0 votes
by (600 points)

I am connecting to CB SFTP server using Rebex dll in .net 3.5 framework. I want to know if i specify the key exchange algorithm code through do we need to have that cipher enabled in the client machine from where the connectivity code is called.
My connectivity code is as below:
private void ConnectSftp(ref Sftp objSFTP)
{
try
{
SftpConnectionState IsActive = null;
string[] sSFTPHost = ConfigurationSettings.AppSettings["SFTPHost"].Split('|');

            if (objSFTP == null)
                objSFTP = new Sftp();
                //--- commented by mathew for SFTP Rebex connectivity issue on 20240513 ---
           // else
             //   IsActive = objSFTP.GetConnectionState();

            //--------------------------------------------------------------------------------------


            IsActive = objSFTP.GetConnectionState();

            if (IsActive == null || IsActive.Connected == false)
            {
                //--- Added by mathew for SFTP Rebex connectivity issue on 20240513 ---
                **string IsCipherPriorityRequired = string.Empty;
                IsCipherPriorityRequired = Common.GetParamValue("IsCipherPriorityRequired");
                if (IsCipherPriorityRequired != string.Empty)
                {
                    if (IsCipherPriorityRequired.ToUpper() == "YES")
                    {
                        **objSFTP.Settings.SshParameters.KeyExchangeAlgorithms =
            SshKeyExchangeAlgorithm.DiffieHellmanGroup14SHA1;**
                    }
                }**
                //-----------------------------------------------------------------------------
                objSFTP.Connect(sSFTPHost[0], int.Parse(sSFTPHost[1]));
                objSFTP.Login(sSFTPHost[2], sSFTPHost[3]);
            }
            try
            {
                SetSFTPStatus("C", 2);
            }
            catch { }
        }
        catch (Exception ex)
        {
            objSFTP.Disconnect();

            Common.WriteLogService("Error while connecting SFTP: " + ex.Message, ex.StackTrace, true);
            try
            {
                SetSFTPStatus("E", 2);
            }
            catch { }
        }
    }
Applies to: Rebex SFTP

1 Answer

0 votes
by (147k points)

The DiffieHellmanGroup14SHA1 ("diffie-hellman-group14-sha1") cipher is available on all platforms and is used when it's enabled by SshParameters.KeyExchangeAlgorithms and has not been disabled using SshParameters.SetKeyExchangeAlgorithms(...) method.

However, please note that this cipher is now considered week, because it uses a relatively weak Diffie-Hellman group and SHA-1 hash algorithm. It will most likely be disabled by default in a year or two.

by (600 points)
So even if i do not specify the key exchange algorithm in the code the sftp connectivity will work. Are there chances to lose connectivity in between using this
by (147k points)
In theory, a software or device along the way (such as a firewall, a router or antivirus software) could prevent the initial SSH negotiation based on ciphers being used. However, we have not encountered such behavior yet.
...