APAR status
Closed as program error.
Error description
If the "PubkeyAcceptedAlgorithms" returned by the SFTP server do not include 'ssh-rsa' or 'ssh-dss', the File node will fail to connect to the SFTP server and will generate a BIP3381E error with the reason 'public key authentication credentials invalid'.
Local fix
The issue can be work around by setting the JVM system property "jsch.client_pubkey" to specify the Algorithms that can be used. This can be achieved either by modifying server.conf.yaml file ( ResourceManagers/JVM/jvmSystemProperty) ResourceManagers: JVM: jvmSystemProperty:'-Djsch.client_pubkey=<Comma separated list of PubkeyAcceptedAlgorithms>' OR by setting the environment variable IBM_JAVA_OPTIONS (export IBM_JAVA_OPTIONS=-Djsch.client_pubkey=<List of PubkeyAcceptedAlgorithms>).
Problem summary
**************************************************************** USERS AFFECTED: All users of IBM App Connect Enterprise V12.0 using the File nodes with SFTP transfer protocol. Platforms affected: MultiPlatform **************************************************************** PROBLEM DESCRIPTION: The file nodes, when configured to use an SFTP connection, do not currently support 'ssh-rsa' and 'ssh-dss' under Public key Accepted Algorithms and any attempt to use one of these unsupported algorithms may cause the SFTP connection to fail with the error code BIP3381E - 'publickey authentication credentials invalid'.
Problem conclusion
The product has been modified so that the file nodes in SFTP mode now support the Public key Accepted Algorithms 'ssh-rsa' and 'ssh-dss' and correctly establishes connection to the remote sftp server. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v12.0 12.0.12.4 The latest available maintenance can be obtained from: http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27006041 If the maintenance level is not yet available,information on its planned availability can be found on: http://www-1.ibm.com/support/docview.wss?rs=849&uid=swg27006308 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT46263
Reported component name
APP CONNECT ENT
Reported component ID
5724J0560
Reported release
C00
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2024-05-30
Closed date
2024-06-20
Last modified date
2024-06-20
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
APP CONNECT ENT
Fixed component ID
5724J0560
Applicable component levels
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSDR5J","label":"IBM App Connect Enterprise"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"C00","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"}}]
Document Information
Modified date:
21 June 2024