Changing the remote port for SFTP

Question

Hello,
i had just downloaded your edtftpj/pro trial version and trying to use in my code.
In my code, i want to change remote port from 22 to 49222.
But when ever i tried to connect using the SSHFTPClient with host validation enabled,
i am getting following error :
com.enterprisedt.net.j2ssh.transport.kex.KeyExchangeException: The host signature is invalid or the host key was not accepted! 16:27:29,085 ERROR [STDERR]     at com.enterprisedt.net.j2ssh.transport.TransportProtocolClient.performKeyExchange(TransportProtocolClient.java:429) 16:27:29,088 ERROR [STDERR]     at com.enterprisedt.net.j2ssh.transport.TransportProtocolCommon.beginKeyExchange(TransportProtocolCommon.java:724) 16:27:29,091 ERROR [STDERR]     at com.enterprisedt.net.j2ssh.transport.TransportProtocolCommon.a(TransportProtocolCommon.java:1293) 16:27:29,093 ERROR [STDERR]     at com.enterprisedt.net.j2ssh.transport.TransportProtocolCommon.startBinaryPacketProtocol(TransportProtocolCommon.java:1031) 16:27:29,095 ERROR [STDERR]     at com.enterprisedt.net.j2ssh.transport.TransportProtocolCommon.run(TransportProtocolCommon.java:425) 16:27:29,097 ERROR [STDERR]     at java.lang.Thread.run(Thread.java:619)

But when ever i tried connecting the same machine with default port # 22, it connects without any error
So is there any thing else i should do to make the changes effective. Also note that in known_host file entry is present
for this machine. And i did try even after removing the known_host and creating new entry

My organization is considering purchasing this library but for that we need these tests to be successful.

Answer 1

Hi

It's likely that two different servers are accepting connections from the two ports. Either that or it's two differently configured sites on the same server. I recommend checking the server logs or asking the server administrators to do so.

- Hans (EnterpriseDT)

Answer 2

Hi Hans,
Sorry i forgot to tell you one thing that when i tried sftp command using command prompt at
49222 port, it connected.

Reply to your post:
I got that checked earlier itself,
Both 22 and 49222 ports were open for SSH on the server machine.
So where ever i had tested the code, had both these ports open.
Connection mechanism was only using your library's connect method
of sshftpclient. Remote port was hard coded to 49222.

Second test i did to i disabled default port #22 on one of servers and only 49222 was open for SSH.
Still it din't work.

Answer 3

Actually I just realized that it's the client that's rejecting the server rather than the server rejecting the client. This means that my first reply is incorrect. The client is rejecting the server because it doesn't recognize its public key. Command-line ssh is probably working because it already knows the public key of the server from previous connections (they're stored in the known_hosts file).

To fix this you need to let SSHFTPClient know what it should expect the server's public key (i.e. the host key) to be. Please have a look here for information about how you can use a known_hosts file to do this.

- Hans (EnterpriseDT)

Answer 4

Hi,
Before connecting using command prompt, i deleted known_hosts file of client machine.
I was still able to connect using command prompt because it automatically created an entry into known_hosts.
After connecting to this machine using command prompt, there is an entry present into known_hosts file.
I don't change this entry at all and try to connect using sshftpclient but it fails for 49222
but not for 22 ( Both tests done using different different code bundles so there should be no confusion ) .
I just don't understand that why only changing remote part in my code is throwing this exception though connection is successfully established using the same port on command prompt

In my code, if i don't get an entry into known_hosts file i am using lftp command to insert an entry into this file.
Here is little code

        SSHFTPClient ftp = new SSHFTPClient();
         ftp.setRemoteHost(ftpServerIp);
         ftp.setRemotePort(49222);
         String filePath=homeDir+".ssh"+File.separator+"known_hosts";
         ftp.getValidator().loadKnownHosts(filePath);
         ftp.setAuthentication(ftpServerUser, ftpServerPassword);
         
         try 
         {
            System.out.println("trying to connect using port-"+ftp.getRemotePort() +", and hostname-"+ftp.getRemoteHost());
            ftp.connect();            
            
         }catch (Exception e)
         {

            System.out.println("Going to create a new entry into knownhost file");
            String command = "lftp -e 'set net:max-retries 1; set net:timeout 5; cd ;quit' -p 49222 -u "+ftpServerUser+","+ftpServerPassword+" sftp://"+ftpServerIp;
            runLinuxCommand(command);
            Thread.sleep(5000);
            
            ftp.getValidator().loadKnownHosts(filePath);
            ftp.connect();
         }

Answer 5

The port number can also be used in known_hosts. Open a support ticket here and send us your known_hosts file.

Answer 6

I got the reason.
I was using two different redhat machines where different versions of ssh were configured.
on Red hat 6+, port number is also inserted along with hostname into known_host file
<hostname:portnumber> <alg> <key> ..

On Red hat 5.4, there was no port inserted into this known_hosts file with hostname.

So its working on redhat 6+ machines

Answer 7

Excellent. Thanks for letting us know.

- Hans (EnterpriseDT)