Ask a Question

Negotiation failed. The connection was closed by the server.

0 votes
by (120 points)

FileZilla reports "Unknown Host Key" | "Hostkey algorithm: ecdsa-sha2-nistp521 521" then allows me to connect.

var ftp = new Sftp();
ftp.Settings.SshParameters.PreferredHostKeyAlgorithm = SshHostKeyAlgorithm.ECDsaNistP521;
ftp.Connect("host", serverPort: 22);
ftp.Login("user", "password");
var validated = ftp.PutFile(uploadFileName, $"/inbound/{Parse.FileNamePart(uploadFileName)}") == new FileInfo(uploadFileName).Length;
ftp.Disconnect();

Note that I've purchased your latest Sftp version today (I've been a client since 2012), but still can't connect. Thanks.

Applies to: Rebex SFTP

1 Answer

0 votes
by (132k points)

Try adding the following line to your code to enable ECDSA host key algorithm with NIST P-521 curve:

ftp.Settings.HostKeyAlgorithms |= SshHostKeyAlgorithm.ECDsaNistP521;
by (120 points)
Thanks Lukas.
I'm still getting the same error. Here is my current code and verbose log.

                var ftp = new Sftp();
                if (ftpConsoleLogging) ftp.LogWriter = new RebexConsoleLogWriter(LogLevel.Verbose);
                ftp.Settings.UseLargeBuffers = true;
                ftp.Settings.SshParameters.HostKeyAlgorithms |= SshHostKeyAlgorithm.ECDsaNistP521;
                ftp.Settings.SshParameters.PreferredHostKeyAlgorithm = SshHostKeyAlgorithm.ECDsaNistP521;
                ftp.Connect("sftp.4myrebate.com", serverPort: 22);
                ftp.Login("login", "password");
                var validated = ftp.PutFile(uploadFileName, $"/inbound/{Parse.FileNamePart(uploadFileName)}") == new FileInfo(uploadFileName).Length;
                ftp.Disconnect();
-------
Info: Assembly: Rebex.Sftp 2020 R2 for .NET 4.0-4.8
Info: Platform: Windows 6.2.9200 32-bit; CLR: 4.0.30319.42000
Info: Culture: en; Windows-1252
Proxy: Resolving 'sftp.4myrebate.com'.
Proxy: Connecting to 3.224.150.201:22 (no proxy).
Proxy: Connection established.
SSH: Sending data:
 0000 |53-53-48-2D-32-2E-30-2D 52-65-62-65-78-53-53-48| SSH-2.0-RebexSSH
 0010 |5F-35-2E-30-2E-37-34-35 30-2E-30-0D-0A         | _5.0.7450.0..
SSH: Received data:
 0000 |53-53-48-2D-32-2E-30-2D 53-79-6E-63-70-6C-69-66| SSH-2.0-Syncplif
 0010 |79-5F-4D-65-5F-53-65-72 76-65-72-0D-0A         | y_Me_Server..
SSH: Server is 'SSH-2.0-Syncplify_Me_Server'.
SSH: Negotiation started.
SSH: Sending packet SSH_MSG_KEXINIT (1263 bytes).
 0000 |14-A6-65-5B-D0-5F-9B-77 1B-EB-E0-98-48-7A-A3-48| ..e[._.w....Hz.H
 0010 |2E-00-00-01-0A-63-75-72 76-65-32-35-35-31-39-2D| .....curve25519-
 0020 |73-68-61-32-35-36-2C-63 75-72-76-65-32-35-35-31| sha256,curve2551
 0030 |39-2D-73-68-61-32-35-36 40-6C-69-62-73-73-68-2E| 9-sha256@libssh.
