0 votes
by (600 points)

I am connecting to CB sftp server via Rebex. Rebex dll versions used are as below 2.0.4860.0
5.0.7501.0
7.0.8756.0

Key exchange Algorithms used at CB sftp server are as below
curve25519-sha256
curve25519-sha256@libssh.org

ecdh-sha2-nistp521
ecdh-sha2-nistp384
ecdh-sha2-nistp256
sntrup761x25519-sha512@tinyssh.org

diffie-hellman-group18-sha512

Currently we are connecting to CB server with IP address and port. Also authentication based on username and password. How to do the authentication while authenticate and connect to CB sftp server using above key exchange algorithms.

Code to connect to CB sftp server are as below if connection state is active

                objSFTP.Connect(sSFTPHost[0], int.Parse(sSFTPHost[1]));
                objSFTP.Login(sSFTPHost[2], sSFTPHost[3]);
by (600 points)
So all Rebex dlls with version 5.0.7501.0 or above will support most of the below Key exchange Algorithms  and if we specify any of the key exchange algorithm code level connectivity will be fine. please confirm
Key exchange Algorithms
curve25519-sha256
curve25519-sha256@libssh.org

ecdh-sha2-nistp521
ecdh-sha2-nistp384
ecdh-sha2-nistp256
sntrup761x25519-sha512@tinyssh.org

diffie-hellman-group18-sha512

1 Answer

0 votes
by (148k points)

Rebex SFTP version 2.0.4086 does support any of those ciphers. Versions 5.0.7501.0 and 7.0.8756.0 support most of them. For details, see my answer here:

https://forum.rebex.net/22712/client-support-cipher-suites-algorithms-connecting-server?show=22714#a22714

by (148k points)
Curve25519 (corresponds to "curve25519-sha256" and "curve25519-sha256@libssh.org") and ECDiffieHellmanNistP256 (corresponds to "ecdh-sha2-nistp256") are enabled by default (on up-to-date operating systems). ECDiffieHellmanNistP384 and ECDiffieHellmanNistP521 are not. An SSH negotiation will fail if there there is none of the key exchange algorithm is enabled at both the client and the server.
by (600 points)
So can we connect to the server without specifying the key exchange algorithm using sshparameters since curev25519-sha256 and ecdh-sha2-nistp256 are enabled by default.
Some of my client applications are  running on windows server 2012, windows server 2016, windows 2019 etc. Please update whether below code and simply upgraded Rebex with version 5.0.7501.0  or higher will work  or not. please update  at the earliest.

 objSFTP.Connect(sSFTPHost[0], int.Parse(sSFTPHost[1]));
                objSFTP.Login(sSFTPHost[2], sSFTPHost[3]);

Key exchange Algorithms supported at CB sftp server shared to us are as below
curve25519-sha256
curve25519-sha256@libssh.org

ecdh-sha2-nistp521
ecdh-sha2-nistp384
ecdh-sha2-nistp256
sntrup761x25519-sha512@tinyssh.org

diffie-hellman-group18-sha512
by (148k points)
These algorithms are supported in Rebex v5.0.7501 Windows Server 2016 (and Windows 10 version 1607) or higher:
  curve25519-sha256@libssh.org
  ecdh-sha2-nistp521
  ecdh-sha2-nistp384
  ecdh-sha2-nistp256

On Window Server 2012 (and Windows 8.1 or earlier), these four algorithms are only supported when a plugin is used - see https://www.rebex.net/kb/elliptic-curve-plugins/ for details.
by (600 points)
will the connectivity work without the below code
client.Settings.SshParameters.KeyExchangeAlgorithms =
        SshKeyExchangeAlgorithm.Curve25519 |
        SshKeyExchangeAlgorithm.ECDiffieHellmanNistP256 |
        SshKeyExchangeAlgorithm.ECDiffieHellmanNistP384 |
        SshKeyExchangeAlgorithm.ECDiffieHellmanNistP521;
by (148k points)
That depends on:
- Which key exchange algorithms are actually enabled at the server.
- The client operating system.
- Whether the Curve25519 plugin has been registered.
...