CFFTP secure - servers host key no longer matches cached key

My code regularly connects to a remote server using secure FTP.
However the remote servers owners have changed their secure key, so it no longer matches our cached version.
I can find lots of examples of how to manually accept the new key if connecting via an ftp client.
However, I am only able to access our linux production box via shell.
And I am not sure how to do this via shell access , so that lucee can pick up the changes.
Any help would be really appreciated,
Thank you very much

hmmm, there is a fingerprint attribute, but I think that’s only checked after a connection

can you share the stacktrace when it fails? probably going to be on line 98 or 101

Thanks, here is the stacktrace
StackTrace": "lucee.runtime.exp.NativeException: com.jcraft.jsch.JSchException: Session.connect: java.net.SocketTimeoutException: Read timed out
at lucee.runtime.net.ftp.SFTPClientImpl.handleFail(SFTPClientImpl.java:380)
at lucee.runtime.net.ftp.SFTPClientImpl.connect(SFTPClientImpl.java:114)
at lucee.runtime.net.ftp.FTPWrap.connect(FTPWrap.java:118)
at lucee.runtime.net.ftp.FTPWrap.(FTPWrap.java:61)
at lucee.runtime.net.ftp.FTPPoolImpl._get(FTPPoolImpl.java:83)
at lucee.runtime.net.ftp.FTPPoolImpl.get(FTPPoolImpl.java:38)
at lucee.runtime.tag.Ftp.getClient(Ftp.java:498)
at lucee.runtime.tag.Ftp.actionOpen(Ftp.java:622)
at lucee.runtime.tag.Ftp.doEndTag(Ftp.java:179)
at controllers.system_cfc$cf.udfCall3(/controllers/System.cfc:462)
at controllers.system_cfc$cf.udfCall(/controllers/System.cfc)
at lucee.runtime.type.UDFImpl.implementation(UDFImpl.java:112)
at lucee.runtime.type.UDFImpl._call(UDFImpl.java:350)
at lucee.runtime.type.UDFImpl.callWithNamedValues(UDFImpl.java:213)
at lucee.runtime.type.scope.UndefinedImpl.callWithNamedValues(UndefinedImpl.java:804)
at lucee.runtime.util.VariableUtilImpl.callFunctionWithNamedValues(VariableUtilImpl.java:866)
at lucee.runtime.PageContextImpl.getFunctionWithNamedValues(PageContextImpl.java:1792)
at controllers.tasks.orders_cfm$cf.udfCall1(/controllers/tasks/Orders.cfm:99)
at controllers.tasks.orders_cfm$cf.udfCall(/controllers/tasks/Orders.cfm)
at lucee.runtime.type.UDFImpl.implementation(UDFImpl.java:112)
at lucee.runtime.type.UDFImpl._call(UDFImpl.java:350)
at lucee.runtime.type.UDFImpl.callWithNamedValues(UDFImpl.java:208)
at lucee.runtime.tag.Invoke.doFunction(Invoke.java:222)
at lucee.runtime.tag.Invoke.doEndTag(Invoke.java:194)
at controllers.system_cfc$cf.udfCall1(/controllers/System.cfc:102)
at controllers.system_cfc$cf.udfCall(/controllers/System.cfc)
at lucee.runtime.type.UDFImpl.implementation(UDFImpl.java:112)
at lucee.runtime.type.UDFImpl._call(UDFImpl.java:350)
at lucee.runtime.type.UDFImpl.callWithNamedValues(UDFImpl.java:208)
at lucee.runtime.tag.Invoke.doFunction(Invoke.java:222)
at lucee.runtime.tag.Invoke.doEndTag(Invoke.java:194)
at wheels.global.cfml_cfm$cf.udfCall2(/wheels/global/cfml.cfm:164)
at wheels.global.cfml_cfm$cf.udfCall(/wheels/global/cfml.cfm)
at lucee.runtime.type.UDFImpl.implementation(UDFImpl.java:112)
at lucee.runtime.type.UDFImpl._call(UDFImpl.java:350)
at lucee.runtime.type.UDFImpl.callWithNamedValues(UDFImpl.java:213)
at lucee.runtime.type.scope.UndefinedImpl.callWithNamedValues(UndefinedImpl.java:804)
at lucee.runtime.util.VariableUtilImpl.callFunctionWithNamedValues(VariableUtilImpl.java:866)
at lucee.runtime.PageContextImpl.getFunctionWithNamedValues(PageContextImpl.java:1792)
at wheels.controller.processing_cfm$cf.udfCall(/wheels/controller/processing.cfm:128)
at lucee.runtime.type.UDFImpl.implementation(UDFImpl.java:112)
at lucee.runtime.type.UDFImpl._call(UDFImpl.java:350)
at lucee.runtime.type.UDFImpl.callWithNamedValues(UDFImpl.java:213)
at lucee.runtime.type.scope.UndefinedImpl.callWithNamedValues(UndefinedImpl.java:804)
at lucee.runtime.util.VariableUtilImpl.callFunctionWithNamedValues(VariableUtilImpl.java:866)
at lucee.runtime.PageContextImpl.getFunctionWithNamedValues(PageContextImpl.java:1792)
at wheels.controller.processing_cfm$cf.udfCall(/wheels/controller/processing.cfm:95)
at lucee.runtime.type.UDFImpl.implementation(UDFImpl.java:112)
at lucee.runtime.type.UDFImpl._call(UDFImpl.java:350)
at lucee.runtime.type.UDFImpl.call(UDFImpl.java:223)
at lucee.runtime.ComponentImpl._call(ComponentImpl.java:697)
at lucee.runtime.ComponentImpl._call(ComponentImpl.java:585)
at lucee.runtime.ComponentImpl.call(ComponentImpl.java:1932)
at lucee.runtime.util.VariableUtilImpl.callFunctionWithoutNamedValues(VariableUtilImpl.java:787)
