Skip to Main Content
Forums

Integration

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Can't make SFTP connection after moving remote server from AIX to Windows

686463Feb 20 2009 — edited Feb 24 2009
We are urgently trying to deploy a BPEL process (10.1.3.3) to a production environment.
In a test environment, the BPEL process used the FtpAdapter with useSftp=true (i.e. over SSH) to a remote AIX server.
Our FtpAdapter connection factory was configured as per the documentation at:
http://download.oracle.com/docs/cd/E11036_01/integrate.1013/b28994/adptr_file.htm#CACDFFFB
Specifically, our oc4j-ra.xml sftp related settings for the FtpAdapter connection factory were the defaults for sftp:
useSftp=true
authenticationType=password
preferredKeyExchangeAlgorithm=diffie-hellman-group1-sha1
preferredCompressionAlgorithm=none
preferredDataIntegrityAlgorithm=hmac-md5
preferredPKIAlgorithm=ssh-rsa
privateKeyFile=<blank>
preferredCipherSuite=blowfish-cbc
transportProvider=socket

The pre-production remote server is AIX, and in the production environment it is MS Windows Server.
So we changed the serverType from "unix" to "win", and tried both "/" and "\" for ftpPathSeparator and ftpAbsolutePathBegin

There is a firewall in the production environment, but port 22 is open for the application server as an ssh client.
The sftp commandline client can connect from the appserver with the appropriate host, port, username and password.

After changing the connection factory host, port, username and password, the FtpAdapter is no longer able to connect.

Has anyone managed to get the FTPAdapter to connect to a Windows server over SSH, and if so, what oc4j-ra.xml settings did you use?

The domain log shows:
======================
<2009-02-20 17:25:39,730> <INFO> <default.collaxa.cube.ws> <AdapterFramework::Outbound> file:/u003/app/applmgr/DGSASD2/BPEL/bpel/domains/default/tmp/.bpel_IDBSendStock_1.0_15e5fe55aa5e114febbad6edbb64c068.tmp/ftpWriteStockFile.wsdl [ Put_ptt::Put(INVENTORY_REPORT) ] - Using JCA Connection Pool - max size = <unbounded>
<2009-02-20 17:25:40,159> <INFO> <default.collaxa.cube.activation> <FTP Adapter::Inbound> Successful in setting up the SFTP connection
<2009-02-20 17:25:40,159> <INFO> <default.collaxa.cube.activation> <FTP Adapter::Inbound> Connection Created
<2009-02-20 17:25:40,159> <INFO> <default.collaxa.cube.activation> <FTP Adapter::Inbound> FTPInteraction Created
*<2009-02-20 17:25:40,556> <WARN> <default.collaxa.cube.activation> <FTP Adapter::Inbound> SFTPChannel is null*
*<2009-02-20 17:25:40,556> <ERROR> <default.collaxa.cube.ws> <AdapterFramework::Outbound> file:/u003/app/applmgr/DGSASD2/BPEL/bpel/domains/default/tmp/.bpel_IDBSendStock_1.0_15e5fe55aa5e114febbad6edbb64c068.tmp/ftpWriteStockFile.wsdl [ Put_ptt::Put(INVENTORY_REPORT) ] - Could not invoke operation 'Put' against the 'FTP Adapter' due to:*
ORABPEL-11445
The SSH API threw an exception.
*The SSH API threw an exception. [Caused by: The channel unexpectedly terminated]*
Check the error stack and fix the cause of the error. Contact oracle support if error is not fixable.
======================
The full connection factory definition is:
<connector-factory location="eis/Ftp/IDBFtpAdapter" connector-name="FtpAdapter">
<config-property name="host" value="10.X.X.X"/>
<config-property name="port" value="22"/>
<config-property name="username" value="ibmssh"/>
<config-property name="password" value="XXXXX"/>
<config-property name="ftpAbsolutePathBegin" value="/"/>
<config-property name="ftpPathSeparator" value="/"/>
<config-property name="changeDirectory" value="false"/>
<config-property name="enforceFileTypeFromSpec" value="false"/>
<config-property name="keepConnections" value="true"/>
<config-property name="serverType" value="win"/>
<config-property name="serverLocaleLanguage" value=""/>
<config-property name="serverLocaleCountry" value=""/>
<config-property name="serverLocaleVariant" value=""/>
<config-property name="serverEncoding" value=""/>
<config-property name="useFtps" value="false"/>
<config-property name="useImplicitSSL" value="false"/>
<config-property name="walletLocation" value=""/>
<config-property name="walletPassword" value=""/>
<config-property name="channelMask" value="both"/>
<config-property name="securePort" value="990"/>
<config-property name="keyStoreProviderName" value="oracle.security.pki.OraclePKIProvider"/>
<config-property name="keystoreType" value="PKCS12"/>
<config-property name="keystoreAlgorithm" value="OracleX509"/>
<config-property name="enableCipherSuits" value=""/>
<config-property name="pkiProvider" value="OraclePKI"/>
<config-property name="jsseProvider" value="OracleJSSE"/>
<config-property name="proxyHost" value=""/>
<config-property name="proxyPort" value=""/>
<config-property name="proxyUsername" value=""/>
<config-property name="proxyPassword" value=""/>
<config-property name="proxyType" value=""/>
<config-property name="proxyDefinitionFile" value=""/>
<config-property name="useProxy" value="false"/>
<config-property name="useSftp" value="true"/>
<config-property name="authenticationType" value="password"/>
<config-property name="preferredKeyExchangeAlgorithm" value="diffie-hellman-group1-sha1"/>
<config-property name="preferredCompressionAlgorithm" value="none"/>
<config-property name="preferredDataIntegrityAlgorithm" value="hmac-md5"/>
<config-property name="preferredPKIAlgorithm" value="ssh-rsa"/>
<config-property name="privateKeyFile" value=""/>
<config-property name="preferredCipherSuite" value="blowfish-cbc"/>
<config-property name="transportProvider" value="socket"/>
<connection-pooling use="none">
</connection-pooling>
<security-config use="none">
</security-config>
<connectionfactory-interface>javax.resource.cci.ConnectionFactory</connectionfactory-interface>
</connector-factory>


