Why am I getting "Key exchanged failed" message on SFTP Connect

Question

I am writing an automated process to do connect to an SFTP site for downloading files. I am evaluating a trial version of Rebex SFTP for this. Using Visual Studio 2008, Visual Basic, I created a simple program that does this:

Dim mysftp As New Rebex.Net.Sftp()
mysftp.LogWriter = New Rebex.FileLogWriter("c:\temp\log.txt", Rebex.LogLevel.Debug)
mysftp.Connect("ftp.devonway.com", Sftp.DefaultPort)

I can successfully connect to this SFTP site using Filezilla, answering Yes to the trust question. When I run my program, I get message "Key exchanged failed" on the connect command. I was kind of expecting to get a popup of some kind that asked me the same type of trust question that Filezila did, so that the key could be cached and re-used. I talked to the owner of the SFTP site. They sent me their public key and said I may need to load it on my PC and reference it in my application. But I don't know how to do this. I'd appreciate any help in getting this to work.

Here's the log file.

2011-07-19 19:47:09.954 Opening log file.
2011-07-19 19:47:10.032 INFO Sftp(1) Info: Connecting to ftp.devonway.com:22 using Sftp 2.0.4086.0 (trial version).
2011-07-19 19:47:10.235 DEBUG Sftp(1) SSH: Server is 'SSH-2.0-2.0'.
2011-07-19 19:47:10.235 INFO Sftp(1) SSH: Negotiation started.
2011-07-19 19:47:10.470 DEBUG Sftp(1) SSH: Negotiating key.
2011-07-19 19:47:11.548 DEBUG Sftp(1) SSH: Validating signature.
2011-07-19 19:47:11.579 DEBUG Sftp(1) SSH: Negotiation failed: Rebex.Net.SshException: Key exchange failed. ---> System.Security.Cryptography.CryptographicException: Invalid key size (4096).
   at Rebex.Security.Cryptography.DSAManaged.ImportParameters(DSAParameters param)
   at wWGvS.cqWBxP.Validate(SshHostKeyAlgorithm hostKeyAlgorithm, Byte[] hash, Byte[] signature, BLveTR serverKex)
   at wWGvS.miMck.ArwjUr(SshSession , Byte[] , Byte[] , Byte[] , Byte[] , Byte[]& , Byte[]& , Byte[]& )
   at Rebex.Net.SshSession.ArwjUr(Byte[] )
   --- End of inner exception stack trace ---
   at Rebex.Net.SshSession.ArwjUr(Byte[] )
2011-07-19 19:47:11.595 ERROR Sftp(1) SSH: Rebex.Net.SshException: Key exchange failed. ---> System.Security.Cryptography.CryptographicException: Invalid key size (4096).
   at Rebex.Security.Cryptography.DSAManaged.ImportParameters(DSAParameters param)
   at wWGvS.cqWBxP.Validate(SshHostKeyAlgorithm hostKeyAlgorithm, Byte[] hash, Byte[] signature, BLveTR serverKex)
   at wWGvS.miMck.ArwjUr(SshSession , Byte[] , Byte[] , Byte[] , Byte[] , Byte[]& , Byte[]& , Byte[]& )
   at Rebex.Net.SshSession.ArwjUr(Byte[] )
   --- End of inner exception stack trace ---
   at Rebex.Net.SshSession.ArwjUr(Byte[] )
   at Rebex.Net.SshSession.bOtYJuZ()
   at Rebex.Net.SshSession.Negotiate()
2011-07-19 19:47:11.610 ERROR Sftp(1) Info: Rebex.Net.SshException: Key exchange failed. ---> System.Security.Cryptography.CryptographicException: Invalid key size (4096).
   at Rebex.Security.Cryptography.DSAManaged.ImportParameters(DSAParameters param)
   at wWGvS.cqWBxP.Validate(SshHostKeyAlgorithm hostKeyAlgorithm, Byte[] hash, Byte[] signature, BLveTR serverKex)
   at wWGvS.miMck.ArwjUr(SshSession , Byte[] , Byte[] , Byte[] , Byte[] , Byte[]& , Byte[]& , Byte[]& )
   at Rebex.Net.SshSession.ArwjUr(Byte[] )
   --- End of inner exception stack trace ---
   at Rebex.Net.SshSession.ArwjUr(Byte[] )
   at Rebex.Net.SshSession.bOtYJuZ()
   at Rebex.Net.SshSession.Negotiate()
   at Rebex.Net.Sftp.Connect(String serverName, Int32 serverPort, SshParameters parameters)

Answer 1

This looks like the server is trying to use a 4096-bit DSS key, but this is not a valid key size for DSS algorithm.

FileZilla prefers RSA algorithm to DSS and since most SSH servers support both, it didn't have a chance to run into this issue.

To force RSA in Rebex SFTP, use this code:

Dim mysftp As New Rebex.Net.Sftp()
mysftp.LogWriter = New Rebex.FileLogWriter("c:\temp\log.txt", Rebex.LogLevel.Debug)
Dim par As New SshParameters
par.HostKeyAlgorithms = SshHostKeyAlgorithm.RSA
mysftp.Connect("ftp.devonway.com", Sftp.DefaultPort, par)

Does this solve the issue?

By the way, Rebex SFTP won't display the public key popup, but you should still verify the server's public key fingerprint yourself - see the tutorial for more info.

Comments

Added the code. Still not working. Error message is "The client and the server have no common algorithms." thanks

---

Looks like this SSH server is one of those that don't support RSA... In that case, remove the added code and replace your copy (all of them) of Rebex.Security.dll with this one. That should make Rebex SFTP work with 4096 "DSS" keys, even though it's an invalid size.