at lucee.runtime.PageContextImpl.getFunction(PageContextImpl.java:1773)
at wheels.dispatch.request_cfm$cf.udfCall1(/wheels/dispatch/request.cfm:198)
at wheels.dispatch.request_cfm$cf.udfCall(/wheels/dispatch/request.cfm)
at lucee.runtime.type.UDFImpl.implementation(UDFImpl.java:112)
at lucee.runtime.type.UDFImpl._call(UDFImpl.java:350)
at lucee.runtime.type.UDFImpl.call(UDFImpl.java:223)
at lucee.runtime.ComponentImpl._call(ComponentImpl.java:697)
at lucee.runtime.ComponentImpl._call(ComponentImpl.java:585)
at lucee.runtime.ComponentImpl.call(ComponentImpl.java:1932)
at lucee.runtime.util.VariableUtilImpl.callFunctionWithoutNamedValues(VariableUtilImpl.java:787)
at lucee.runtime.PageContextImpl.getFunction(PageContextImpl.java:1773)
at wheels.index_cfm$cf.call(/wheels/index.cfm:1)
at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:1054)
at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:946)
at lucee.runtime.PageContextImpl.doInclude(PageContextImpl.java:927)
at rewrite_cfm$cf.call(/rewrite.cfm:1)
at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:1054)
at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:946)
at lucee.runtime.PageContextImpl.doInclude(PageContextImpl.java:927)
at wheels.events.onrequest_cfm$cf.udfCall(/wheels/events/onrequest.cfm:1)
at lucee.runtime.type.UDFImpl.implementation(UDFImpl.java:112)
at lucee.runtime.type.UDFImpl._call(UDFImpl.java:350)
at lucee.runtime.type.UDFImpl.call(UDFImpl.java:223)
at lucee.runtime.ComponentImpl._call(ComponentImpl.java:697)
at lucee.runtime.ComponentImpl._call(ComponentImpl.java:585)
at lucee.runtime.ComponentImpl.call(ComponentImpl.java:1932)
at lucee.runtime.listener.ModernAppListener.call(ModernAppListener.java:444)
at lucee.runtime.listener.ModernAppListener._onRequest(ModernAppListener.java:218)
at lucee.runtime.listener.MixedAppListener.onRequest(MixedAppListener.java:44)
at lucee.runtime.PageContextImpl.execute(PageContextImpl.java:2490)
at lucee.runtime.PageContextImpl._execute(PageContextImpl.java:2476)
at lucee.runtime.PageContextImpl.executeCFML(PageContextImpl.java:2447)
at lucee.runtime.engine.Request.exe(Request.java:45)
at lucee.runtime.engine.CFMLEngineImpl._service(CFMLEngineImpl.java:1198)
at lucee.runtime.engine.CFMLEngineImpl.serviceCFML(CFMLEngineImpl.java:1144)
at lucee.loader.engine.CFMLEngineWrapper.serviceCFML(CFMLEngineWrapper.java:97)
at lucee.loader.servlet.CFMLServlet.service(CFMLServlet.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:764)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at jdk.internal.reflect.GeneratedMethodAccessor65.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at com.intergral.fusionreactor.j2ee.filterchain.WrappedFilterChain.doFilter(WrappedFilterChain.java:134)
at com.intergral.fusionreactor.j2ee.filter.FusionReactorRequestHandler.doNext(FusionReactorRequestHandler.java:772)
at com.intergral.fusionreactor.j2ee.filter.FusionReactorRequestHandler.doHttpServletRequest(FusionReactorRequestHandler.java:344)
at com.intergral.fusionreactor.j2ee.filter.FusionReactorRequestHandler.doFusionRequest(FusionReactorRequestHandler.java:207)
at com.intergral.fusionreactor.j2ee.filter.FusionReactorRequestHandler.handle(FusionReactorRequestHandler.java:809)
at com.intergral.fusionreactor.j2ee.filter.FusionReactorCoreFilter.doFilter(FusionReactorCoreFilter.java:36)
at jdk.internal.reflect.GeneratedMethodAccessor53.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at com.intergral.fusionreactor.j2ee.filterchain.WrappedFilterChain.doFilter(WrappedFilterChain.java:71)
at jdk.internal.reflect.GeneratedMethodAccessor52.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at com.intergral.fusionreactor.agent.filter.FusionReactorStaticFilter.doFilter(FusionReactorStaticFilter.java:54)
at com.intergral.fusionreactor.agent.pointcuts.NewFilterChainPointCut$1.invoke(NewFilterChainPointCut.java:42)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:769)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:890)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1789)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.io.IOException: com.jcraft.jsch.JSchException: Session.connect: java.net.SocketTimeoutException: Read timed out
… 134 more
Caused by: com.jcraft.jsch.JSchException: Session.connect: java.net.SocketTimeoutException: Read timed out
at com.jcraft.jsch.Session.connect(Session.java:565)
at com.jcraft.jsch.Session.connect(Session.java:183)
at lucee.runtime.net.ftp.SFTPClientImpl.connect(SFTPClientImpl.java:98)
… 132 more

