Negotiation failed. The connection was closed by the server.

0 votes
asked Jun 5, 2020 by jlongenderfer (120 points)

FileZilla reports "Unknown Host Key" | "Hostkey algorithm: ecdsa-sha2-nistp521 521" then allows me to connect.

var ftp = new Sftp();
ftp.Settings.SshParameters.PreferredHostKeyAlgorithm = SshHostKeyAlgorithm.ECDsaNistP521;
ftp.Connect("host", serverPort: 22);
ftp.Login("user", "password");
var validated = ftp.PutFile(uploadFileName, $"/inbound/{Parse.FileNamePart(uploadFileName)}") == new FileInfo(uploadFileName).Length;
ftp.Disconnect();

Note that I've purchased your latest Sftp version today (I've been a client since 2012), but still can't connect. Thanks.

Applies to: Rebex SFTP

1 Answer

0 votes
answered Jun 5, 2020 by Lukas Pokorny (126,870 points)

Try adding the following line to your code to enable ECDSA host key algorithm with NIST P-521 curve:

ftp.Settings.HostKeyAlgorithms |= SshHostKeyAlgorithm.ECDsaNistP521;
commented Jun 5, 2020 by jlongenderfer (120 points)
Thanks Lukas.
I'm still getting the same error. Here is my current code and verbose log.