 0040 |6F-72-67-2C-65-63-64-68 2D-73-68-61-32-2D-6E-69| org,ecdh-sha2-ni
 0050 |73-74-70-32-35-36-2C-64 69-66-66-69-65-2D-68-65| stp256,diffie-he
 0060 |6C-6C-6D-61-6E-2D-67-72 6F-75-70-2D-65-78-63-68| llman-group-exch
 0070 |61-6E-67-65-2D-73-68-61 32-35-36-2C-64-69-66-66| ange-sha256,diff
 0080 |69-65-2D-68-65-6C-6C-6D 61-6E-2D-67-72-6F-75-70| ie-hellman-group
 0090 |31-34-2D-73-68-61-32-35 36-2C-64-69-66-66-69-65| 14-sha256,diffie
 00A0 |2D-68-65-6C-6C-6D-61-6E 2D-67-72-6F-75-70-31-35| -hellman-group15
 00B0 |2D-73-68-61-35-31-32-2C 64-69-66-66-69-65-2D-68| -sha512,diffie-h
 00C0 |65-6C-6C-6D-61-6E-2D-67 72-6F-75-70-31-36-2D-73| ellman-group16-s
 00D0 |68-61-35-31-32-2C-64-69 66-66-69-65-2D-68-65-6C| ha512,diffie-hel
 00E0 |6C-6D-61-6E-2D-67-72-6F 75-70-2D-65-78-63-68-61| lman-group-excha
 00F0 |6E-67-65-2D-73-68-61-31 2C-64-69-66-66-69-65-2D| nge-sha1,diffie-
 0100 |68-65-6C-6C-6D-61-6E-2D 67-72-6F-75-70-31-34-2D| hellman-group14-
 0110 |73-68-61-31-2C-65-78-74 2D-69-6E-66-6F-2D-63-00| sha1,ext-info-c.
 0120 |00-00-A7-65-63-64-73-61 2D-73-68-61-32-2D-6E-69| ...ecdsa-sha2-ni
 0130 |73-74-70-35-32-31-2C-73 73-68-2D-64-73-73-2C-72| stp521,ssh-dss,r
 0140 |73-61-2D-73-68-61-32-2D 32-35-36-2C-73-73-68-2D| sa-sha2-256,ssh-
 0150 |72-73-61-2D-73-68-61-32 35-36-40-73-73-68-2E-63| rsa-sha256@ssh.c
 0160 |6F-6D-2C-72-73-61-2D-73 68-61-32-2D-35-31-32-2C| om,rsa-sha2-512,
 0170 |73-73-68-2D-72-73-61-2C 78-35-30-39-76-33-2D-73| ssh-rsa,x509v3-s
 0180 |69-67-6E-2D-72-73-61-2D 73-68-61-32-35-36-40-73| ign-rsa-sha256@s
 0190 |73-68-2E-63-6F-6D-2C-78 35-30-39-76-33-2D-73-69| sh.com,x509v3-si
 01A0 |67-6E-2D-72-73-61-2C-78 35-30-39-76-33-2D-73-69| gn-rsa,x509v3-si
 01B0 |67-6E-2D-64-73-73-2C-65 63-64-73-61-2D-73-68-61| gn-dss,ecdsa-sha
 01C0 |32-2D-6E-69-73-74-70-32 35-36-00-00-01-05-61-65| 2-nistp256....ae
 01D0 |73-32-35-36-2D-67-63-6D 40-6F-70-65-6E-73-73-68| s256-gcm@openssh
 01E0 |2E-63-6F-6D-2C-61-65-73 31-32-38-2D-67-63-6D-40| .com,aes128-gcm@
 01F0 |6F-70-65-6E-73-73-68-2E 63-6F-6D-2C-61-65-73-32| openssh.com,aes2
 0200 |35-36-2D-63-74-72-2C-61 65-73-31-39-32-2D-63-74| 56-ctr,aes192-ct
 0210 |72-2C-61-65-73-31-32-38 2D-63-74-72-2C-33-64-65| r,aes128-ctr,3de
 0220 |73-2D-63-74-72-2C-74-77 6F-66-69-73-68-32-35-36| s-ctr,twofish256
 0230 |2D-63-74-72-2C-74-77-6F 66-69-73-68-31-39-32-2D| -ctr,twofish192-
 0240 |63-74-72-2C-74-77-6F-66 69-73-68-31-32-38-2D-63| ctr,twofish128-c
 0250 |74-72-2C-61-65-73-32-35 36-2D-63-62-63-2C-61-65| tr,aes256-cbc,ae
 0260 |73-31-39-32-2D-63-62-63 2C-61-65-73-31-32-38-2D| s192-cbc,aes128-
 0270 |63-62-63-2C-33-64-65-73 2D-63-62-63-2C-74-77-6F| cbc,3des-cbc,two
 0280 |66-69-73-68-32-35-36-2D 63-62-63-2C-74-77-6F-66| fish256-cbc,twof
 0290 |69-73-68-31-39-32-2D-63 62-63-2C-74-77-6F-66-69| ish192-cbc,twofi
