jeffpahf ✭✭✭✭✭

So, likely adding the Allow will solve = good luck Q: Why is this happening; A: the server is waiting for the client to finish their message with CrLf (char(13,char(10)) as AIX environments are self trimming there was no need to Carriage return, a single char(10) Line Feed logically completed the message, so the client is…

Not sure if this topic/thread is eggactly your issue(s), but in the daily log you may see the client software listed with version number; this was my only clue and at the client side (2) there was only a generic something bad happened message. So, IF the log(s) show JSCH (see above for verion(s), for example WinSCP is…

PCRonin, um, which "issue" there are a few in this thread... Original issue that you're replying to has solution (Q&A) adding a per-user setting described in the A. <click> Q: Is the setting <name?> noted in documentation/guides? A: SFTP connection not established for legacy Java clients (solarwinds.com) If you mean the…

Q: Is the setting <name?> noted in documentation/guides? A: SFTP connection not established for legacy Java clients (solarwinds.com)

Not a word in the release notes, so Do we call Support to ask about this topic issue with RFC 4 & 5?

As noted above, the GW log is like the regular DMZ log with the Client IP

Um, not sure what is being asked... from the GW Where 207.87 is IP of connected system, and 125.238 is the GW The logs look similar from either, GW or not 11461 [02] Thu 23Feb23 23:13:02 - (003446) Connected to 207.87.241.39 (local address 125.238.52.122, port 22) 11462 [03] Thu 23Feb23 23:13:02 - (003446) IP-Name:…

MGEBAUER, respectfully, It's SW language & phrasing; which would be better if they said they made a mistake. Then said they're sorry to have taken up so much of their clients resources for a problem entirely created by SW, and was an is an unnecessary officious interpretation of the RFC. And worse is their introduction of…

All, I really can't get over SW position that the RFC must be followed literally, because in the very same paragraph 4x, there is reference to see item 5x which specifies optional backward compatibility guidelines. To me their position and response is, defensive, disingenuous, and not professional. (period)

GSAdmin, Just so you know the issue likely will adversely affect any client that isn't fully RFC 4x compliant, but also note that the same RFC directs us to item 5x which outlines option for software vendors (SW) to allow for backward compatibility. A few of us have suggested that SW add a site level setting to allow for a…

Nice

No. And based on the version of Actian w/the legacy JSCH lib that the client app we drive, hosted in the cloud, to send edi files to our mFT as the issue in this topic is not likely what you're experiencing. My suggestion is to ask, Was it ever working? When did it stop? Or, what conditions/clients have difficulty? And…

All, just a reminder that it appears, any client based on Unix type environment where strings are self-trimming and only need a char(10) \n new line, Will be impacted. The RFC indicates CR+LF (chars 13+10) characters, but in same paragraph describes how at the discretion of the developer may support legacy clients and…

Friday, Buddy Drop Hot Fix appears to have worked, a few clients have taken their personal time to Test and/or Follow-up over the weekend. I was able to test one client immediately after the HF and heard that our SAP HR reports were again flowing. I take objection to SW saying the following "... For the transition period,…

the problme(s) is that the JSCH lib is likely part of larger software packages that manage business transactions adding FTP client functionality, and for some, will not be trivial to up the larger software packages. This is further reinforced by the cited RFC addressing backward compatibility; and perhaps advanced notice…

Step 1. Documentation - 34 Days after the Release SFTP connection not established for legacy Java clients (solarwinds.com) Sorry, too much joy citing this... RFC 4253 SSH Transport Layer Protocol January 2006 4.2 ... Implementers who wish to maintain compatibility with older, undocumented versions of this protocol may want…

Yes it is. My reason(s) are that both that SW Dev should not have made this change undocumented, and their citing of RFC 4.2, with a strict interpretation as w/CrLf (13,10), the very same 4.2 paragraph includes reference to 5x that outlines support for legacy clients w/a single char(10) line feed Lf, So, again Yes Hot Fix

Calc, et al; So, this seems very similar to what you (calc) & Markus (maeh) & perhaps others are saying are the steps to revert... I have original files saved from just weeks ago prior version, which I "think" this article says to use. How to roll back to a previous version after a Serv-U upgrade (solarwinds.com) My…

Yes, if you have the energy.. please a new thread.. and ha, eggactly, a very small new thread, w/link to this mess, and very clearly stating the issue is functionally at the client app, BUT that SW dropped the ball by not notifying prior and also not providing ahead of time, a method and/or work-around. Which would include…

Yes, but You & I agreed that off-topic was okay. But now the original thread will be of little use to anyone wanting to know how to clear a blocked user, and the off-topic "really" needs it's own thread, this is an organic mess, I blame Me.

VisIX & calc2014, OMGosh, it's as if you heard me barking at the SW Tech... I'm a programmer & implementation specialist (but haven't done a SU project), so back-ward compatibility is always #1 especially when correcting compliance to an RFC, give us at least 1 version of hybrid w/a switch or added command/rule per SU…

Markus, thanks... re: roll-back - I hear you, but personally I don't know exactly what the Serv-U files saved off per instructions impact in the application and don't trust the SW to clearly guide us through the process. re: security, I need to get w/my security team as to their/our best practices for generating & storing…

Well, this is Not Our Problem, no diagnostics* needed this is a SW Problem.... *Diagnostics, stringing me along since Jan 2, requesting logs for a problem they were well aware of = colossal waste of time & efforts re: Hot Fix - If SW opinion that SU is "now" RFC compliant, then how can they release a "non-RFC-compliant"…

hope this helps... thwack.solarwinds.com/.../307082

Do you have any way to check if the suspected CR missing the CRLF is the cause? RFC rfc4253#section-4.2 And, that doesn't let SW off the hook, if this is the cause, Fair, but they should have included this a warning w/SR Docs

There's ticket from Jan 2... SW tech road map, 1. blame client, 2. roll-back, 3. blame client, 4. cite RFC, 5. We'll check & get back to you...

I noticed a pattern w/SW of first blaming the client software, w/out knowing what the error is; namely not reviewing the logs attached to the original ticket, these really tell the story. 02 Jan 2023 03:46 PM -0800Author: Jeffry Proctor [jeffry.proctor@ahf.org] Recipient: Customer Service Since the client is being logged…

We ran a few tests with the JSCH-0.1.53 as that client is also our/a vendor by switching to the domain with the RSA, and same result; which adds more weight to saying it's the client side. The user was setup in the alternate domain (only a few user/clients connect here) and added a 2023 & Test RSA key/fingerprints and…

So, we've strolled off topic, but no worries from me... At the client side there are two log files, this one that suggests checking user name & password, but the login never actually occurs 1) ...java.net.ConnectException: A remote host refused an attempted connect operation. 2) ...Session.connect: java.io.IOException: End…

first off, I hope you're in Monday TZ, it's 11:37 pm Sunday for me, programming to get back on track after spending time on SU last week... Yeah, the RSA key is a change management process, email blast to our known user email; getting to business folks at our partners is easy getting to the correct tech to notify them to…