                var ftp = new Sftp();
                if (ftpConsoleLogging) ftp.LogWriter = new RebexConsoleLogWriter(LogLevel.Verbose);
                ftp.Settings.UseLargeBuffers = true;
                ftp.Settings.SshParameters.HostKeyAlgorithms |= SshHostKeyAlgorithm.ECDsaNistP521;
                ftp.Settings.SshParameters.PreferredHostKeyAlgorithm = SshHostKeyAlgorithm.ECDsaNistP521;
                ftp.Connect("sftp.4myrebate.com", serverPort: 22);
                ftp.Login("login", "password");
                var validated = ftp.PutFile(uploadFileName, $"/inbound/{Parse.FileNamePart(uploadFileName)}") == new FileInfo(uploadFileName).Length;
                ftp.Disconnect();
-------
Info: Assembly: Rebex.Sftp 2020 R2 for .NET 4.0-4.8
Info: Platform: Windows 6.2.9200 32-bit; CLR: 4.0.30319.42000
Info: Culture: en; Windows-1252
Proxy: Resolving 'sftp.4myrebate.com'.
Proxy: Connecting to 3.224.150.201:22 (no proxy).
Proxy: Connection established.
SSH: Sending data:
 0000 |53-53-48-2D-32-2E-30-2D 52-65-62-65-78-53-53-48| SSH-2.0-RebexSSH
 0010 |5F-35-2E-30-2E-37-34-35 30-2E-30-0D-0A         | _5.0.7450.0..
SSH: Received data:
 0000 |53-53-48-2D-32-2E-30-2D 53-79-6E-63-70-6C-69-66| SSH-2.0-Syncplif
 0010 |79-5F-4D-65-5F-53-65-72 76-65-72-0D-0A         | y_Me_Server..
SSH: Server is 'SSH-2.0-Syncplify_Me_Server'.
SSH: Negotiation started.
SSH: Sending packet SSH_MSG_KEXINIT (1263 bytes).
 0000 |14-A6-65-5B-D0-5F-9B-77 1B-EB-E0-98-48-7A-A3-48| ..e[._.w....Hz.H
 0010 |2E-00-00-01-0A-63-75-72 76-65-32-35-35-31-39-2D| .....curve25519-
 0020 |73-68-61-32-35-36-2C-63 75-72-76-65-32-35-35-31| sha256,curve2551
 0030 |39-2D-73-68-61-32-35-36 40-6C-69-62-73-73-68-2E| 9-sha256@libssh.
 0040 |6F-72-67-2C-65-63-64-68 2D-73-68-61-32-2D-6E-69| org,ecdh-sha2-ni
 0050 |73-74-70-32-35-36-2C-64 69-66-66-69-65-2D-68-65| stp256,diffie-he
 0060 |6C-6C-6D-61-6E-2D-67-72 6F-75-70-2D-65-78-63-68| llman-group-exch
 0070 |61-6E-67-65-2D-73-68-61 32-35-36-2C-64-69-66-66| ange-sha256,diff
 0080 |69-65-2D-68-65-6C-6C-6D 61-6E-2D-67-72-6F-75-70| ie-hellman-group
 0090 |31-34-2D-73-68-61-32-35 36-2C-64-69-66-66-69-65| 14-sha256,diffie
 00A0 |2D-68-65-6C-6C-6D-61-6E 2D-67-72-6F-75-70-31-35| -hellman-group15
 00B0 |2D-73-68-61-35-31-32-2C 64-69-66-66-69-65-2D-68| -sha512,diffie-h
 00C0 |65-6C-6C-6D-61-6E-2D-67 72-6F-75-70-31-36-2D-73| ellman-group16-s
 00D0 |68-61-35-31-32-2C-64-69 66-66-69-65-2D-68-65-6C| ha512,diffie-hel
