Error SSH: Rebex.Net.SshException: The connection was closed by the server.

Question

Hello Team,

While connecting to the FTP server: 12.3.52.138 and port: 990, we are receiving the below error from Rebex component.

=========================================
20:02:45.777 Info Info: Connecting to 12.3.52.138:990 using Sftp 3.0.4546.0.
20:02:47.336 Error SSH: Rebex.Net.SshException: The connection was closed by the server. Make sure you are connecting to an SSH or SFTP server.
at Rebex.Net.SshSession.14Ad4fZ()
at Rebex.Net.SshSession.Negotiate()

=========================================

But when we connect the same server with File Zilla, we are able to connect it. Please help us to connect it from Rebex. Thank you.

We look forward to your reply.

Regards,
Naga Suresh D

Answer 1

Hello, 12.3.52.138:990 is not an SFTP/SSH server. It's an FTP server implicitly secured with TLS. Please use Rebex FTP/SSL to connect to this server:

var ftp = new Ftp();
ftp.Connect("12.3.52.138", 990, SslMode.Implicit);

Alternatively, you might use FileTransferClient (part of Rebex File Transfer Pack) which (like FileZilla) supports both FTP and SFTP:

var client = new FileTransferClient();
client.Connect("12.3.52.138", 990, FileTransferMode.FtpSslImplicit);

If you get an exception indicating that the server certificate was rejected, check out this blog post: https://blog.rebex.net/howto-server-certificate-rejected-exception/

Comments

Hello, I am unable to add the code like you mentioned. There is no SSLMode Enumerator in the third parameter of Connect method in FTP class.

Please see the below three overload methods to connect in FTP class.

public string Connect(string serverName, int serverPort);
        
public string Connect(string serverName);
        
public string Connect(string serverName, int serverPort, TlsParameters parameters, FtpSecurity security);

Please suggest to move further. Thank you.

---

It looks like you use Rebex FTP/SSL 2012 R2. The SslMode enum was added in Rebex FTP/SSL 2012 R3. Either upgrade to a more recent version or use an overload of Connect method that can accept FtpSecurity.Implicit.

However, please be aware that using a six-yer-old version of Rebex FTP/SSL is strongly discouraged. It doesn't support TLS 1.2 and by default enables a number of TLS/SSL ciphers that are now considered vulnerable.

---

By the way, there is no Rebex FTP/SSL license registered to your company. Perhaps your company name has changed in 2012? Please get in touch with us at sales@rebex.net to sort this out.

---

Hello, currently we are using 2.0.4546.0 version of Rebex components in our project.
Can we handle this scenario with this version? Because we don't have time to upgrade the Rebex components to the latest and use it.

Please let us know to connect this FTP with the current version of Rebex components. We look forward to your reply. Thank you.

---

Have you tried our suggestion to use FtpSecurity.Implicit?

---

Hello, We have downloaded latest 2018 Rebex components and tried to connect the FTP server with the below method.

var ftp = new Ftp();
ftp.Connect("12.3.52.138", 990, SslMode.Implicit);

But still, we are facing the same error.

"Server certificate was rejected by the verifier because of an unknown certificate authority."

How to resolve this with the latest Rebext components without using FileTransferClient?

---

We have tried with the FileTransferClient and got the same error.

var client = new FileTransferClient();
                        client.Connect("12.3.52.138", 990, FileTransferMode.FtpSslImplicit);

Error: "Server certificate was rejected by the verifier because of an unknown certificate authority."

---

I already addressed this in my answer last week: "If you get an exception indicating that the server certificate was rejected, check out this blog post: https://blog.rebex.net/howto-server-certificate-rejected-exception/ "

---

Hello, Thanks for the information.

If I execute the below two lines of code with the latest Rebex components, I can connect the FTP.

var ftp = new Ftp();
ftp.Settings.SslAcceptAllCertificates = true;
ftp.Connect(ftpSettings.ServerName,  SslMode.Implicit);

But I have small clarification that, we have a common method to connect the FTP server. Now to fix this issue, can we add SslAcceptAllCertificates to TRUE and SslMode.Implicit into the common methods. So that these two properties will be set to all FTP servers. Is there any harm to other FTP servers if we set these two properties?

Please let us know. Thank you.

---

Please confirm the above clarification. Thank you.

---

How can we know programmatically the FTP server is FTP/SSL/SFTP? So that we will dynamically use the connection object as per the requirement. Thank you.

---

We commented on SslAcceptAllCertificates in the blog post with these words: "Doing this in production environment is highly discouraged, as it effectively disables server authentication."

However, that was in 2012. Today, our recommendation for most scenarios is even stronger: "NEVER use 'SslAcceptAllCertificates=true' in production! Doing so enables man-in-the-middle attacks and essentially renders TLS/SSL completely useless."

The property is useful when testing or debugging because it makes it possible to determine whether the application would work if certificate validation succeeded, but don't use it in production environments unless the connection between to the client and server is sufficiently secure even without TLS/SSL. In other words, only enable SslAcceptAllCertificates if not using TLS/SSL at all would be acceptable as well.

---

To determine what service is running at the server, the only way is to try it.
So, you can try SFTP, if Connect() method fails try FTP/SSL. If this fails try plain FTP.

However, I suggest you to determine the protocol by port number at first.

Common port numbers:
  22 - SFTP
  21 - FTP (and FTP/SSL explicit)
  990 - FTP/SSL implicit

---

We will verify the FTP server with the port and the above logic. Thank you.