Error SSH: Rebex.Net.SshException: The connection was closed by the server.

0 votes
asked Jun 11 by Ftp (280 points)

Hello Team,

While connecting to the FTP server: 12.3.52.138 and port: 990, we are receiving the below error from Rebex component.

=========================================
20:02:45.777 Info Info: Connecting to 12.3.52.138:990 using Sftp 3.0.4546.0.
20:02:47.336 Error SSH: Rebex.Net.SshException: The connection was closed by the server. Make sure you are connecting to an SSH or SFTP server.
at Rebex.Net.SshSession.14Ad4fZ()
at Rebex.Net.SshSession.Negotiate()

=========================================

But when we connect the same server with File Zilla, we are able to connect it. Please help us to connect it from Rebex. Thank you.

We look forward to your reply.

Regards,
Naga Suresh D

Applies to: Rebex Secure Mail

1 Answer

0 votes
answered Jun 11 by Lukas Pokorny (94,270 points)

Hello, 12.3.52.138:990 is not an SFTP/SSH server. It's an FTP server implicitly secured with TLS. Please use Rebex FTP/SSL to connect to this server:

var ftp = new Ftp();
ftp.Connect("12.3.52.138", 990, SslMode.Implicit);

Alternatively, you might use FileTransferClient (part of Rebex File Transfer Pack) which (like FileZilla) supports both FTP and SFTP:

var client = new FileTransferClient();
client.Connect("12.3.52.138", 990, FileTransferMode.FtpSslImplicit);

If you get an exception indicating that the server certificate was rejected, check out this blog post: https://blog.rebex.net/howto-server-certificate-rejected-exception/

commented Jun 19 by Ftp (280 points)
Please confirm the above clarification. Thank you.
commented Jun 19 by Ftp (280 points)
How can we know programmatically the FTP server is FTP/SSL/SFTP? So that we will dynamically use the connection object as per the requirement. Thank you.
commented Jun 19 by Lukas Pokorny (94,270 points)
We commented on SslAcceptAllCertificates in the blog post with these words: "Doing this in production environment is highly discouraged, as it effectively disables server authentication."

However, that was in 2012. Today, our recommendation for most scenarios is even stronger: "NEVER use 'SslAcceptAllCertificates=true' in production! Doing so enables man-in-the-middle attacks and essentially renders TLS/SSL completely useless."

The property is useful when testing or debugging because it makes it possible to determine whether the application would work if certificate validation succeeded, but don't use it in production environments unless the connection between to the client and server is sufficiently secure even without TLS/SSL. In other words, only enable SslAcceptAllCertificates if not using TLS/SSL at all would be acceptable as well.
commented Jun 19 by Lukas Matyska (47,150 points)
To determine what service is running at the server, the only way is to try it.
So, you can try SFTP, if Connect() method fails try FTP/SSL. If this fails try plain FTP.

However, I suggest you to determine the protocol by port number at first.

Common port numbers:
  22 - SFTP
  21 - FTP (and FTP/SSL explicit)
  990 - FTP/SSL implicit
commented Jun 20 by Ftp (280 points)
We will verify the FTP server with the port and the above logic. Thank you.
...