Setting Encryption Keys for SFTP Upload in Ensemble Production
Hello!
I'm currently trying to setup a SFTP Ensemble production to handle all of my SFTP transactions. It's been going well, but I'm currently running into an issue where it is saying it is unable to exchange encryption keys. Error Below:
Unable to exchange encryption keys [80101005] at Session.cpp:238,0' matched ReplyCodeAction 1 : 'E=R' resulting in Action code R
Any advice on getting around this would be appreciated.
Product version: HealthShare 2017.2
$ZV: Cache for Windows (x86-64) 2017.2.2 (Build 865_3_19668U)
There have been updates to openssh within the last few years that retired older, less secure cypher suites. It's possible that 2017.2 may be old enough to be incompatible with newer versions of the ssh (which sftp relies upon) libraries.
Check with the vendor/customer at the other end of the connection to see if they've made recent changes to their version of ssh.
Thank you Jeffrey! This is most likely the cause since I can manually so a SFTP command enforcing their preferred cipher suite.
With this being said, I'm assuming there is not an option in an Ensemble production to enforce a certain type of cypher suite?
As part of the encryption negotiation process, there's an exchange of supported cypher suites between the client and server. If there's no match, no connection can be established. No need to force a specific cypher site; all available should be presented by the client during connection negotiation.
If upgrading to a current version of HealthShare/Health Connect is not an option, you could script the transfers outside of the production (batch/powershell/Python/Perl script running under Windows' Scheduler or called from ObjectScript in a Scheduled Task via $ZF(-100) ) and then use a File service/operation to pick them up for processing or drop them off for delivery.