技术问题分析(9.29)
source link: http://blog.sina.com.cn/s/blog_493a84550102xw2l.html?amp%3Butm_medium=referral
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
MFTException MFT-5031_Error occurred while reading metadata of file
cause=oracle.tip.adapter.sa.impl.fw.ext.org.collaxa.thirdparty.apache.wsif.WSIFException: file://wsdl/FileListing_ptt.wsdl [ FileListing_ptt::FileListing(part,part) ] - WSIF JCA Execute of operation 'FileListing' failed due to: JCA Binding Component connection issue.
Error in establishing a session with SSH Server.. Unable to establish a session with the server. Please ensure hostname and port specified to login to the server are correct. ; nested exception is: BINDING.JCA-12511 JCA Binding Component connection issue. JCA Binding Component is unable to create an outbound JCA (CCI) connection. file://wsdl/FileListing_ptt.wsdl [ FileListing_ptt::FileListing(part,part) ]
对于MFT 5031的错误,实际上只搜到很少的文章,另外一篇文章说法也是关于公钥认证的。
https://khassoablog.wordpress.com/category/mft/
对于这篇文章也提到,需要将公钥信息进行导入,具体如下:
1. Check if the SSH keystore password is correct or not by logging in MFT-Administartion-Keystores
Update SSH-Keystore password with correct password.
2. Import the SFTP Remote server Public key to oracle MFT server.
Steps to import the public key in to oracle MFT server.
[testuser@mftserver]$ cd /u01/oracle/SOAInstall/mft/common/bin
[testuser@mftserver]$ ./wlst.sh
wls:/fmw_domain/serverConfig> importCSFKey(‘SSH’, ‘PUBLIC’, ‘MFT_PUB’, ‘/home/oracle/.ssh/authorized_keys’)
CSF key imported successfully.
wls:/ fmw_domain /serverConfig> listCSFKeyAliases(‘SSH’, ‘PUBLIC’)
‘MFT_PUB’, Format X.509, RSA
wls:/ fmw_domain /serverConfig> exit()
Exiting WebLogic Scripting Tool.
对于该操作在尝试前,重新检查了下公钥信息,发现传输正常的两个环境的公钥信息本身有差异,一个时候SHA2 256位的公钥,而另外一个环境则是384位的公钥。即两个环境公钥信息不一致。
最后先尝试对公钥信息的位数进行修改,在修改回256位后问题解决。
即该问题本质仍然是SSH的密码在加密后加密算法位数不一致。在测试环境存储的256位能够传输正常,但是在正式环境384位的导致出错。暂时还不清楚是否是MFT本身不支持384位的公钥,还是对于384的公钥本身没有进行刷新导致。
初步判断还是MFT本身不支持384位的公钥导致了该问题。
问题解决后再次来看异常信息提示,发现提示还是很清楚,即首先是建立SSH Conectin发生错误,而这个错误本身就只能是两个原因,一个就是网络本身有问题,一个就是用户名或密码有问题。而我们在尝试命令行sftp登录的时候,不存在密码还要进行加密的问题,因此命令行能够登录正常。
但是在MFT配置中,配置的密码都是经过加密后的密码,因此对于加密后的密码登录的时候,由于公钥的位数问题导致了加密和解密后的密码不一致,即MFT本身通过JCA FTP Adapter无法正常登录。
大家可以再参考下Oracle的官方文档:
https://docs.oracle.com/middleware/1221/mft/mft-user-guide/GUID-8ACC7C8B-6251-4B13-A811-DFDE3BB60D89.htm#MFTUG453
但是这篇文章提到,SFTP进行配置的时候对于ECDSA Key本身是支持384位的,但是对于JCA Adapter的配置没有看到有384位的支持。
对于JCA Adapter相关的加密支持如下:
- Data Integrity Algorithm:Hmac-sha1, Hmac-sha256, [email protected]
- Key Exchange Algorithm:Diffie-hellman-group14-sha1
- Cipher Suite:3Des, Aes128, Aes192, Aes256
- PKI Algorithm:3Des, Aes128, Aes192, Aes256
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK