0 votes
by (120 points)
edited

We are trying to connect to an Sftp server, but what worked in our testing environment isn't working on our production environment. we keep running into a "Received invalid packet" when the key negotiation is in progress. The odd thing is with Filezilla we can build up a connection so in terms of infrastructure(firewalls etc) we seem to be oke. What could be the cause, and what possible workarounds can we try?

Btw I should explain we are actually doing these tests with the winform sample program. Here's the verbose log

06:36:58.514 Info Info: Connecting to <ommitted ip:port> using Sftp 2.0.4086.0.
06:36:58.592 Debug SSH: Server is 'SSH-2.0-XFB.Gateway Unix'.
06:36:58.607 Info SSH: Negotiation started.
06:36:58.639 Verbose SSH: Sending packet SSH_MSG_KEXINIT (629 bytes).
14-2E-7B-FB-7A-41-DD-3E-9D-53-1D-3A-C5-5C-19-AB-70-00-00-00-1A-64-69-66
66-69-65-2D-68-65-6C-6C-6D-61-6E-2D-67-72-6F-75-70-31-2D-73-68-61-31-00
00-00-0F-73-73-68-2D-64-73-73-2C-73-73-68-2D-72-73-61-00-00-00-F1-61-65
73-32-35-36-2D-63-74-72-2C-61-65-73-31-39-32-2D-63-74-72-2C-61-65-73-31
32-38-2D-63-74-72-2C-61-65-73-32-35-36-2D-63-62-63-2C-61-65-73-31-39-32
2D-63-62-63-2C-61-65-73-31-32-38-2D-63-62-63-2C-33-64-65-73-2D-63-74-72
2C-33-64-65-73-2D-63-62-63-2C-74-77-6F-66-69-73-68-32-35-36-2D-63-74-72
2C-74-77-6F-66-69-73-68-31-39-32-2D-63-74-72-2C-74-77-6F-66-69-73-68-31
32-38-2D-63-74-72-2C-74-77-6F-66-69-73-68-32-35-36-2D-63-62-63-2C-74-77
6F-66-69-73-68-31-39-32-2D-63-62-63-2C-74-77-6F-66-69-73-68-31-32-38-2D
63-62-63-2C-74-77-6F-66-69-73-68-2D-63-62-63-2C-62-6C-6F-77-66-69-73-68
2D-63-74-72-2C-62-6C-6F-77-66-69-73-68-2D-63-62-63-2C-61-72-63-66-6F-75
72-32-35-36-2C-61-72-63-66-6F-75-72-31-32-38-2C-61-72-63-66-6F-75-72-00
00-00-F1-61-65-73-32-35-36-2D-63-74-72-2C-61-65-73-31-39-32-2D-63-74-72
2C-61-65-73-31-32-38-2D-63-74-72-2C-61-65-73-32-35-36-2D-63-62-63-2C-61
65-73-31-39-32-2D-63-62-63-2C-61-65-73-31-32-38-2D-63-62-63-2C-33-64-65
73-2D-63-74-72-2C-33-64-65-73-2D-63-62-63-2C-74-77-6F-66-69-73-68-32-35
36-2D-63-74-72-2C-74-77-6F-66-69-73-68-31-39-32-2D-63-74-72-2C-74-77-6F
66-69-73-68-31-32-38-2D-63-74-72-2C-74-77-6F-66-69-73-68-32-35-36-2D-63
62-63-2C-74-77-6F-66-69-73-68-31-39-32-2D-63-62-63-2C-74-77-6F-66-69-73
68-31-32-38-2D-63-62-63-2C-74-77-6F-66-69-73-68-2D-63-62-63-2C-62-6C-6F
77-66-69-73-68-2D-63-74-72-2C-62-6C-6F-77-66-69-73-68-2D-63-62-63-2C-61
72-63-66-6F-75-72-32-35-36-2C-61-72-63-66-6F-75-72-31-32-38-2C-61-72-63
66-6F-75-72-00-00-00-12-68-6D-61-63-2D-73-68-61-31-2C-68-6D-61-63-2D-6D
64-35-00-00-00-12-68-6D-61-63-2D-73-68-61-31-2C-68-6D-61-63-2D-6D-64-35
00-00-00-04-6E-6F-6E-65-00-00-00-04-6E-6F-6E-65-00-00-00-00-00-00-00-00
00-00-00-00-00
06:36:58.654 Verbose SSH: Received packet SSH_MSG_KEXINIT (268 bytes).
14-1D-7E-36-E4-49-EB-A1-7C-10-71-83-07-B9-54-4B-F4-00-00-00-3D-64-69-66
66-69-65-2D-68-65-6C-6C-6D-61-6E-2D-67-72-6F-75-70-31-2D-73-68-61-31-2C
64-69-66-66-69-65-2D-68-65-6C-6C-6D-61-6E-2D-67-72-6F-75-70-2D-65-78-63
68-61-6E-67-65-2D-73-68-61-31-00-00-00-1F-73-73-68-2D-72-73-61-2C-73-73
68-2D-64-73-73-2C-78-35-30-39-76-33-2D-73-69-67-6E-2D-72-73-61-00-00-00
13-61-65-73-31-32-38-2D-63-62-63-2C-33-64-65-73-2D-63-62-63-00-00-00-13
61-65-73-31-32-38-2D-63-62-63-2C-33-64-65-73-2D-63-62-63-00-00-00-22-68
6D-61-63-2D-73-68-61-32-35-36-2C-68-6D-61-63-2D-73-68-61-31-2D-39-36-2C
68-6D-61-63-2D-73-68-61-31-00-00-00-22-68-6D-61-63-2D-73-68-61-32-35-36
2C-68-6D-61-63-2D-73-68-61-31-2D-39-36-2C-68-6D-61-63-2D-73-68-61-31-00
00-00-04-6E-6F-6E-65-00-00-00-04-6E-6F-6E-65-00-00-00-00-00-00-00-00-00
00-00-00-00
06:36:58.701 Debug SSH: Negotiating key.
06:36:58.779 Verbose SSH: Sending packet SSH_MSG_KEXDH_INIT (134 bytes).