 00E0 |6C-6D-61-6E-2D-67-72-6F 75-70-2D-65-78-63-68-61| lman-group-excha
 00F0 |6E-67-65-2D-73-68-61-31 2C-64-69-66-66-69-65-2D| nge-sha1,diffie-
 0100 |68-65-6C-6C-6D-61-6E-2D 67-72-6F-75-70-31-34-2D| hellman-group14-
 0110 |73-68-61-31-2C-65-78-74 2D-69-6E-66-6F-2D-63-00| sha1,ext-info-c.
 0120 |00-00-A7-65-63-64-73-61 2D-73-68-61-32-2D-6E-69| ...ecdsa-sha2-ni
 0130 |73-74-70-35-32-31-2C-73 73-68-2D-64-73-73-2C-72| stp521,ssh-dss,r
 0140 |73-61-2D-73-68-61-32-2D 32-35-36-2C-73-73-68-2D| sa-sha2-256,ssh-
 0150 |72-73-61-2D-73-68-61-32 35-36-40-73-73-68-2E-63| rsa-sha256@ssh.c
 0160 |6F-6D-2C-72-73-61-2D-73 68-61-32-2D-35-31-32-2C| om,rsa-sha2-512,
 0170 |73-73-68-2D-72-73-61-2C 78-35-30-39-76-33-2D-73| ssh-rsa,x509v3-s
 0180 |69-67-6E-2D-72-73-61-2D 73-68-61-32-35-36-40-73| ign-rsa-sha256@s
 0190 |73-68-2E-63-6F-6D-2C-78 35-30-39-76-33-2D-73-69| sh.com,x509v3-si
 01A0 |67-6E-2D-72-73-61-2C-78 35-30-39-76-33-2D-73-69| gn-rsa,x509v3-si
 01B0 |67-6E-2D-64-73-73-2C-65 63-64-73-61-2D-73-68-61| gn-dss,ecdsa-sha
 01C0 |32-2D-6E-69-73-74-70-32 35-36-00-00-01-05-61-65| 2-nistp256....ae
 01D0 |73-32-35-36-2D-67-63-6D 40-6F-70-65-6E-73-73-68| s256-gcm@openssh
 01E0 |2E-63-6F-6D-2C-61-65-73 31-32-38-2D-67-63-6D-40| .com,aes128-gcm@
 01F0 |6F-70-65-6E-73-73-68-2E 63-6F-6D-2C-61-65-73-32| openssh.com,aes2
 0200 |35-36-2D-63-74-72-2C-61 65-73-31-39-32-2D-63-74| 56-ctr,aes192-ct
 0210 |72-2C-61-65-73-31-32-38 2D-63-74-72-2C-33-64-65| r,aes128-ctr,3de
 0220 |73-2D-63-74-72-2C-74-77 6F-66-69-73-68-32-35-36| s-ctr,twofish256
 0230 |2D-63-74-72-2C-74-77-6F 66-69-73-68-31-39-32-2D| -ctr,twofish192-
 0240 |63-74-72-2C-74-77-6F-66 69-73-68-31-32-38-2D-63| ctr,twofish128-c
 0250 |74-72-2C-61-65-73-32-35 36-2D-63-62-63-2C-61-65| tr,aes256-cbc,ae
 0260 |73-31-39-32-2D-63-62-63 2C-61-65-73-31-32-38-2D| s192-cbc,aes128-
 0270 |63-62-63-2C-33-64-65-73 2D-63-62-63-2C-74-77-6F| cbc,3des-cbc,two
 0280 |66-69-73-68-32-35-36-2D 63-62-63-2C-74-77-6F-66| fish256-cbc,twof
 0290 |69-73-68-31-39-32-2D-63 62-63-2C-74-77-6F-66-69| ish192-cbc,twofi
 02A0 |73-68-31-32-38-2D-63-62 63-2C-74-77-6F-66-69-73| sh128-cbc,twofis
 02B0 |68-2D-63-62-63-2C-63-68 61-63-68-61-32-30-2D-70| h-cbc,chacha20-p
 02C0 |6F-6C-79-31-33-30-35-40 6F-70-65-6E-73-73-68-2E| oly1305@openssh.
 02D0 |63-6F-6D-00-00-01-05-61 65-73-32-35-36-2D-67-63| com....aes256-gc
 02E0 |6D-40-6F-70-65-6E-73-73 68-2E-63-6F-6D-2C-61-65| m@openssh.com,ae
