Dears,

we have IBM DataPower IDG 2018.4.1 as SFTP proxy for routing of files from one entry point to several backends.

We use ssh-rsa keys for public key authentication of the SFTP client in the AAA of the SFTP Front Side Handler on the DataPower service (Mutliprotocol Gateway). Everything works fine so far.

But now the client require to use "stronger" keys ecdsa-sha2-nistp256 for authentication. We tried to use them without success:

20211210T100815.425Z [0x80e005d5][ssh][error] source-ssh-server(XXSFTPGatewayFshXXX): SSH Server internal message: 'userauth_pubkey: unknown key type: ecdsa-sha2-nistp256'

What key types are supported for public key SSH authentication on the DataPower?

Best regards,

Jiri

Hi,

I hope this can help:

https://www.ibm.com/docs/en/datapower-gateways/2018.4?topic=profiles-creating-ssh-client

https://www.ibm.com/docs/en/datapower-gateways/2018.4?topic=commands-ciphers

Hi,

thank you. It looks to me, that on the DataPower SSH client side are mentioned keys:

https://www.ibm.com/docs/en/datapower-gateways/2018.4?topic=commands-kex-alg

Are these keys supported on the DataPower SFTP Front Side Handler as well? It is not clear from the documentation.

Anyhow the client require ecdsa-sha2-nistp256 and it is not mentioned there...

Hi,

so you have a SFTP Server front-side handler attached to your MPGW? Just wanted clarify...

--HP

Hi,

yes, we have MultiProtocol GateWay which acts as server and listen on SFTP protocol (SFTP Front Side Handler) and process and route files to the appropriate SFTP backend server. We receive data from SFTP client which use ssh-rsa key. But this client (source system) should use ecdsa-sha2-nistp256 key in the near future. I didn't found which key formats are supported on the SFTP Front Side Handler (server) on DataPower.

Regards,

Jiri

It is my understanding that only RSA keys are currently supported in SFTP server FSH. At least couldn't find any option to use something else from the WebGUI.

--HP