IBM Support

IT08800: (SFTP) SSH CLIENT USING SFTP PROTOCOL VERSION4 FAILS

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

Direct links to fixes

3.4.2.0-SterlingSecureProxy-AIX-if0002
3.4.2.0-SterlingSecureProxy-HP-IA-if0002
3.4.2.0-SterlingSecureProxy-Linux-if0002
3.4.2.0-SterlingSecureProxy-SolarisSPARC-if0002
3.4.2.0-SterlingSecureProxy-Windows-if0002
3.4.2.0-SterlingSecureProxy-Linux_s390-if0002
3.4.2.0-SterlingSecureProxy-AIX-if0004
3.4.2.0-SterlingSecureProxy-HP-IA-if0004
3.4.2.0-SterlingSecureProxy-Linux_s390-if0004
3.4.2.0-SterlingSecureProxy-Linux-if0004
3.4.2.0-SterlingSecureProxy-SolarisSPARC-if0004
3.4.2.0-SterlingSecureProxy-Windows-if0004
3.4.2.0-SterlingSecureProxy-AIX-if0005
3.4.2.0-SterlingSecureProxy-HP-IA-if0005
3.4.2.0-SterlingSecureProxy-Linux_s390-if0005
3.4.2.0-SterlingSecureProxy-Linux-if0005
3.4.2.0-SterlingSecureProxy-SolarisSPARC-if0005
3.4.2.0-SterlingSecureProxy-Windows-if0005

 

APAR status

  • Closed as program error.

Error description

  • SFTP Protocol version 4 and higher not working

We have a partner who is not able to upload/download files via
SFTP using WS_FTP.  I've been able to replicate the issue with
WS_FTP and WinSCP.   It appears to be an issue when SFTP
protocol version 4 or higher is used.  I don't get an error
when using version 3.  I have attached logs to show when
version 3 is used and then version 4.  This was using WinSCP
and I have attached the WinSCP client log, SSP adapter and
netmap logs as well as the backend SI server adapter log.  We
are on Version 3.4.2.0, Fix 1, Build 157 on Linux.

We also have Version 3.4.1.8, Fix 4, Build 86 on Linux
installed in another environment and we are not seeing the same
issues with it.

(Note: Informed the user that we only work with version 3 & 4)

Inhouse Test:
Linux
SSP Version: 3.4.2.0, Fix 1, Build 157
WINSCP Client: Change SFTP Protocol = 4
Backend Server: SI SFTP Adapter

Local fix

  •  STRRTC - 463822
RJ/RJ
Circumvention:
Update to latest SSP Build

Problem summary

  • Description of issue:  A customer will notice that it cannot use
 sftp clients that are asking for any sftp version above version
 3. This has manifested as an inability to read the home
directory in many of the clients that we have tested.

Problem conclusion

  • Description of fix: We added code to make sure that an sftp
handshake negotiates to version 3, which allows for ssp to
correctly negotiate the sftp version between the client and
backend server

Temporary fix

  • Description of issue:  A customer will notice that it cannot use
 sftp clients that are asking for any sftp version above version
 3. This has manifested as an inability to read the home
directory in many of the clients that we have tested.

Description of fix: We added code to make sure that an sftp
handshake negotiates to version 3, which allows for ssp to
correctly negotiate the sftp version between the client and
backend server

Comments

  • 



APAR Information




    

  • APAR number
    IT08800
    • 

  • Reported component name
    STR SECURE PROX
    • 

  • Reported component ID
    5725D0300
    • 

  • Reported release
    342
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2015-05-08
    • 

  • Closed date
    2015-05-21
    • 

  • Last modified date
    2015-05-21
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    STR SECURE PROX
    • 

  • Fixed component ID
    5725D0300
    • 



Applicable component levels


    

  • R342  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS6PNW","label":"IBM Sterling Secure Proxy"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"342","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            21 May 2015
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback