Error SSH: Rebex.Net.SshException: The connection was closed by the server.

0 votes
asked Jun 11 by Ftp (280 points)

Hello Team,

While connecting to the FTP server: 12.3.52.138 and port: 990, we are receiving the below error from Rebex component.

=========================================
20:02:45.777 Info Info: Connecting to 12.3.52.138:990 using Sftp 3.0.4546.0.
20:02:47.336 Error SSH: Rebex.Net.SshException: The connection was closed by the server. Make sure you are connecting to an SSH or SFTP server.
at Rebex.Net.SshSession.14Ad4fZ()
at Rebex.Net.SshSession.Negotiate()

=========================================

But when we connect the same server with File Zilla, we are able to connect it. Please help us to connect it from Rebex. Thank you.

We look forward to your reply.

Regards,
Naga Suresh D

Applies to: Rebex Secure Mail

1 Answer

0 votes
answered Jun 11 by Lukas Pokorny (95,290 points)

Hello, 12.3.52.138:990 is not an SFTP/SSH server. It's an FTP server implicitly secured with TLS. Please use Rebex FTP/SSL to connect to this server:

var ftp = new Ftp();
ftp.Connect("12.3.52.138", 990, SslMode.Implicit);

Alternatively, you might use FileTransferClient (part of Rebex File Transfer Pack) which (like FileZilla) supports both FTP and SFTP:

var client = new FileTransferClient();
client.Connect("12.3.52.138", 990, FileTransferMode.FtpSslImplicit);

If you get an exception indicating that the server certificate was rejected, check out this blog post: https://blog.rebex.net/howto-server-certificate-rejected-exception/

commented Jun 13 by Ftp (280 points)
Hello, I am unable to add the code like you mentioned. There is no SSLMode Enumerator in the third parameter of Connect method in FTP class.

Please see the below three overload methods to connect in FTP class.

public string Connect(string serverName, int serverPort);
        
public string Connect(string serverName);
        
public string Connect(string serverName, int serverPort, TlsParameters parameters, FtpSecurity security);

Please suggest to move further. Thank you.
commented Jun 13 by Lukas Pokorny (95,290 points)
It looks like you use Rebex FTP/SSL 2012 R2. The SslMode enum was added in Rebex FTP/SSL 2012 R3. Either upgrade to a more recent version or use an overload of Connect method that can accept FtpSecurity.Implicit.

However, please be aware that using a six-yer-old version of Rebex FTP/SSL is strongly discouraged. It doesn't support TLS 1.2 and by default enables a number of TLS/SSL ciphers that are now considered vulnerable.
commented Jun 13 by Lukas Pokorny (95,290 points)
By the way, there is no Rebex FTP/SSL license registered to your company. Perhaps your company name has changed in 2012? Please get in touch with us at sales@rebex.net to sort this out.
commented Jun 14 by Ftp (280 points)
Hello, currently we are using 2.0.4546.0 version of Rebex components in our project.
Can we handle this scenario with this version? Because we don't have time to upgrade the Rebex components to the latest and use it.

Please let us know to connect this FTP with the current version of Rebex components. We look forward to your reply. Thank you.
commented Jun 14 by Lukas Pokorny (95,290 points)
Have you tried our suggestion to use FtpSecurity.Implicit?
commented Jun 17 by Ftp (280 points)
Hello, We have downloaded latest 2018 Rebex components and tried to connect the FTP server with the below method.

var ftp = new Ftp();
ftp.Connect("12.3.52.138", 990, SslMode.Implicit);

But still, we are facing the same error.

"Server certificate was rejected by the verifier because of an unknown certificate authority."

How to resolve this with the latest Rebext components without using FileTransferClient?
commented Jun 17 by Ftp (280 points)
We have tried with the FileTransferClient and got the same error.

var client = new FileTransferClient();
                        client.Connect("12.3.52.138", 990, FileTransferMode.FtpSslImplicit);

Error: "Server certificate was rejected by the verifier because of an unknown certificate authority."
commented Jun 18 by Lukas Pokorny (95,290 points)
I already addressed this in my answer last week: "If you get an exception indicating that the server certificate was rejected, check out this blog post: https://blog.rebex.net/howto-server-certificate-rejected-exception/ "
commented Jun 18 by Ftp (280 points)
Hello, Thanks for the information.

If I execute the below two lines of code with the latest Rebex components, I can connect the FTP.

var ftp = new Ftp();
ftp.Settings.SslAcceptAllCertificates = true;
ftp.Connect(ftpSettings.ServerName,  SslMode.Implicit);

But I have small clarification that, we have a common method to connect the FTP server. Now to fix this issue, can we add SslAcceptAllCertificates to TRUE and SslMode.Implicit into the common methods. So that these two properties will be set to all FTP servers. Is there any harm to other FTP servers if we set these two properties?

Please let us know. Thank you.
commented Jun 19 by Ftp (280 points)
Please confirm the above clarification. Thank you.
commented Jun 19 by Ftp (280 points)
How can we know programmatically the FTP server is FTP/SSL/SFTP? So that we will dynamically use the connection object as per the requirement. Thank you.
commented Jun 19 by Lukas Pokorny (95,290 points)
We commented on SslAcceptAllCertificates in the blog post with these words: "Doing this in production environment is highly discouraged, as it effectively disables server authentication."

However, that was in 2012. Today, our recommendation for most scenarios is even stronger: "NEVER use 'SslAcceptAllCertificates=true' in production! Doing so enables man-in-the-middle attacks and essentially renders TLS/SSL completely useless."

The property is useful when testing or debugging because it makes it possible to determine whether the application would work if certificate validation succeeded, but don't use it in production environments unless the connection between to the client and server is sufficiently secure even without TLS/SSL. In other words, only enable SslAcceptAllCertificates if not using TLS/SSL at all would be acceptable as well.
commented Jun 19 by Lukas Matyska (47,230 points)
To determine what service is running at the server, the only way is to try it.
So, you can try SFTP, if Connect() method fails try FTP/SSL. If this fails try plain FTP.

However, I suggest you to determine the protocol by port number at first.

Common port numbers:
  22 - SFTP
  21 - FTP (and FTP/SSL explicit)
  990 - FTP/SSL implicit
commented Jun 20 by Ftp (280 points)
We will verify the FTP server with the port and the above logic. Thank you.
...