We are trying to connect to an SFTP server that uses ECDH key exchange with curve nistp256 and hash SHA-256 (SHA-NI accelerated) and it fails at negotiation. Here is the Rebex logs:
2022-07-28 11:02:13.177 Opening log file.
2022-07-28 11:02:13.178 INFO FileLogWriter(1)[38] Info: Assembly: Rebex.Common 2017 R6.2 for .NET 4.0-4.7
2022-07-28 11:02:13.178 INFO FileLogWriter(1)[38] Info: Platform: Windows 6.2.9200 32-bit; CLR: 4.0.30319.42000
2022-07-28 11:02:13.178 DEBUG FileLogWriter(1)[38] Info: Culture: en; Windows-1252
2022-07-28 11:02:40.307 INFO Sftp(7)[38] Info: Connecting to xxx:22 using Sftp.
2022-07-28 11:02:40.307 INFO Sftp(7)[38] Info: Assembly: Rebex.Sftp 2017 R6.2 for .NET 4.0-4.7
2022-07-28 11:02:40.307 INFO Sftp(7)[38] Info: Platform: Windows 6.2.9200 32-bit; CLR: 4.0.30319.42000
2022-07-28 11:02:40.318 DEBUG Sftp(7)[38] Info: Culture: en; Windows-1252
2022-07-28 11:02:40.318 DEBUG ProxySocket(4)[38] Proxy: Resolving 'xxx'.
2022-07-28 11:02:40.442 DEBUG ProxySocket(4)[38] Proxy: Connecting to none proxy at xxx.xxx.xxx.xxx:22.
2022-07-28 11:02:40.705 DEBUG Sftp(7)[38] SSH: Server is 'SSH-2.0-mod_sftp/0.9.9'.
2022-07-28 11:02:40.706 INFO Sftp(7)[38] SSH: Negotiation started.
2022-07-28 11:02:40.707 DEBUG Sftp(7)[38] SSH: Negotiating key.
2022-07-28 11:02:40.836 DEBUG Sftp(7)[17] SSH: SSH connection closed.
2022-07-28 11:02:40.842 ERROR Sftp(7)[38] SSH: Negotiation failed. The connection was closed by the server.
2022-07-28 11:02:40.843 ERROR Sftp(7)[38] Info: Rebex.Net.SshException: The connection was closed by the server.
at Rebex.Net.SshSession.XIA[I,O](SQI`2 I, Int32 O, RQI J, O D, I B, I N)
at Rebex.Net.SshSession.XIA[I,O](SQI`2 I, O O)
at Rebex.Net.SshSession.JIA(KQI I)
at Rebex.Net.LQI.C(SshSession I, Byte[] O, Byte[] J, Byte[] D, Byte[] B, PQI& N, Byte[]& C, SshPublicKey& M)
at Rebex.Net.SshSession.NIA(Byte[] I)
at Rebex.Net.SshSession.Negotiate()
at Rebex.Net.Sftp.MRI.NIA(ARI I, Boolean O)
at Rebex.Net.Sftp.UD(String I, Int32 O, SshParameters J, ARI D)
Here is the trace log from Filezilla successfully connecting:
Trace: CControlSocket::SendNextCommand()
Trace: CSftpConnectOpData::Send() in state 0
Status: Connecting to xxx...
Trace: Going to execute C:\Program Files\FileZilla FTP Client\fzsftp.exe
Response: fzSftp started, protocol_version=11
Trace: CSftpConnectOpData::ParseResponse() in state 0
Trace: CControlSocket::SendNextCommand()
Trace: CSftpConnectOpData::Send() in state 3
Command: open "xxx" 22
Trace: Looking up host "xxx" for SSH connection
Trace: Connecting to xxx.xxx.xxx.xxx port 22
Trace: We claim version: SSH-2.0-FileZilla_3.60.2
Trace: Connected to xxx.xxx.xxx.xxx
Trace: Remote version: SSH-2.0-mod_sftp/0.9.9
Trace: Using SSH protocol version 2
Trace: Doing ECDH key exchange with curve nistp256 and hash SHA-256 (SHA-NI accelerated)
Trace: Server also has ssh-dss host key, but we don't know it
Trace: Host key fingerprint is:
Trace: ssh-rsa 2048 SHA256:PZyJ2DNQ3JGaqn5MjD3u79EdaQ+vSLMGjJYNHELbTOY
Trace: CSftpControlSocket::SetAsyncRequestReply
Command: Trust new Hostkey: Once
Trace: Initialised AES-256 SDCTR (AES-NI accelerated) outbound encryption
Trace: Initialised HMAC-SHA-256 (SHA-NI accelerated) outbound MAC algorithm
Trace: Initialised AES-256 SDCTR (AES-NI accelerated) inbound encryption
Trace: Initialised HMAC-SHA-256 (SHA-NI accelerated) inbound MAC algorithm
Status: Using username "xxx".
Command: Pass: ********
Trace: Sent password
Trace: Access granted
Trace: Opening main session channel
Trace: Opened main channel
Trace: Started a shell/command
Status: Connected to xxx
Trace: Remote working directory is /
Trace: CSftpConnectOpData::ParseResponse() in state 3
Trace: CControlSocket::ResetOperation(0)
Trace: CSftpConnectOpData::Reset(0) in state 3
Trace: CFileZillaEnginePrivate::ResetOperation(0)
Trace: CControlSocket::SendNextCommand()
Trace: CSftpListOpData::Send() in state 0
Status: Retrieving directory listing...
Trace: CSftpChangeDirOpData::Send() in state 0
Trace: CSftpChangeDirOpData::Send() in state 1
Command: pwd
Response: Current directory is: "/"
Trace: CSftpChangeDirOpData::ParseResponse() in state 1
Trace: CControlSocket::ResetOperation(0)
Trace: CSftpChangeDirOpData::Reset(0) in state 1
Trace: CSftpListOpData::SubcommandResult(0) in state 1
Trace: CControlSocket::SendNextCommand()
Trace: CSftpListOpData::Send() in state 2
Trace: CSftpListOpData::Send() in state 3
Command: ls
Status: Listing directory /
Trace: CSftpListOpData::ParseResponse() in state 3
Trace: CControlSocket::ResetOperation(0)
Trace: CSftpListOpData::Reset(0) in state 3
Status: Directory listing of "/" successful
Trace: CFileZillaEnginePrivate::ResetOperation(0)
We have manually registered the additional elliptical curve algorithms in our code with:
AsymmetricKeyAlgorithm.Register(EllipticCurveAlgorithm.Create);
AsymmetricKeyAlgorithm.Register(Curve25519.Create);
AsymmetricKeyAlgorithm.Register(Ed25519.Create);
Along with registering those encryptions, we set Rebex to allow any type with:
var newConnection = new Sftp
{
Settings = new SftpSettings
{
SshParameters = new SshParameters { AuthenticationMethods = SshAuthenticationMethod.Any, EncryptionAlgorithms = SshEncryptionAlgorithm.Any, HostKeyAlgorithms = SshHostKeyAlgorithm.Any }
},
LogWriter = logWriter
};
