2

I am using camel version 2.13.1,and camel-ftp version 2.13.1. I am trying to connect to sftp server through camel route. I am getting some error related to jCraft Jsch exception as shown below.

org.apache.camel.component.file.GenericFileOperationFailedException: Cannot connect to sftp://uname@serveraddress.com:22
    at org.apache.camel.component.file.remote.SftpOperations.connect(SftpOperations.java:143)
    at org.apache.camel.component.file.remote.RemoteFileConsumer.connectIfNecessary(RemoteFileConsumer.java:154)
    at org.apache.camel.component.file.remote.RemoteFileConsumer.recoverableConnectIfNecessary(RemoteFileConsumer.java:145)
    at org.apache.camel.component.file.remote.RemoteFileConsumer.prePollCheck(RemoteFileConsumer.java:55)
    at org.apache.camel.component.file.GenericFileConsumer.poll(GenericFileConsumer.java:106)
    at org.apache.camel.impl.ScheduledPollConsumer.doRun(ScheduledPollConsumer.java:187)
    at org.apache.camel.impl.ScheduledPollConsumer.run(ScheduledPollConsumer.java:114)
    at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
    at java.util.concurrent.FutureTask$Sync.innerRunAndReset(Unknown Source)
    at java.util.concurrent.FutureTask.runAndReset(Unknown Source)
    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(Unknown Source)
    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
Caused by: com.jcraft.jsch.JSchException: Algorithm negotiation fail
    at com.jcraft.jsch.Session.receive_kexinit(Session.java:582)
    at com.jcraft.jsch.Session.connect(Session.java:320)
    at org.apache.camel.component.file.remote.SftpOperations.connect(SftpOperations.java:115)
    ... 14 more
Nomad
  • 751
  • 4
  • 13
  • 34

2 Answers2

5

Judging from the exception message, it appears that there is no shared key exchange (KEX) algorithms between the client and the SSH server. You can verify this by enabling logging in JSch before you try to connect:

JSch.setLogger(new Logger() {
    @Override
    public boolean isEnabled(int i) {
        return true;
    }
    @Override
    public void log(int i, String string) {
        System.out.println(string);
    }
};

This will output a list of KEX supported by the server and the client, respectively. For example:

kex: server: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

I would expect that you would see that none of the KEX algorithms listed by the server are in the client list. Based on that you can then either enable additional KEX algorithms on the server (provided that you have access to it), or to your client application. For more, also see this page.

If you cannot make changes to the server, you can add support for additional KEX algorithms in one of two ways:

  1. Upgrade JSch to the latest release (0.1.52) to automatically enable support for sha256.

  2. If you're stuck with 0.1.51, you can programatically enable sha256:

    JSch shell = new JSch();
Properties config = new Properties();
config.put("kex", "diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256");
config.put("StrictHostKeyChecking", "no");

Then create your session and set the configuration with:

Session session = ...
session.setConfig(config);

Update: In this case, it turned out not to be a missing algorithm, but a missing cypher. The server only supported the aes256-cbc cypher, which by default is not supported by Oracle's JVM. However, it can be downloaded directly from Oracle.

Ben Damer
  • 996
  • 7
  • 14
  • That is client's sftp server. I can't change. What can I do from my end.? – Nomad May 04 '15 at 17:20
  • Updated my answer to include client-side changes. – Ben Damer May 04 '15 at 17:43
  • I have updated the JSch version, but no improvement, same issue. – Nomad May 04 '15 at 20:36
  • 2
    Can you please post the log output that lists the KEX algoritms? – Ben Damer May 04 '15 at 20:47
  • kex: client: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521. kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521....... – Nomad May 05 '15 at 12:58
  • That is the output for the client (kex: client) - there should be similar log entries for the server (kex: server). Can you post those as well? At this point I suspect your only option is to ask your client to enable additional algorithms in their server config. – Ben Damer May 05 '15 at 14:05
  • Remote version string: SSH-2.0-0 FIPS; Local version string: SSH-2.0-JSCH-0.1.52; CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256; CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521; diffie-hellman-group14-sha1 is not available.; CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521; kex: server: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1; kex: server: ssh-dss,ssh-rsa; – Nomad May 05 '15 at 14:22
  • Please join the chat for this issue so we can discuss further. – Ben Damer May 05 '15 at 17:36
  • With later versions of Camel, use jschLoggingLevel to change JSch logging level instead of calling the static `JSch.setLogger` method. – James Feb 28 '23 at 19:45
0

Use latest the apache-camel version like '1.21.5' or latest

Sin2
  • 413
  • 3
  • 5