Lucee is using the jsch library JSch - Java Secure Channel to handle this

Which version of lucee are u using? 5.3.10 still bundles an older version of jsch 0.1.55

Firstly, I’m wondering, does the private key cache survive a Lucee restart? Can you manually ssh into the remote server from your server, : Session.connect: java.net.SocketTimeoutException: Read timed out could be different problem, or just a confusing error message

Lucee 6.0 is using an updated fork for jsh, 0.2.7

If the restart doesn’t solve the problem, could you try connecting with this express version of 6, as the remote server maybe be using a newer protocol which the older version doesn’t support

https://cdn.lucee.org/lucee-express-6.0.0.339-SNAPSHOT.zip (pre-beta, don’t use in production)

you can also work directly via java with jsch, this for example dumps out the known hosts

<cfscript>
 jsch = createObject("java","com.jcraft.jsch.JSch");
 dump( jsch.getHostKeyRepository().getHostKey() );
</cfscript>
1 Like

Thank you very much, I will look into this.

any luck?

thank you very much for your help and suggestions with this.
In the end, the people we were trying to FTP to found that it was a patch at their end that was causing the certificate prompt. And they were able to apply another patch to rectify the problem for us.
This means we never really got to the bottom of things at our end.
But their patch has fixed the immediate problem.

1 Like