 02F0 |73-31-32-38-2D-67-63-6D 40-6F-70-65-6E-73-73-68| s128-gcm@openssh
 0300 |2E-63-6F-6D-2C-61-65-73 32-35-36-2D-63-74-72-2C| .com,aes256-ctr,
 0310 |61-65-73-31-39-32-2D-63 74-72-2C-61-65-73-31-32| aes192-ctr,aes12
 0320 |38-2D-63-74-72-2C-33-64 65-73-2D-63-74-72-2C-74| 8-ctr,3des-ctr,t
 0330 |77-6F-66-69-73-68-32-35 36-2D-63-74-72-2C-74-77| wofish256-ctr,tw
 0340 |6F-66-69-73-68-31-39-32 2D-63-74-72-2C-74-77-6F| ofish192-ctr,two
 0350 |66-69-73-68-31-32-38-2D 63-74-72-2C-61-65-73-32| fish128-ctr,aes2
 0360 |35-36-2D-63-62-63-2C-61 65-73-31-39-32-2D-63-62| 56-cbc,aes192-cb
 0370 |63-2C-61-65-73-31-32-38 2D-63-62-63-2C-33-64-65| c,aes128-cbc,3de
 0380 |73-2D-63-62-63-2C-74-77 6F-66-69-73-68-32-35-36| s-cbc,twofish256
 0390 |2D-63-62-63-2C-74-77-6F 66-69-73-68-31-39-32-2D| -cbc,twofish192-
 03A0 |63-62-63-2C-74-77-6F-66 69-73-68-31-32-38-2D-63| cbc,twofish128-c
 03B0 |62-63-2C-74-77-6F-66-69 73-68-2D-63-62-63-2C-63| bc,twofish-cbc,c
 03C0 |68-61-63-68-61-32-30-2D 70-6F-6C-79-31-33-30-35| hacha20-poly1305
 03D0 |40-6F-70-65-6E-73-73-68 2E-63-6F-6D-00-00-00-61| @openssh.com...a
 03E0 |68-6D-61-63-2D-73-68-61 32-2D-32-35-36-2D-65-74| hmac-sha2-256-et
 03F0 |6D-40-6F-70-65-6E-73-73 68-2E-63-6F-6D-2C-68-6D| m@openssh.com,hm
 0400 |61-63-2D-73-68-61-32-2D 32-35-36-2C-68-6D-61-63| ac-sha2-256,hmac
 0410 |2D-73-68-61-32-2D-35-31 32-2D-65-74-6D-40-6F-70| -sha2-512-etm@op
 0420 |65-6E-73-73-68-2E-63-6F 6D-2C-68-6D-61-63-2D-73| enssh.com,hmac-s
 0430 |68-61-32-2D-35-31-32-2C 68-6D-61-63-2D-73-68-61| ha2-512,hmac-sha
 0440 |31-00-00-00-61-68-6D-61 63-2D-73-68-61-32-2D-32| 1...ahmac-sha2-2
 0450 |35-36-2D-65-74-6D-40-6F 70-65-6E-73-73-68-2E-63| 56-etm@openssh.c
 0460 |6F-6D-2C-68-6D-61-63-2D 73-68-61-32-2D-32-35-36| om,hmac-sha2-256
 0470 |2C-68-6D-61-63-2D-73-68 61-32-2D-35-31-32-2D-65| ,hmac-sha2-512-e
 0480 |74-6D-40-6F-70-65-6E-73 73-68-2E-63-6F-6D-2C-68| tm@openssh.com,h
 0490 |6D-61-63-2D-73-68-61-32 2D-35-31-32-2C-68-6D-61| mac-sha2-512,hma
 04A0 |63-2D-73-68-61-31-00-00 00-1A-6E-6F-6E-65-2C-7A| c-sha1....none,z
 04B0 |6C-69-62-2C-7A-6C-69-62 40-6F-70-65-6E-73-73-68| lib,zlib@openssh
 04C0 |2E-63-6F-6D-00-00-00-1A 6E-6F-6E-65-2C-7A-6C-69| .com....none,zli
 04D0 |62-2C-7A-6C-69-62-40-6F 70-65-6E-73-73-68-2E-63| b,zlib@openssh.c
 04E0 |6F-6D-00-00-00-00-00-00 00-00-00-00-00-00-00   | om.............
SSH: Received packet SSH_MSG_KEXINIT (650 bytes).

