Problem

Consider the following configuration/scenario:
- Gateway SFTP server uses a RSA private key
- Gateway SFTP server has a SSH profile with both algorithms selected: RSA and DSS
- SFTP partner (TIBCO) provides 2 public keys to Gateway to choose from: 1 DSS key and 1 RSA key (in this order)
=> The above scenario fails with error

SECS127E 26.11.2013 12:23:12 Server(3275) Selected private key SRV_PRV has an algorithm identifier (ssh-rsa) that is not compatible with the one requested (ssh-dss), check configuration

Resolution

Explanation:

The handshake fails because the first key received from the partner is the DSS one.
Consequently, while making the decision to choose the algorithm, Gateway chooses the DSS algorithm (because it is checked).
On the next step, however, the selected algorithm (DSS) does not match anymore with the Gateway private key which is of type RSA.

Solution:

In the current Gateway versions (6.14.1, 6.13.1) the solution would be to adjust the configuration:
1. Modify the Security Profile and check ONLY the algorithm corresponding to the Gateway's private key. In this case: RSA

This specific behavior is under analysis for improvement in a future version (6.15.0 SP1)