 02A0 |73-68-31-32-38-2D-63-62 63-2C-74-77-6F-66-69-73| sh128-cbc,twofis
 02B0 |68-2D-63-62-63-2C-63-68 61-63-68-61-32-30-2D-70| h-cbc,chacha20-p
 02C0 |6F-6C-79-31-33-30-35-40 6F-70-65-6E-73-73-68-2E| oly1305@openssh.
 02D0 |63-6F-6D-00-00-01-05-61 65-73-32-35-36-2D-67-63| com....aes256-gc
 02E0 |6D-40-6F-70-65-6E-73-73 68-2E-63-6F-6D-2C-61-65| m@openssh.com,ae
 02F0 |73-31-32-38-2D-67-63-6D 40-6F-70-65-6E-73-73-68| s128-gcm@openssh
 0300 |2E-63-6F-6D-2C-61-65-73 32-35-36-2D-63-74-72-2C| .com,aes256-ctr,
 0310 |61-65-73-31-39-32-2D-63 74-72-2C-61-65-73-31-32| aes192-ctr,aes12
 0320 |38-2D-63-74-72-2C-33-64 65-73-2D-63-74-72-2C-74| 8-ctr,3des-ctr,t
 0330 |77-6F-66-69-73-68-32-35 36-2D-63-74-72-2C-74-77| wofish256-ctr,tw
 0340 |6F-66-69-73-68-31-39-32 2D-63-74-72-2C-74-77-6F| ofish192-ctr,two
 0350 |66-69-73-68-31-32-38-2D 63-74-72-2C-61-65-73-32| fish128-ctr,aes2
 0360 |35-36-2D-63-62-63-2C-61 65-73-31-39-32-2D-63-62| 56-cbc,aes192-cb
 0370 |63-2C-61-65-73-31-32-38 2D-63-62-63-2C-33-64-65| c,aes128-cbc,3de
 0380 |73-2D-63-62-63-2C-74-77 6F-66-69-73-68-32-35-36| s-cbc,twofish256
 0390 |2D-63-62-63-2C-74-77-6F 66-69-73-68-31-39-32-2D| -cbc,twofish192-
 03A0 |63-62-63-2C-74-77-6F-66 69-73-68-31-32-38-2D-63| cbc,twofish128-c
 03B0 |62-63-2C-74-77-6F-66-69 73-68-2D-63-62-63-2C-63| bc,twofish-cbc,c
 03C0 |68-61-63-68-61-32-30-2D 70-6F-6C-79-31-33-30-35| hacha20-poly1305
 03D0 |40-6F-70-65-6E-73-73-68 2E-63-6F-6D-00-00-00-61| @openssh.com...a
 03E0 |68-6D-61-63-2D-73-68-61 32-2D-32-35-36-2D-65-74| hmac-sha2-256-et
 03F0 |6D-40-6F-70-65-6E-73-73 68-2E-63-6F-6D-2C-68-6D| m@openssh.com,hm
 0400 |61-63-2D-73-68-61-32-2D 32-35-36-2C-68-6D-61-63| ac-sha2-256,hmac
 0410 |2D-73-68-61-32-2D-35-31 32-2D-65-74-6D-40-6F-70| -sha2-512-etm@op
 0420 |65-6E-73-73-68-2E-63-6F 6D-2C-68-6D-61-63-2D-73| enssh.com,hmac-s
 0430 |68-61-32-2D-35-31-32-2C 68-6D-61-63-2D-73-68-61| ha2-512,hmac-sha
 0440 |31-00-00-00-61-68-6D-61 63-2D-73-68-61-32-2D-32| 1...ahmac-sha2-2
 0450 |35-36-2D-65-74-6D-40-6F 70-65-6E-73-73-68-2E-63| 56-etm@openssh.c
 0460 |6F-6D-2C-68-6D-61-63-2D 73-68-61-32-2D-32-35-36| om,hmac-sha2-256
 0470 |2C-68-6D-61-63-2D-73-68 61-32-2D-35-31-32-2D-65| ,hmac-sha2-512-e
 0480 |74-6D-40-6F-70-65-6E-73 73-68-2E-63-6F-6D-2C-68| tm@openssh.com,h
 0490 |6D-61-63-2D-73-68-61-32 2D-35-31-32-2C-68-6D-61| mac-sha2-512,hma
 04A0 |63-2D-73-68-61-31-00-00 00-1A-6E-6F-6E-65-2C-7A| c-sha1....none,z
 04B0 |6C-69-62-2C-7A-6C-69-62 40-6F-70-65-6E-73-73-68| lib,zlib@openssh
 04C0 |2E-63-6F-6D-00-00-00-1A 6E-6F-6E-65-2C-7A-6C-69| .com....none,zli
 04D0 |62-2C-7A-6C-69-62-40-6F 70-65-6E-73-73-68-2E-63| b,zlib@openssh.c
 04E0 |6F-6D-00-00-00-00-00-00 00-00-00-00-00-00-00   | om.............
SSH: Received packet SSH_MSG_KEXINIT (650 bytes).

