In the process I discovered that the chilkat libraries included in InDe (at least as of InDe 18.0 r5) are from 2012. As such they are not able to communicate with OpenSSH greater than 6.9 without some configuration changes due to older keys/ciphers being disabled by default on OpenSSH 7.0 and higher.
The changes I had to add to the sshd_config on the OpenSSH server ( put this at the bottom of the sshd_config file):
- Code: Select all
#Legacy changes
KexAlgorithms +diffie-hellman-group1-sha1
Ciphers +aes128-cbc
PubkeyAcceptedKeyTypes=+ssh-dss
The key I created for the public/private pair had to be DSA, and not the newer RSA.
References:
https://www.openssh.com/legacy.html
https://superuser.com/questions/1016989/ssh-dsa-keys-no-longer-work-for-password-less-authentication
http://www.openssh.com/txt/release-7.0
https://unix.stackexchange.com/questions/340844/how-to-enable-diffie-hellman-group1-sha1-key-exchange-on-debian-8-0
Also, in the InDe documentation, it mentions using the absolute path for the public key. It should read the absolute path for the private key. An example is:
- Code: Select all
this.IDSftp.useSSH = true
this.IDSftp.SSHKey = "C:\\mykeys\\id_dsa"
where id_dsa is the private key. The public key is on the target machine with which the InDe application is communicating. Be sure the private key is readable by the account/user that your InDe application is running under. On Linux this might be the tomcat user; on Windows/IIS the account the Application Pool runs under.
Fortunately I had control over the server side. I will log an improvement request and reference this thread in the hopes of getting the chilkat libraries updated to a more recent version which will support the newer, more secure ssh keys/ciphers.
...jack
