Logic App SFTP Trigger Host-Key Support for rsa‑sha2‑256 or rsa‑sha2‑512

Question

Logic App SFTP Trigger Host-Key Support for rsa‑sha2‑256 or rsa‑sha2‑512

Martin Esbensen 40

We have had a request for an enhancement of the Logic Apps SFTP trigger. Currently, the connector uses an older version of the underlying SSH library (SshNet) that supports only RSA keys with SHA‑1 for host-key verification. However, our partner is switching to enforce SFTP servers host keys rsa‑sha2‑256 or rsa‑sha2‑512 due to improved security standards.

Is there an upgrade to the SFTP trigger that supports rsa‑sha2‑256 and rsa‑sha2‑512 on the road map?

BR.

Martin

Accepted answer

1 additional answer

Your answer

Answer 1

Sonny Gillissen 3,596

Hi Martin Esbensen

Thanks for reaching out on Microsoft Q&A!

As I can see in the documentation referred by the link below:

https://learn.microsoft.com/en-us/connectors/sftpwithssh/#authentication-and-permissions

The SSH.NET library version used by Logic Apps should support rsa-sha2-256 and rsa-sha2-512 algorithms:

https://github.com/sshnet/SSH.NET?tab=readme-ov-file#host-key-algorithms

If you still run into issues, or want to open a feature request please contact the PG directly through the link below or contact Azure Support:

https://feedback.azure.com/d365community/forum/cb47c115-7926-ec11-b6e6-000d3a4f032c

Please click ‘Accept answer’ if you think my answer is helpful. Feel free to drop additional queries in the comments below!

Kind regards,

Sonny

Martin Esbensen 40 Reputation points

2025-03-04T08:30:37.5966667+00:00

Hi @Sonny Gillissen ,

Sounds good.

So if our partner turns on enforcement of rsa-sha2-256 or rsa-sha2-512 the trigger just automatically switches to use those?

Because i don't se any way of setting it up in the logic app or API connection
Shireesha Eeraboina 2,825 Reputation points Microsoft External Staff

2025-03-06T04:51:44.0466667+00:00

Hi @Martin Esbensen ,

Just checking in to see if the information above was helpful. If you have any further updates on this issue, please feel free to post them here.
Martin Esbensen 40 Reputation points

2025-03-06T06:46:59.98+00:00

Hi @Shireesha Eeraboina ,

thanks for the clarification. Exactly the answer we were hoping for.

Now we just need to test with our partner.
Calum Sharp 1 Reputation point

2025-05-07T08:56:37.4566667+00:00

Hi @Martin Esbensen ,

Did this work with your partner?

I have just had the same question crop up with one of our partners, so it'd be good to know if getting your partner to enforce SHA2 worked for you.

Thanks in advance

Calum
Martin Esbensen 40 Reputation points

2025-05-07T09:22:34.6633333+00:00

Hi @Calum Sharp ,

So like Shireesha stated, it should work if your partner enforces it. however, our partner will not being enforcing the new host types, but expects us to enforce them from our side. that's a whole new issue, because the trigger doesn't have a setting for this.

The status right now is that, we are waiting on test setup. So we can test this.

Sorry for the non answer. I'll posted if we have any development on this topic.
Calum Sharp 1 Reputation point

2025-05-07T10:27:31.1033333+00:00

Thanks for the update.

I've asked our partner if they can provide a test server with the enforcement too, but they've suggested an alternative option - different public/private keys.

We originally used RSA keys, and they've suggested ECDSA or EdDSA (ed25519) which have only ever been SHA2.

You might want to see if your provider supports either of those key encryption methods, as changing the key feels like a less disruptive option.

I'll update with what happens our side, when there's any news

Answer 2

Hi @Martin Esbensen ,

The SFTP trigger in Logic Apps should automatically use the supported algorithms, including rsa-sha2-256 and rsa-sha2-512, if your partner enforces them on their SFTP server. There is no specific setting in the Logic App or API connection to configure this; it should adapt to the server's requirements.

If you encounter any issues or if the trigger does not work as expected after the enforcement is enabled, please let us know, and we can assist further.

please click Accept Answer and Yes for the provided answer. This will help other community members with similar issues find the solution more easily.

Share via

Logic App SFTP Trigger Host-Key Support for rsa‑sha2‑256 or rsa‑sha2‑512

1 additional answer

Your answer