • Reported release
    A00
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2021-10-07
    • 

  • Closed date
    2022-04-26
    • 

  • Last modified date
    2022-04-26
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    IIB Z/OS
    • 

  • Fixed component ID
    5655AB100
    • 



Applicable component levels


    








      
              
                            

              

              [{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNQH8","label":"IBM Integration Bus for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.0"}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            27 April 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback