Just experienced the same issue and setting the preferred algorithm doesn't help

0 votes
asked Jan 23 by zenny6377 (170 points)

I tried RSA, DSS and Any as possible settings for the preferred algorithm with no success, here is the stack trace. The problem appeared suddenly when connecting to a client's SFTP site so I suspect it was working yesterday. Are there any other ways to troubleshoot this?

2018-01-23 09:58:13.114 Opening log file.
2018-01-23 09:58:13.114 Using FileLogWriter version 2.0.5555.0.
2018-01-23 09:58:13.130 INFO Sftp(1)[1] Info: Connecting to ftp.indexes.nasdaqomx.com:22 using Sftp 3.0.5555.0.
2018-01-23 09:58:13.270 DEBUG Sftp(1)[1] SSH: Server is 'SSH-2.0-CrushFTPSSHD'.
2018-01-23 09:58:13.286 INFO Sftp(1)[1] SSH: Negotiation started.
2018-01-23 09:58:13.380 DEBUG Sftp(1)[1] SSH: Group exchange.
2018-01-23 09:58:13.427 DEBUG Sftp(1)[1] SSH: Negotiating key.
2018-01-23 09:58:13.614 DEBUG Sftp(1)[1] SSH: Validating signature.
2018-01-23 09:58:13.661 DEBUG Sftp(1)[1] SSH: Negotiation failed: Rebex.Net.SshException: Key exchange failed. Server signature is not valid. ---> Rebex.Net.SshException: Server signature is not valid.
at Rebex.Net.UX.I(Byte[] A, Byte[] B, Byte[] C, SshPublicKey& D)
at Rebex.Net.VX.D(SshSession A, Byte[] B, Byte[] C, Byte[] D, Byte[] E, Byte[]& H, Byte[]& I, SshPublicKey& J)
at Rebex.Net.SshSession.IS(Byte[] A)
--- End of inner exception stack trace ---

Applies to: Rebex SFTP
commented Jan 23 by zenny6377 (170 points)
update: I updated my version of rebex to the latest one, here is the stack trace (which is now a bit different):

2018-01-23 10:18:33.924 Opening log file.
2018-01-23 10:18:33.924 INFO FileLogWriter(1)[1] Info: Assembly: Rebex.Common 2017 R6.3 for .NET 2.0-3.5
2018-01-23 10:18:33.924 INFO FileLogWriter(1)[1] Info: Platform: Windows 6.2.9200 64-bit; CLR: 2.0.50727.8762
2018-01-23 10:18:33.924 DEBUG FileLogWriter(1)[1] Info: Culture: en; Windows-1252
2018-01-23 10:18:34.018 INFO Sftp(1)[1] Info: Connecting to ftp.indexes.nasdaqomx.com:22 using Sftp.
2018-01-23 10:18:34.018 INFO Sftp(1)[1] Info: Assembly: Rebex.Sftp 2017 R6.3 for .NET 2.0-3.5 (Trial)
2018-01-23 10:18:34.018 INFO Sftp(1)[1] Info: Platform: Windows 6.2.9200 64-bit; CLR: 2.0.50727.8762
2018-01-23 10:18:34.018 DEBUG Sftp(1)[1] Info: Culture: en; Windows-1252
2018-01-23 10:18:34.049 DEBUG ProxySocket(1)[1] Proxy: Resolving 'ftp.indexes.nasdaqomx.com'.
2018-01-23 10:18:34.080 DEBUG ProxySocket(1)[1] Proxy: Connecting to none proxy at 198.55.199.40:22.
2018-01-23 10:18:34.158 DEBUG Sftp(1)[1] SSH: Server is 'SSH-2.0-CrushFTPSSHD'.
2018-01-23 10:18:34.174 INFO Sftp(1)[1] SSH: Negotiation started.
2018-01-23 10:18:34.393 DEBUG Sftp(1)[1] SSH: Group exchange.
2018-01-23 10:18:34.455 DEBUG Sftp(1)[1] SSH: Negotiating key.
2018-01-23 10:18:34.533 DEBUG Sftp(1)[1] SSH: Received 2048-bit Diffie-Hellman prime (minimum allowed size is 1024 bits).
2018-01-23 10:18:34.674 DEBUG Sftp(1)[1] SSH: Validating signature.
2018-01-23 10:18:34.768 ERROR Sftp(1)[1] SSH: Negotiation failed. Server signature is not valid.
2018-01-23 10:18:34.768 ERROR Sftp(1)[1] Info: Rebex.Net.SshException: Server signature is not valid.
   at Rebex.Net.VGP.B(SshSession I, Byte[] J, Byte[] C, Byte[] D, Byte[] U, NQV& L, Byte[]& B, SshPublicKey& M)
   at Rebex.Net.SshSession.MF(Byte[] I)
   at Rebex.Net.SshSession.Negotiate()
   at Rebex.Net.Sftp.NHP.MF(THP I, Boolean J)
   at Rebex.Net.Sftp.RZ(String I, Int32 J, SshParameters C, THP D)
commented Jan 23 by Lukas Pokorny (89,770 points)
I only noticed this update after posting my reply below. Please make sure to set client.Settings.SshParameters.PreferredHostKeyAlgorithm = SshHostKeyAlgorithm.RSA as well. If this still doesn't help, let us know.
commented Jan 23 by zenny6377 (170 points)
Hi - still the same error.  The owners of the server responded with "The previous SFTP version was out of date and we have installed new version of the SSL certificate as the previous one expired.  You may have to accept a new SFTP host key."  I tried connecting with putty and was prompted to put the servers key in the registry which I did but it doesn't support an interactive session.  I can connect with filezilla however.
commented Jan 23 by Lukas Pokorny (89,770 points)
I tried running the following code snippet and it seems to work fine with Rebex SFTP 2017 R6.3:

var client = new Sftp();
client.LogWriter = new FileLogWriter("rebex-log.txt", LogLevel.Debug);
client.Settings.SshParameters.PreferredHostKeyAlgorithm = SshHostKeyAlgorithm.RSA;
client.Connect("ftp.indexes.nasdaqomx.com");

It produced the following log:

2018-01-23 18:31:22.229 Opening log file.
2018-01-23 18:31:22.236 INFO FileLogWriter(1)[1] Info: Assembly: Rebex.Common 2017 R6.3 for .NET 2.0-3.5
2018-01-23 18:31:22.240 INFO FileLogWriter(1)[1] Info: Platform: Windows 6.2.9200 64-bit; CLR: 2.0.50727.8825
2018-01-23 18:31:22.241 DEBUG FileLogWriter(1)[1] Info: Culture: en; Windows-1252
2018-01-23 18:31:22.298 INFO Sftp(1)[1] Info: Connecting to ftp.indexes.nasdaqomx.com:22 using Sftp.
2018-01-23 18:31:22.299 INFO Sftp(1)[1] Info: Assembly: Rebex.Sftp 2017 R6.3 for .NET 2.0-3.5
2018-01-23 18:31:22.299 INFO Sftp(1)[1] Info: Platform: Windows 6.2.9200 64-bit; CLR: 2.0.50727.8825
2018-01-23 18:31:22.299 DEBUG Sftp(1)[1] Info: Culture: en; Windows-1252
2018-01-23 18:31:22.317 DEBUG ProxySocket(1)[1] Proxy: Resolving 'ftp.indexes.nasdaqomx.com'.
2018-01-23 18:31:22.408 DEBUG ProxySocket(1)[1] Proxy: Connecting to none proxy at 198.55.199.40:22.
2018-01-23 18:31:22.686 DEBUG Sftp(1)[1] SSH: Server is 'SSH-2.0-CrushFTPSSHD'.
2018-01-23 18:31:22.715 INFO Sftp(1)[1] SSH: Negotiation started.
2018-01-23 18:31:22.883 DEBUG Sftp(1)[1] SSH: Group exchange.
2018-01-23 18:31:23.022 DEBUG Sftp(1)[1] SSH: Negotiating key.
2018-01-23 18:31:23.065 DEBUG Sftp(1)[1] SSH: Received 2048-bit Diffie-Hellman prime (minimum allowed size is 1024 bits).
2018-01-23 18:31:23.291 DEBUG Sftp(1)[1] SSH: Validating signature.
2018-01-23 18:31:23.366 DEBUG Sftp(1)[1] SSH: Received 4096-bit RSA server key (minimum allowed size is 1024 bits).
2018-01-23 18:31:23.430 INFO Sftp(1)[1] SSH: Negotiation finished.
2018-01-23 18:31:23.430 INFO Sftp(1)[1] Info: Server: SSH-2.0-CrushFTPSSHD
2018-01-23 18:31:23.431 INFO Sftp(1)[1] Info: Fingerprint (MD5): 5a:48:71:f8:0e:88:54:26:73:ca:42:f5:63:24:23:52
2018-01-23 18:31:23.431 INFO Sftp(1)[1] Info: Fingerprint (SHA-256): 4mOJ6X1g7uaqaN+VshxR2Y/pR8Nf6o+LiprZFqYjHL8
2018-01-23 18:31:23.432 INFO Sftp(1)[1] Info: Cipher info: SSH 2.0, diffie-hellman-group-exchange-sha256, ssh-rsa, aes128-ctr/aes128-ctr, hmac-sha2-256/hmac-sha2-256

Please try running the same code as well and if it still doesn't work, post your log. Thanks!

1 Answer

0 votes
answered Jan 23 by Lukas Pokorny (89,770 points)

DSS is most likely broken at this server. OpenSSH is unable to connect as well when using DSS ("ssh -oHostKeyAlgorithms=ssh-dss ftp.indexes.nasdaqomx.com" command) and fails with "invalid format".

However, in addition to this, there seems to be an incompatibility in its RSA signature format as well, most likely this one. To work around this, upgrade to at least Rebex SFTP 2016 R1 (or the latest release) and make sure to prefer RSA host key algorithm. You should then be able to connect to the SFTP server again.

...