1. Using File Server in Oracle Integration 3
  2. Administer File Server
  3. Update the List of Supported Algorithms

Update the List of Supported Algorithms

After you enable a new algorithm to encrypt files in File Server, you must make some quick and easy updates to the known_hosts file. Otherwise, your connection to File Server closes and a warning appears.

Who needs to update the known_hosts file

The warning appears if any of the following statements are true:

  • You've connected to File Server before and then enable an additional algorithm.
  • You've never saved changes on the File Server Settings page before and File Server introduces an algorithm in a functional release.

The warning doesn't appear under any of the following circumstances:

  • An integration uses the FTP adapter to connect to File Server.
  • You enable an additional algorithm and have never connected to File Server before.
  • You enable an additional algorithm but want to continue using your previously selected algorithm.

Warning text and why it occurs

If you remove the algorithm that you previously used, or if you pass an argument for using the new algorithm when connecting to File Server, the connection closes. Additionally, warning text that is similar to the following message appears in your SFTP client. 

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
<fingerprint>.
Please contact your system administrator.
Add correct host key in ~/.ssh/known_hosts to get rid of this message.
Offending RSA key in ~/.ssh/known_hosts:<line_no>
Host key for [<fileserver-ip>]:<fileserver-port> has changed and you have requested strict checking.
Host key verification failed.
Connection closed. 
Connection closed

The warning text appears because your known_hosts file recognizes only the algorithm you previously used to connect to File Server. When you try to connect using a new algorithm, or if the algorithm that you previously used is no longer enabled, File Server appropriately recognizes that the connection attempt could be an attack and prevents you from making the connection.

Why an update is needed

To connect File Server again and keep working, you must update your known_hosts file so that File Server knows that it's safe to transmit files using the new algorithm.

To update the list of supported algorithms and the known_hosts file:

  1. In Oracle Integration, update the algorithms that you support.
    1. In the navigation pane, click Settings, then File Server, then Settings.
      The Settings page is displayed.
    2. Under Security, update algorithm settings as needed.
      For example, click within the Signature Algorithms field, and select one or more additional algorithms. To remove a value, click its x.
    3. Click Save.
  2. Delete the key for the previously supported algorithm from the known_hosts file.
    For example, if you previously used the ssh-rsa algorithm, delete the entry for ssh-rsa, its port, and its signature.
  3. Connect to File Server, and pass the new algorithm as an argument in your connection string.

    For example, use the following connection string if you're using the ssh-ed25519 algorithm.

    sftp -oHostKeyAlgorithms=ssh-ed25519 -oPort=fileserver-port user@fileserver-ip

  4. When your SFTP client asks whether to update the known_hosts file, type yes and press Enter.
You can now continue using File Server as you did before.