Starting version 6.3.0. of CloverDX we replaced the library com.jcraft:jsch with com.github.mwiede:jsch, which resulted in disabling the SSH-rsa algorithm by default. That can impact your connection with SFTP server that is using the SSH-rsa security algorithm.

It is possible to re-enable the algorithm, but it is important to note that SSH-rsa was deprecated due to its use of the SHA-1 hash algorithm. SHA-1 hashing has been deemed insecure, so we advise avoiding using it.

How to enable SSH-rsa via OpenSSH config file

If you're utilizing the OpenSSH client and have configured CloverDX to use the OpenSSH configuration file, you can enable the use of old RSA keys for OpenSSH 8.8+ by adding the following lines to your sshd_config file:

Host *
HostKeyAlgorithms +ssh-rsa

If you want to specify hosts on which you want to enable the SSH-rsa algorithm, replace the asterisk with correct host or IP address.

If you're not utilizing the OpenSSH client, you can still use this solution, do as follows:

1. Create a new file and name it sshd_config.
2. To that file write the following:

   Host *
   HostKeyAlgorithms +ssh-rsa

3. Open CloverDX Designer.
4. Goto Window > Preferences > CloverDX
5. Tick the checkbox “Use OpenSSH config file” and set the path to the sshd_config file you created.

How to enable SSH-rsa via JVM argument

 -Djsch.server_host_key=ssh-rsa

CloverDX Designer

 To re-enable the SSH-rsa protocol in CloverDX Designer it is required to set the following property:

 -Djsch.server_host_key=ssh-rsa

To ensure the accessibility of remote files secured with the SSH-rsa algorithm via the URL dialog window, you need to set this property within the Eclipse settings. These settings are stored in the CloverDXDesigner.ini file.

In OS Windows the default location is:

C:\Program Files\CloverDX Designer

The definition could look like this:


Note that changes in the CloverDXDesigner.ini require a restart to take effect.

The next step is to allow the SSH-rsa protocol for the Runtime. The CloverDX Designer Runtime is a simplified server instance for graph executions in local environments.

We enable this property for the Runtime in the In the VM arguments in Preferences > CloverDX > CloverDX Runtime.

 After saving changes the runtime restart is required.

How to enable SSH-rsa in Server Core and Worker 
To enable ssh-rsa for the Worker you can simply go to the CloverDX Server console.

Choose Configuration > Setup > Worker and put the following property into the JVM Arguments textbox:

-Djsch.server_host_key=ssh-rsa

Restart of the Worker is required.

To enable the SSH-rsa algorithm for the Server Core you need to paste the property into the setenv.bat file (or setenv.sh in Linux) as JAVA_OPTS property and then restart the Tomcat/CloverDX Server.
 
Default location is:

\{TomcatHome}\bin\setenv.bat

The result: 

CloverDX Server/Tomcat as a Service

If you are running CloverDX Server as a Service, you need to set the property in Java Options in Tomcat9 properties.

Find and execute Tomcat9w.exe. 

By default, the location is:
\Apache Software Foundation\Tomcat 9.0\bin\Tomcat9w.exe

Goto Java and add the property in Java Options Text block.