For information, although one is AIX and the other Windows, the ssh -v diagnostics shown below seem similar.
=======TEST========================================
applmgr@wi1xr104:>ssh -v -l rhibbert xxx.yyy.com
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
ssh: xxx.yyy.com: Name or service not known
applmgr@wi1xr104:>ssh -v -l rhibbert wi1ua180.corio.com
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to wi1ua180.corio.com [170.X.X.X] port 22.
debug1: Connection established.
debug1: identity file /home/applmgr/.ssh/identity type -1
debug1: identity file /home/applmgr/.ssh/id_rsa type -1
debug1: identity file /home/applmgr/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.0
debug1: match: OpenSSH_5.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'wi1ua180.corio.com' is known and matches the RSA host key.
debug1: Found key in /home/applmgr/.ssh/known_hosts:4
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/applmgr/.ssh/identity
debug1: Trying private key: /home/applmgr/.ssh/id_rsa
debug1: Trying private key: /home/applmgr/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
rhibbert@xxx.yyy.com's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
Last unsuccessful login: Fri Feb 20 13:53:49 2009 on ssh from 170.X.X.X
Last login: Fri Feb 20 14:10:48 2009 on ssh from xxx.yyy.com


=======PRODUCTION==================================
applmgr@wi1xr104:>ssh -v -l ibmssh 10.X.X.X
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 10.X.X.X [10.X.X.X] port 22.
debug1: Connection established.
debug1: identity file /home/applmgr/.ssh/identity type -1
debug1: identity file /home/applmgr/.ssh/id_rsa type -1
debug1: identity file /home/applmgr/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.8.1p1
debug1: match: OpenSSH_3.8.1p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '10.X.X.X' is known and matches the RSA host key.
debug1: Found key in /home/applmgr/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
****USAGE WARNING****
<...removed for brevity...>

debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/applmgr/.ssh/identity
debug1: Trying private key: /home/applmgr/.ssh/id_rsa
debug1: Trying private key: /home/applmgr/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
ibmssh@10.X.X.X's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

===================================================

Edited by: user806224 on 20-Feb-2009 11:16

Edited by: user806224 on 20-Feb-2009 11:21
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Mar 24 2009
Added on Feb 20 2009
#bpel, #soa-process-management
4 comments
1,019 views