Rebex.Net.SshException: Negotiation failed ---> Unexpected EC key blob data.

0 votes
asked Dec 15, 2021 by dormakaba (120 points)

Hello,
although several questions with a similar context have already been asked here, I have not found a solution description for this. Therefore a new attempt.

So far I have worked with the version 'Rebex SSH Pack 2015 R2', which worked without any problems.

Now I have updated to the current version 'Rebex SSH Pack R6.0' and, without having changed anything else, I get the following error when establishing a connection to the server:

09:59:17 SFTPConnect; Error SFTP connection couldn't be opened Rebex.Net.SshException: Negotiation failed. ---> System.Security.Cryptography.CryptographicException: Unexpected EC key blob data.
bei mwksu.dszdt.akmnp(Int32 p0, Func`1 p1)
bei mwksu.wvypd.tchjq(Byte[] p0, Boolean p1)
bei mwksu.odjoh.cjbpd(Byte[] p0)
bei mwksu.anpcj.lizpx()
bei Rebex.Security.Cryptography.AsymmetricKeyAlgorithm.xmpug(AsymmetricKeyAlgorithmId p0, String p1, Int32 p2)
bei mwksu.mfckt.apxmp(SshSession p0, Byte[] p1, Byte[] p2, Byte[] p3, Byte[] p4, qdsch& p5, Byte[]& p6, SshPublicKey& p7)
bei Rebex.Net.SshSession.ucmpi(Byte[] p0)
--- Ende der internen Ausnahmestapelüberwachung ---
bei Rebex.Net.SshSession.ucmpi(Byte[] p0)
bei Rebex.Net.SshSession.Connect(String serverName, Int32 serverPort)
bei SFTPInstaller.frmOverview.SFTP
Connect()

I can establish test connections to the same server via WinSCP, Filezilla and my old programme version using the same ppk file.

What could be the problem here?

Applies to: Rebex SFTP

1 Answer

0 votes
answered Dec 15, 2021 by Lukas Pokorny (128,250 points)

This error indicates an issue when parsing Curve25519 public key blob received from the SSH server. As a quick workaround, disable Curve25519 key exchange cipher. If you are using the low-level SshSession class directly (which seems to be the case based on your stack trace), disable it this way:

var session = new SshSession();
session.Parameters.KeyExchangeAlgorithms &= ~SshKeyExchangeAlgorithm.Curve25519;
session.Connect(...);

Or use this approach with Sftp class:

var sftp = new Sftp();
sftp.Settings.SshParameters.KeyExchangeAlgorithms &= ~SshKeyExchangeAlgorithm.Curve25519;
sftp.Connect(...);

However, could you help us learn more about this issue? In particular, we would like to know the server vendor and software version. This seems to be a server-side issue, but we would still like to make sure. It would be best if the server was publicly accessibly, making it possible for us to reproduce the issue (it occurs before authentication, so no credentials are actually needed).

We added Curve25519 support in version 2016 R3, although it has only been enabled by default in 2020 R1. Since then, this issue has been only reported once with a Bitvise server. However, we have been unable to reproduce it with any other Bitvise installations.

commented Dec 15, 2021 by dormakaba (120 points)
Hi,
thanks for your fast reply.

Do you have me a code snippet how this is done in VB?
commented Dec 15, 2021 by Lukas Pokorny (128,250 points)
Dim session = New SshSession()
session.Parameters.KeyExchangeAlgorithms = session.Parameters.KeyExchangeAlgorithms And Not SshKeyExchangeAlgorithm.Curve25519
session.Connect(...)

- or -

Dim sftp = New Sftp()
sftp.Settings.Parameters.KeyExchangeAlgorithms = sftp.Settings.Parameters.KeyExchangeAlgorithms And Not SshKeyExchangeAlgorithm.Curve25519
sftp.Connect(...)
...