-- sending two parts due to site char limit --
by (120 points)
-- part two --

0000 |14-92-E7-1E-E7-E2-F8-56 42-33-9D-5C-84-2B-BE-91| .......VB3.\.+..
 0010 |97-00-00-00-59-64-69-66 66-69-65-2D-68-65-6C-6C| ....Ydiffie-hell
 0020 |6D-61-6E-2D-67-72-6F-75 70-2D-65-78-63-68-61-6E| man-group-exchan
 0030 |67-65-2D-73-68-61-31-2C 64-69-66-66-69-65-2D-68| ge-sha1,diffie-h
 0040 |65-6C-6C-6D-61-6E-2D-67 72-6F-75-70-31-2D-73-68| ellman-group1-sh
 0050 |61-31-2C-64-69-66-66-69 65-2D-68-65-6C-6C-6D-61| a1,diffie-hellma
 0060 |6E-2D-67-72-6F-75-70-31 34-2D-73-68-61-31-00-00| n-group14-sha1..
 0070 |00-1B-73-73-68-2D-72-73 61-2C-65-63-64-73-61-2D| ..ssh-rsa,ecdsa-
 0080 |73-68-61-32-2D-6E-69-73 74-70-35-32-31-00-00-00| sha2-nistp521...
 0090 |5A-62-6C-6F-77-66-69-73 68-2D-63-62-63-2C-61-65| Zblowfish-cbc,ae
 00A0 |73-31-39-32-2D-63-62-63 2C-61-65-73-31-32-38-2D| s192-cbc,aes128-
 00B0 |63-62-63-2C-63-61-73-74 31-32-38-2D-63-62-63-2C| cbc,cast128-cbc,
 00C0 |61-65-73-31-32-38-2D-63 74-72-2C-61-65-73-31-39| aes128-ctr,aes19
 00D0 |32-2D-63-74-72-2C-61-65 73-32-35-36-2D-63-74-72| 2-ctr,aes256-ctr
 00E0 |2C-61-72-63-66-6F-75-72 31-32-38-00-00-00-5A-62| ,arcfour128...Zb
 00F0 |6C-6F-77-66-69-73-68-2D 63-62-63-2C-61-65-73-31| lowfish-cbc,aes1
 0100 |39-32-2D-63-62-63-2C-61 65-73-31-32-38-2D-63-62| 92-cbc,aes128-cb
 0110 |63-2C-63-61-73-74-31-32 38-2D-63-62-63-2C-61-65| c,cast128-cbc,ae
 0120 |73-31-32-38-2D-63-74-72 2C-61-65-73-31-39-32-2D| s128-ctr,aes192-
 0130 |63-74-72-2C-61-65-73-32 35-36-2D-63-74-72-2C-61| ctr,aes256-ctr,a
 0140 |72-63-66-6F-75-72-31-32 38-00-00-00-78-68-6D-61| rcfour128...xhma
 0150 |63-2D-73-68-61-31-2C-68 6D-61-63-2D-72-69-70-65| c-sha1,hmac-ripe
 0160 |6D-64-31-36-30-2C-68-6D 61-63-2D-72-69-70-65-6D| md160,hmac-ripem
 0170 |64-31-36-30-40-6F-70-65 6E-73-73-68-2E-63-6F-6D| d160@openssh.com
 0180 |2C-75-6D-61-63-2D-36-34 40-6F-70-65-6E-73-73-68| ,umac-64@openssh
 0190 |2E-63-6F-6D-2C-75-6D-61 63-2D-31-32-38-40-6F-70| .com,umac-128@op
 01A0 |65-6E-73-73-68-2E-63-6F 6D-2C-68-6D-61-63-2D-73| enssh.com,hmac-s
 01B0 |68-61-32-2D-32-35-36-2C 68-6D-61-63-2D-73-68-61| ha2-256,hmac-sha
 01C0 |32-2D-35-31-32-00-00-00 78-68-6D-61-63-2D-73-68| 2-512...xhmac-sh
