Rebex.Net.Ssh.Login error: Negotiation failed (System.NullReferenceException)

0 votes
asked Oct 1 by Kleber Bernardo (180 points)

Hi everyone,

When trying to Run Rebex.Net.Ssh.Login (string userName, string password, SshPrivateKey privateKey) the following exception occurs:

Assembly: Rebex.SshShell 2018 R2 for .NET 4.0-4.7
Platform: Windows 6.2.9200 32-bit; CLR: 4.0.30319.42000
Culture: en; Windows-1252
Connecting to xxx.xxx.xxx.xxx:xx (no proxy).
Server is 'SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3'.
Negotiation started.
Negotiation failed. Object reference not set to an instance of an object.
Rebex.Net.SshException: Negotiation failed. ---> System.NullReferenceException: Object reference not set to an instance of an object.
   at hexy.qvhc(String bcf)
   at Rebex.Security.Cryptography.AsymmetricKeyAlgorithm.sviq(AsymmetricKeyAlgorithmId bot, String bou, Int32 bov)
   at Rebex.Net.SshParameters.elix(Boolean aat)
   at Rebex.Net.SshParameters.eliw(Boolean aaq, SshHostKeyAlgorithm aar, SshHostKeyAlgorithm aas)
   at nsvw..ctor(SshParameters ns, String nt)
   at Rebex.Net.SshSession.wwqz(Byte[] adz)
   --- End of inner exception stack trace ---
   at Rebex.Net.SshSession.wwqz(Byte[] adz)
   at Rebex.Net.SshSession.Negotiate()
   at Rebex.Net.Ssh.wcfh.vurq(gctf hy, Boolean hz)
   at Rebex.Net.Ssh.rvir(String at, Int32 au, SshParameters av, gctf aw)

An attempt was made using Putty and did not show an error.
I would like some help or guidance on how to solve this problem.
If you need more information, just ask.

Best regards.

1 Answer

0 votes
answered Oct 2 by Lukas Pokorny (115,410 points)

Could you please provide more details about this issue? Does this error occur regardless of the server you are connecting to, or does it only happen with some servers? Does it fail every time the Connect method is called, or only occasionally? Have you tried using the latest Rebex release to rule out the possibility that it has been fixed in the two years since Rebex.SshShell 2018 R2 has been published?

A NullReferenceException inside Rebex code would indicate a bug. However, it occurred while checking for availability of an asymmetric key algorithm, so if you are using external plugins, they could be to blame. For example, the following code would cause NullReferenceException as well:

// register failing algorithm factory
AsymmetricKeyAlgorithm.Register(_ => ((string)null).ToString());

// try to establish a connection
var ssh = new Ssh();
ssh.Connect("test.rebex.net");
commented Oct 2 by Kleber Bernardo (180 points)
Hi Lukas,

This error occurs on only one server so far.

About external plugins, in the constructor of class that uses SSH we have:

            // import NIST and Brainpool curves
            AsymmetricKeyAlgorithm.Register(EllipticCurveAlgorithm.Create);
            // import Curve25519
            AsymmetricKeyAlgorithm.Register(Curve25519.Create);
            // import Ed25519
            AsymmetricKeyAlgorithm.Register(Ed25519.Create);

In our code we have 4 attempts to Connect, when raise an exception the next code is used
1º Attempt:
Rebex.Security.Cryptography.CryptoHelper.UseFipsAlgorithmsOnly = false;
ssh.Settings.SshParameters.KeyExchangeAlgorithms = SshKeyExchangeAlgorithm.Any;
ssh.Settings.SshParameters.HostKeyAlgorithms = SshHostKeyAlgorithm.Any;
ssh.Connect(host, port);

2º Attempt:
ssh.Settings.SshParameters.HostKeyAlgorithms = SshHostKeyAlgorithm.RSA;
ssh.Connect(host, port);

3º Attempt:
ssh.Settings.SshParameters.KeyExchangeAlgorithms = SshKeyExchangeAlgorithm.DiffieHellmanGroup1SHA1;
ssh.Connect(host, port);

4º Attempt:
ssh.Settings.SshParameters.EncryptionModes = SshEncryptionMode.CBC | SshEncryptionMode.CTR;
// disable ETM MAC ciphers:
ssh.Settings.SshParameters.SetMacAlgorithms("hmac-sha2-256", "hmac-sha2-512", "hmac-sha1", "hmac-sha1-96");
ssh.Connect(host, port);

In every attempt the error is the same: System.NullReferenceException.

We have not yet tried to run this same code with the latest rebex version. As this occurs in the production environment and the manager considers the tool upgrade as a last resort since this error does not occur on other servers.

Thank you in advance.
commented Oct 2 by Lukas Pokorny (115,410 points)
Thanks for the information! Would it be possible to create a debug log using Ssh object's LogWriter property, as described at https://www.rebex.net/kb/logging/ ?

I agree that a tool upgrade would be premature at this point, but would it be possible to create a small console application that reproduces the issue (by just attempting to connect to the server), and to try running in on the production server? This way, you could try the latest version as well.

We have also been reviewing our code to find a possible bug leading to NullReferenceException, and one possible cause might be the fact that AsymmetricKeyAlgorithm.Register(...) method is not thread-safe. So if you were calling this in a non-static constructor, it might cause strange issues such as this one if two calls occurred at the same time. (We'll fix this for the next release.)
...