-- sending two parts due to site char limit --
commented Jun 5, 2020 by jlongenderfer (120 points)
-- part two --

0000 |14-92-E7-1E-E7-E2-F8-56 42-33-9D-5C-84-2B-BE-91| .......VB3.\.+..
 0010 |97-00-00-00-59-64-69-66 66-69-65-2D-68-65-6C-6C| ....Ydiffie-hell
 0020 |6D-61-6E-2D-67-72-6F-75 70-2D-65-78-63-68-61-6E| man-group-exchan
 0030 |67-65-2D-73-68-61-31-2C 64-69-66-66-69-65-2D-68| ge-sha1,diffie-h
 0040 |65-6C-6C-6D-61-6E-2D-67 72-6F-75-70-31-2D-73-68| ellman-group1-sh
 0050 |61-31-2C-64-69-66-66-69 65-2D-68-65-6C-6C-6D-61| a1,diffie-hellma
 0060 |6E-2D-67-72-6F-75-70-31 34-2D-73-68-61-31-00-00| n-group14-sha1..
 0070 |00-1B-73-73-68-2D-72-73 61-2C-65-63-64-73-61-2D| ..ssh-rsa,ecdsa-
 0080 |73-68-61-32-2D-6E-69-73 74-70-35-32-31-00-00-00| sha2-nistp521...
 0090 |5A-62-6C-6F-77-66-69-73 68-2D-63-62-63-2C-61-65| Zblowfish-cbc,ae
 00A0 |73-31-39-32-2D-63-62-63 2C-61-65-73-31-32-38-2D| s192-cbc,aes128-
 00B0 |63-62-63-2C-63-61-73-74 31-32-38-2D-63-62-63-2C| cbc,cast128-cbc,
 00C0 |61-65-73-31-32-38-2D-63 74-72-2C-61-65-73-31-39| aes128-ctr,aes19
 00D0 |32-2D-63-74-72-2C-61-65 73-32-35-36-2D-63-74-72| 2-ctr,aes256-ctr
 00E0 |2C-61-72-63-66-6F-75-72 31-32-38-00-00-00-5A-62| ,arcfour128...Zb
 00F0 |6C-6F-77-66-69-73-68-2D 63-62-63-2C-61-65-73-31| lowfish-cbc,aes1
 0100 |39-32-2D-63-62-63-2C-61 65-73-31-32-38-2D-63-62| 92-cbc,aes128-cb
 0110 |63-2C-63-61-73-74-31-32 38-2D-63-62-63-2C-61-65| c,cast128-cbc,ae
 0120 |73-31-32-38-2D-63-74-72 2C-61-65-73-31-39-32-2D| s128-ctr,aes192-
 0130 |63-74-72-2C-61-65-73-32 35-36-2D-63-74-72-2C-61| ctr,aes256-ctr,a
 0140 |72-63-66-6F-75-72-31-32 38-00-00-00-78-68-6D-61| rcfour128...xhma
 0150 |63-2D-73-68-61-31-2C-68 6D-61-63-2D-72-69-70-65| c-sha1,hmac-ripe
 0160 |6D-64-31-36-30-2C-68-6D 61-63-2D-72-69-70-65-6D| md160,hmac-ripem
 0170 |64-31-36-30-40-6F-70-65 6E-73-73-68-2E-63-6F-6D| d160@openssh.com
 0180 |2C-75-6D-61-63-2D-36-34 40-6F-70-65-6E-73-73-68| ,umac-64@openssh
 0190 |2E-63-6F-6D-2C-75-6D-61 63-2D-31-32-38-40-6F-70| .com,umac-128@op
 01A0 |65-6E-73-73-68-2E-63-6F 6D-2C-68-6D-61-63-2D-73| enssh.com,hmac-s
 01B0 |68-61-32-2D-32-35-36-2C 68-6D-61-63-2D-73-68-61| ha2-256,hmac-sha
 01C0 |32-2D-35-31-32-00-00-00 78-68-6D-61-63-2D-73-68| 2-512...xhmac-sh
 01D0 |61-31-2C-68-6D-61-63-2D 72-69-70-65-6D-64-31-36| a1,hmac-ripemd16
 01E0 |30-2C-68-6D-61-63-2D-72 69-70-65-6D-64-31-36-30| 0,hmac-ripemd160
 01F0 |40-6F-70-65-6E-73-73-68 2E-63-6F-6D-2C-75-6D-61| @openssh.com,uma
 0200 |63-2D-36-34-40-6F-70-65 6E-73-73-68-2E-63-6F-6D| c-64@openssh.com
 0210 |2C-75-6D-61-63-2D-31-32 38-40-6F-70-65-6E-73-73| ,umac-128@openss
 0220 |68-2E-63-6F-6D-2C-68-6D 61-63-2D-73-68-61-32-2D| h.com,hmac-sha2-
 0230 |32-35-36-2C-68-6D-61-63 2D-73-68-61-32-2D-35-31| 256,hmac-sha2-51
 0240 |32-00-00-00-1A-6E-6F-6E 65-2C-7A-6C-69-62-2C-7A| 2....none,zlib,z
 0250 |6C-69-62-40-6F-70-65-6E 73-73-68-2E-63-6F-6D-00| lib@openssh.com.
 0260 |00-00-1A-6E-6F-6E-65-2C 7A-6C-69-62-2C-7A-6C-69| ...none,zlib,zli
 0270 |62-40-6F-70-65-6E-73-73 68-2E-63-6F-6D-00-00-00| b@openssh.com...
 0280 |00-00-00-00-00-00-00-00 00-00                  | ..........
SSH: Group exchange (legacy form).
SSH: Sending packet SSH_MSG_KEX_30 (5 bytes).
 0000 |1E-00-00-04-00                                 | .....
SSH: SSH connection closed.
SSH: Negotiation failed. The connection was closed by the server.
Info: Rebex.Net.SshException: The connection was closed by the server.
   at Rebex.Net.SshSession.cfmh[g,h](njnf`2 avj, Int32 avk, njng avl, h avm, g avn, g avo)
   at Rebex.Net.SshSession.cfmo(afjp avx)
   at afjt.ssjc(SshSession gdx, Byte[] gdy, Byte[] gdz, Byte[] gea, Byte[] geb, afji& gec, Byte[]& ged, SshPublicKey& gee)
   at Rebex.Net.SshSession.cfmq(Byte[] avy)
   at Rebex.Net.SshSession.Negotiate()
   at Rebex.Net.Sftp.emin.fnhk(ftxd amk, Boolean aml)
   at Rebex.Net.Sftp.pqan(String po, Int32 pp, SshParameters pq, ftxd pr)a
commented Jun 5, 2020 by Lukas Pokorny (126,870 points)
Thanks for the log! It looks Rebex SFTP detected this server to be a "legacy" SSH server due to its lack of support for any key exchange algorithms based on SHA-2, and therefore it tried to negotiate using SSH in legacy group exchange mode, which was rejected by the server. Please try forcing modern group exchange mode using this setting:

ftp.Settings.SshParameters.UseLegacyGroupExchange = false;
commented Jun 5, 2020 by jlongenderfer (120 points)
This worked! Thank you.
commented Jun 5, 2020 by Lukas Pokorny (126,870 points)
Thanks for letting us know! We will enhance the detection routine in the next release to make this unnecessary.
...