0 votes
by (120 points)
Applies to: Rebex SFTP
by (147k points)
Which version of Rebex SFTP do you use?
On which platform does this error occur?
Can you post the exact exception message and a stack trace?
by (120 points)
I am using Asp.net framework to connect SFTP  and it uses key authentication to login into SFTP
Getting below message after login using the key authentication
2024-10-07 12:08:09.395 DEBUG Sftp(1)[56] SSH: Allowed authentication methods for 'A6382_485': publickey.

2024-10-07 12:08:09.395 DEBUG Sftp(1)[56] SSH: Trying public key authentication for 'A6382_485'.

2024-10-07 12:08:09.457 ERROR Sftp(1)[56] SSH: System.NotSupportedException: Algorithm 2.16.840.1.101.3.4.2.3 is not supported

   at Cryptware.NCryptoki.NCryptokiRSAProvider.SignHash(Byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)

   at Rebex.Security.Cryptography.CryptoHelper.dhnn(RSA bkb, Byte[] bkc, String bkd)

   at Rebex.Security.Cryptography.CryptoHelper.dhnm(RSA bjy, Byte[] bjz, String bka)

   at pnxh.ycpm(Byte[] gwy, pnur gwz)

   at Rebex.Security.Cryptography.AsymmetricKeyAlgorithm.SignMessage(Byte[] message, SignatureParameters parameters)

   at Rebex.Net.SshPrivateKey.iudu(Byte[] adr, String ads, Boolean adt)

   at tern..ctor(String st, String su, Byte[] sv, SshPrivateKey sw, String sx, Boolean sy, Boolean sz)

   at Rebex.Net.SshSession.ayoe(String ahb, String ahc, SshPrivateKey ahd, SshGssApiCredentials ahe, Boolean ahf)

2024-10-07 12:08:09.473 ERROR Sftp(1)[56] Info: System.NotSupportedException: Algorithm 2.16.840.1.101.3.4.2.3 is not supported

   at Cryptware.NCryptoki.NCryptokiRSAProvider.SignHash(Byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)

   at Rebex.Security.Cryptography.CryptoHelper.dhnn(RSA bkb, Byte[] bkc, String bkd)

   at Rebex.Security.Cryptography.CryptoHelper.dhnm(RSA bjy, Byte[] bjz, String bka)

   at pnxh.ycpm(Byte[] gwy, pnur gwz)

   at Rebex.Security.Cryptography.AsymmetricKeyAlgorithm.SignMessage(Byte[] message, SignatureParameters parameters)

   at Rebex.Net.SshPrivateKey.iudu(Byte[] adr, String ads, Boolean adt)

   at tern..ctor(String st, String su, Byte[] sv, SshPrivateKey sw, String sx, Boolean sy, Boolean sz)

   at Rebex.Net.SshSession.ayoe(String ahb, String ahc, SshPrivateKey ahd, SshGssApiCredentials ahe, Boolean ahf)

   at Rebex.Net.SshSession.Authenticate(String userName, String password, SshPrivateKey privateKey)

   at Rebex.Net.Sftp.vuyv.bxyj(String all, String alm, SshPrivateKey aln, htom alo)

   at Rebex.Net.Sftp.gizt(String pu, String pv, SshPrivateKey pw, htom px)
by (120 points)
CryptokiCollection template = new CryptokiCollection();
                    template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PRIVATE_KEY));
                    template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, sshkeyname));
                    // Launchs the search specifying the template just created
                    CryptokiCollection objects = session.Objects.Find(template, 10);
                    RSAPrivateKey privateKey;
                    privateKey = (RSAPrivateKey)objects[objects.Count - 1];
                    WriteLog("Info: Private Key found ");
                    // instanciate the new NCryptoki RSA Provider
                    NCryptokiRSAProvider rsaProv = NCryptokiRSAProvider.create(session, privateKey);
                    var key = new SshPrivateKey(rsaProv);
                    WriteLog("Info: SFTPCall," + "Host:" + host + ",HostFingerPrint:" + fingerprint + ",Port:" + port + ",Path:" + filePath + ",Hash:" + filehash + ",RemoteFile:" + Remotefile);
                    var sftp = new Sftp();
                    sftp.LogWriter = new Rebex.FileLogWriter(logFilePath + "Rebex" + System.DateTime.Today.ToString("MM-dd-yyyy") + ".txt", Rebex.LogLevel.Debug); // Debug Logging
                    int portNumber = 22;///default SFTP PortNumber
                    if (!string.IsNullOrEmpty(port))
                    {
                        portNumber = Convert.ToInt32(port);
                    }