 01D0 |61-31-2C-68-6D-61-63-2D 72-69-70-65-6D-64-31-36| a1,hmac-ripemd16
 01E0 |30-2C-68-6D-61-63-2D-72 69-70-65-6D-64-31-36-30| 0,hmac-ripemd160
 01F0 |40-6F-70-65-6E-73-73-68 2E-63-6F-6D-2C-75-6D-61| @openssh.com,uma
 0200 |63-2D-36-34-40-6F-70-65 6E-73-73-68-2E-63-6F-6D| c-64@openssh.com
 0210 |2C-75-6D-61-63-2D-31-32 38-40-6F-70-65-6E-73-73| ,umac-128@openss
 0220 |68-2E-63-6F-6D-2C-68-6D 61-63-2D-73-68-61-32-2D| h.com,hmac-sha2-
 0230 |32-35-36-2C-68-6D-61-63 2D-73-68-61-32-2D-35-31| 256,hmac-sha2-51
 0240 |32-00-00-00-1A-6E-6F-6E 65-2C-7A-6C-69-62-2C-7A| 2....none,zlib,z
 0250 |6C-69-62-40-6F-70-65-6E 73-73-68-2E-63-6F-6D-00| lib@openssh.com.
 0260 |00-00-1A-6E-6F-6E-65-2C 7A-6C-69-62-2C-7A-6C-69| ...none,zlib,zli
 0270 |62-40-6F-70-65-6E-73-73 68-2E-63-6F-6D-00-00-00| b@openssh.com...
 0280 |00-00-00-00-00-00-00-00 00-00                  | ..........
SSH: Group exchange (legacy form).
SSH: Sending packet SSH_MSG_KEX_30 (5 bytes).
 0000 |1E-00-00-04-00                                 | .....
SSH: SSH connection closed.
SSH: Negotiation failed. The connection was closed by the server.
Info: Rebex.Net.SshException: The connection was closed by the server.
   at Rebex.Net.SshSession.cfmh[g,h](njnf`2 avj, Int32 avk, njng avl, h avm, g avn, g avo)
   at Rebex.Net.SshSession.cfmo(afjp avx)
   at afjt.ssjc(SshSession gdx, Byte[] gdy, Byte[] gdz, Byte[] gea, Byte[] geb, afji& gec, Byte[]& ged, SshPublicKey& gee)
   at Rebex.Net.SshSession.cfmq(Byte[] avy)
   at Rebex.Net.SshSession.Negotiate()
   at Rebex.Net.Sftp.emin.fnhk(ftxd amk, Boolean aml)
   at Rebex.Net.Sftp.pqan(String po, Int32 pp, SshParameters pq, ftxd pr)a
by (132k points)
Thanks for the log! It looks Rebex SFTP detected this server to be a "legacy" SSH server due to its lack of support for any key exchange algorithms based on SHA-2, and therefore it tried to negotiate using SSH in legacy group exchange mode, which was rejected by the server. Please try forcing modern group exchange mode using this setting:

ftp.Settings.SshParameters.UseLegacyGroupExchange = false;
by (120 points)
This worked! Thank you.
by (132k points)
Thanks for letting us know! We will enhance the detection routine in the next release to make this unnecessary.
...