1E-00-00-00-81-00-89-53-3F-8E-DB-AB-02-06-9D-87-5B-E0-B2-63-FA-83-7F-E8
25-0F-8A-C7-06-3C-7B-A2-01-5C-00-E7-AC-61-B4-23-4B-38-03-93-6A-19-2A-D0
E4-FA-70-09-CF-6F-D5-3E-4E-8A-2E-4C-DB-D0-EA-8B-14-EB-27-47-BD-29-D4-86
F2-7A-A0-C9-62-A6-79-35-F2-C4-AA-F0-E5-2D-94-02-4C-4E-B8-FF-8A-B6-1A-8E
00-90-87-85-DB-18-E6-A8-A1-24-B3-1B-67-F9-20-89-DC-B9-DD-23-8C-94-41-14
F8-66-99-EF-2C-58-D4-BE-A9-AF-96-74-F1-C6
06:36:58.811 Verbose SSH: Sending packet SSH_MSG_DISCONNECT (36 bytes).
01-00-00-00-02-00-00-00-17-52-65-63-65-69-76-65-64-20-69-6E-76-61-6C-69
64-20-70-61-63-6B-65-74-00-00-00-00
06:36:58.826 Debug SSH: Negotiation failed: Rebex.Net.SshException: Key exchange failed. Received invalid packet. ---> Rebex.Net.SshException: Received invalid packet.
at wWGvS.dHcxv.AcUJKJ(Byte[] )
at Rebex.Net.SshSession.AePCoRZ(Byte[]& )
at Rebex.Net.SshSession.cDtmAOZ(cMbfbTZ , Object[] )
at Rebex.Net.SshSession.CFLiXJ(ANiLIV )
at wWGvS.miMck.ArwjUr(SshSession , Byte[] , Byte[] , Byte[] , Byte[] , Byte[]& , Byte[]& , Byte[]& )
at Rebex.Net.SshSession.ArwjUr(Byte[] )
--- End of inner exception stack trace ---
at Rebex.Net.SshSession.ArwjUr(Byte[] )
06:36:58.842 Error SSH: Rebex.Net.SshException: Key exchange failed. Received invalid packet. ---> Rebex.Net.SshException: Received invalid packet.
at wWGvS.dHcxv.AcUJKJ(Byte[] )
at Rebex.Net.SshSession.AePCoRZ(Byte[]& )
at Rebex.Net.SshSession.cDtmAOZ(cMbfbTZ , Object[] )
at Rebex.Net.SshSession.CFLiXJ(ANiLIV )
at wWGvS.miMck.ArwjUr(SshSession , Byte[] , Byte[] , Byte[] , Byte[] , Byte[]& , Byte[]& , Byte[]& )
at Rebex.Net.SshSession.ArwjUr(Byte[] )
--- End of inner exception stack trace ---
at Rebex.Net.SshSession.ArwjUr(Byte[] )
at Rebex.Net.SshSession.bOtYJuZ()
at Rebex.Net.SshSession.Negotiate()
06:36:58.857 Error Info: Rebex.Net.SshException: Key exchange failed. Received invalid packet. ---> Rebex.Net.SshException: Received invalid packet.
at wWGvS.dHcxv.AcUJKJ(Byte[] )
at Rebex.Net.SshSession.AePCoRZ(Byte[]& )
at Rebex.Net.SshSession.cDtmAOZ(cMbfbTZ , Object[] )
at Rebex.Net.SshSession.CFLiXJ(ANiLIV )
at wWGvS.miMck.ArwjUr(SshSession , Byte[] , Byte[] , Byte[] , Byte[] , Byte[]& , Byte[]& , Byte[]& )
at Rebex.Net.SshSession.ArwjUr(Byte[] )
--- End of inner exception stack trace ---
at Rebex.Net.SshSession.ArwjUr(Byte[] )
at Rebex.Net.SshSession.bOtYJuZ()
at Rebex.Net.SshSession.Negotiate()
at Rebex.Net.Sftp.Connect(String serverName, Int32 serverPort, SshParameters parameters)
Applies to: Rebex SFTP

1 Answer

0 votes
by (148k points)
edited

A similar issue was encountered by one of our clients using an XFB server a while ago. It was most likely caused by a misconfigured DSS key at the server side (although it's RSA key was fine). This caused SFTP clients that use DSS by default to fail, while clients using RSA by default (such as Filezilla) worked fine.

A workaround for that was to instruct Rebex SFTP to use RSA only. This can be done using the following code:

C#:

Sftp client = new Sftp();

// Create an instance of SshParameters class 
// to specify desired arguments
SshParameters parameters = new SshParameters();

// Any key exchange method is acceptable
parameters.HostKeyAlgorithms = SshHostKeyAlgorithm.RSA;

// Connect to the server
// Use the third argument to pass the parameters
client.Connect(hostname, port, parameters);

VB.NET:

Dim client As New Sftp

' Create an instance of SshParameters class 
' to specify desired arguments
Dim parameters As New SshParameters

' Force RSA host key algorithm
parameters.HostKeyAlgorithms = SshHostKeyAlgorithm.RSA

' Connect to the server.
' Use the third argument to pass the parameters
client.Connect(hostname, port, parameters)

Please give this a try and let us know whether it helps.

...