SFTP-SSH managed connector uses incompatible Key exchange algorithm

[eitsoupii]

Describe the Bug

Hello,

We use a logic app with the managed SFTP-SSH connector to pick up files from an external partner's SFTP server. The partner's server is hosted on AWS services and they have until now used this transfer security policy on their server: https://docs.aws.amazon.com/transfer/latest/userguide/security-policies.html#security-policy-transfer-2020-06
Couple of days ago they implemented a new transfer security policy:
https://docs.aws.amazon.com/transfer/latest/userguide/security-policies.html#security-policy-transfer-2022-03
After the new policy was taken into use, the SFTP-SSH connector could no longer connect to the server to retrieve files.

List files in folder action results in the following error:
{ "error": { "code": 502, "source": "logic-apis-westeurope.azure-apim.net", "clientRequestId": "3593d357-67f4-4e90-b655-fc80f5740614", "message": "BadGateway", "innerError": { "status": 502, "message": "An established connection was aborted by the server.\r\nclientRequestId: 3593d357-67f4-4e90-b655-fc80f5740614", "error": { "message": "An established connection was aborted by the server." }, "source": "sftpwithssh-we.azconn-we-002.p.azurewebsites.net" } } }

According to the partner's technical support, the connection failed because the logic app connection used the 'ecdh-sha2-nistp256' SSH key exchange algorithm which is no longer supported on the 2022-03 policy.

However, according to logic app connector documentation https://learn.microsoft.com/en-us/connectors/sftpwithssh/#authentication-and-permissions the connector supports the algorithms listed here:
https://github.com/sshnet/SSH.NET#key-exchange-method include also most of the supported key exchange algorithms listed on the AWS policy.

My question is why did the connection try to use an algorithm that is not supported by the server when a supported algorithm is available? Is the connector documentation inaccurate (eg. connector does not actually support all of the encryption algorithms that SSH.NET supports) or is it a bug?

Plan Type

Consumption

Steps to Reproduce the Bug or Issue

1. Have an SFTP server that implements this AWS transfer security policy: https://docs.aws.amazon.com/transfer/latest/userguide/security-policies.html#security-policy-transfer-2022-03
2. Create a logic app with a recurrence trigger (eg. 5 minutes)
3. Add a 'List files in folder' action from SFTP-SSH connector to poll for files in a folder on the server

Workflow JSON

No response

Screenshots or Videos

No response

Additional context

I am unable to reproduce this in an isolated test environment as the partner implemented the change globally in all entities (test and prod) at once.

Don't know if this is grasping at straws, but I have changed the API connection api version (Microsoft.Web/connections) from 2016-06-01 to 2018-07-01-preview if this might have some effect on what version of the SFTP-SSH connector is used (eg. what version of SSH.NET is used etc.)

AB#27710289

[github-actions]

This issue is stale because it has been open for 45 days with no activity.

[github-actions]

This issue was closed because it has been inactive for 14 days since being marked as stale.