                    WriteLog("Info: Connecting to :" + host + " using Port:" + port);

                    sftp.Connect(host, portNumber);
                    WriteLog("Info: Connected to :" + host + " using Port:" + port);

                    SshServerInfo serverInfo = sftp.Session.ServerInfo;
                    WriteLog("Info: Server fingerprint is: " + sftp.Fingerprint);
                    if (sftp.Fingerprint != fingerprint)
                    {
                        ////WriteLog("Error: Invalid server key fingerprint, expecting " + fingerprint);
                        throw new Exception("Invalid server key fingerprint,expecting " + fingerprint);
                    }

                    sftp.Login(user, key); /
by (120 points)
Hi Team Any Update on above question?
by (147k points)
Sorry for the delay. We are based in central Europe and mostly respond between 10:00 UTC and 18:00 UTC.

1 Answer

0 votes
by (147k points)

The stack trace in your log indicates that the error did actually occur in a Rebex library. The error was raised by Cryptware NCryptoki library's RSA provider, which you plugged into Rebex SFTP to perform RSA operations.

at Cryptware.NCryptoki.NCryptokiRSAProvider.SignHash(Byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
at Rebex.Security.Cryptography.CryptoHelper.dhnn(RSA bkb, Byte[] bkc, String bkd)
at Rebex.Security.Cryptography.CryptoHelper.dhnm(RSA bjy, Byte[] bjz, String bka)
at pnxh.ycpm(Byte[] gwy, pnur gwz)
at Rebex.Security.Cryptography.AsymmetricKeyAlgorithm.SignMessage(Byte[] message, SignatureParameters parameters)
at Rebex.Net.SshPrivateKey.iudu(Byte[] adr, String ads, Boolean adt)
at tern..ctor(String st, String su, Byte[] sv, SshPrivateKey sw, String sx, Boolean sy, Boolean sz)
at Rebex.Net.SshSession.ayoe(String ahb, String ahc, SshPrivateKey ahd, SshGssApiCredentials ahe, Boolean ahf)
at Rebex.Net.SshSession.Authenticate(String userName, String password, SshPrivateKey privateKey)

This means that "System.NotSupportedException: Algorithm 2.16.840.1.101.3.4.2.3 is not supported" error comes from NCryptoki's NCryptokiRSAProvider.SignHash method.

The OID of 2.16.840.1.101.3.4.2.3 represents the SHA-512 hash algorithm. Along with the rest of the log, this indicates that Rebex SFTP attempted to create an RSA/SHA-512 signature in order to authenticate using a key, but NCryptoki probably does not support this algorithm.

To resolve this, either resolve this NCryptoki issue (uprade their library or contact Cryptware support), or instruct Rebex SFTP to use another signature algorithm that is supported by your version of NCryptoki library.

However, it looks like you are using an older version of Rebex SFTP library, which does not make this directly configurable. Instead, try disabling "rsa-sha2-512" host key algorithm, which will disable key authentication using that algorithm as well:

var sftp = new Sftp();
...
string[] algs = SshParameters.GetSupportedHostKeyAlgorithms().Where(alg => alg != "rsa-sha2-512").ToArray();
sftp.Settings.SshParameters.SetHostKeyAlgorithms(algs);
...
sftp.Connect(host, portNumber);
by (120 points)
Thank you for the support, it resolved
...