Our Products:   CompleteFTP  edtFTPnet/Free  edtFTPnet/PRO  edtFTPj/Free  edtFTPj/PRO

Support of stronger security features

0 votes
15 views
asked Oct 4 in .NET FTP by Karl (140 points)
We are using Version 9.1.1.20 with this settings:

  sftp_client.PreferredMACAlgorithms = SSHMACAlgorithm.HMAC_SHA2_256 | SSHMACAlgorithm.HMAC_SHA2_512;

            sftp_client.PreferredKeyExchangeMethods = SSHKeyExchangeMethod.DiffieHellmanGroupExchangeSha256;

            sftp_client.PreferredHostKeyAlgorithms = SSHPublicKeyAlgorithm.RSA;

            sftp_client.PreferredCipherAlgorithms = SSHCipherAlgorithm.AES256 | SSHCipherAlgorithm.AES_CTR_256;

and our FTP server will accept in the future only:

SFTPDigests:

hmac-sha2-256,hmac-sha2-512

SFTPKeyExchanges:

ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256

 

Tried also a lot of different settings, but always get:

KeyExchange response is not SSH_MSG_KEX_DH_GEX_GROUP but SSH_MSG_DISCONNECT

 

Any idea?
commented Oct 4 by support2 (143,750 points)
Post the first part of a debug log file that shows the negotiation of ciphers etc.
commented Oct 10 by Karl (140 points)
DEBUG [SSHFTPClient] 9 Okt 2017 11:08:56.918 :  Set transfer type = BINARY
INFO [LicenseProperties] 9 Okt 2017 11:08:58.521 :  Licence expiry date: 31.12.9999
INFO [LicenseProperties] 9 Okt 2017 11:08:58.521 :  Production license
DEBUG [SSHSCPClient] 9 Okt 2017 11:08:58.522 :  Setting up fallback kbi prompt based on supplied password
DEBUG [HostNameResolver] 9 Okt 2017 11:08:58.527 :  Resolving sftp.portal.qs.b4value.net
DEBUG [HostNameResolver] 9 Okt 2017 11:08:58.551 :  Obtained 1 addresses
DEBUG [HostNameResolver] 9 Okt 2017 11:08:58.551 :  IP address: 195.234.231.43
DEBUG [HostNameResolver] 9 Okt 2017 11:08:58.551 :  sftp.portal.qs.b4value.net resolved to 195.234.231.43
DEBUG [SSHSCPClient] 9 Okt 2017 11:08:58.551 :  Connecting directly to SFTP server 195.234.231.43:22
INFO [BaseSocket] 9 Okt 2017 11:08:58.584 :  Connecting to 195.234.231.43:22 with timeout 120000 ms
DEBUG [BaseSocket] 9 Okt 2017 11:08:58.610 :  Successfully connected to 195.234.231.43:22
DEBUG [SSHSCPClient] 9 Okt 2017 11:08:58.611 :  Connected successfully to SFTP server 195.234.231.43:22
DEBUG [SSHConnection] 9 Okt 2017 11:08:58.611 :  Beginning protocol negotiation
DEBUG [PlainSocket] 9 Okt 2017 11:08:58.636 : SSHSCPClient.1 RepeatCallback received 41 bytes
DEBUG [ProtocolNegotiationHandler] 9 Okt 2017 11:08:58.642 : SSHSCPClient.1 offset=0,length=41
INFO [ProtocolNegotiationHandler] 9 Okt 2017 11:08:58.642 : SSHSCPClient.1 Server version = 'SSH-2.0-PSFTPd. Secure FTP Server ready'
DEBUG [SSHUtil] 9 Okt 2017 11:08:58.644 : SSHSCPClient.1 Major string = '2'
DEBUG [SSHUtil] 9 Okt 2017 11:08:58.645 : SSHSCPClient.1 Minor string = '0'
DEBUG [SSHUtil] 9 Okt 2017 11:08:58.645 : SSHSCPClient.1 Version 2.0
DEBUG [SSHUtil] 9 Okt 2017 11:08:58.645 : SSHSCPClient.1 Protocol compatible
DEBUG [SSHConnection] 9 Okt 2017 11:08:58.645 :  Server version=SSH-2.0-PSFTPd. Secure FTP Server ready
DEBUG [SSH2Connection] 9 Okt 2017 11:08:58.648 :  Timeout=120000
DEBUG [SSHConnection] 9 Okt 2017 11:08:58.649 :  Sending client version=SSH-2.0-edtFTPnet/PRO_9.1.1.20
DEBUG [SSH2Connection] 9 Okt 2017 11:08:58.651 :  Starting key exchange
DEBUG [AbstractKeyExchanger] 9 Okt 2017 11:08:58.652 :  Sending SSH_MSG_KEXINIT
DEBUG [AbstractKeyExchanger] 9 Okt 2017 11:08:58.654 :  key exchange method=diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256
DEBUG [AbstractKeyExchanger] 9 Okt 2017 11:08:58.655 :  hostkey algorithms=ssh-rsa,ssh-dss
DEBUG [AbstractKeyExchanger] 9 Okt 2017 11:08:58.656 :  ciphers=blowfish-cbc,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr
DEBUG [AbstractKeyExchanger] 9 Okt 2017 11:08:58.656 :  ciphers=blowfish-cbc,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr
DEBUG [AbstractKeyExchanger] 9 Okt 2017 11:08:58.657 :  MACs=hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96,hmac-sha2-256,hmac-sha2-512
DEBUG [AbstractKeyExchanger] 9 Okt 2017 11:08:58.657 :  MACs=hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96,hmac-sha2-256,hmac-sha2-512
DEBUG [AbstractKeyExchanger] 9 Okt 2017 11:08:58.657 :  compression algorithms=none,zlib
DEBUG [AbstractKeyExchanger] 9 Okt 2017 11:08:58.657 :  compression algorithms=none,zlib
DEBUG [AbstractKeyExchanger] 9 Okt 2017 11:08:58.660 :  Sent SSH_MSG_KEXINIT
DEBUG [ClientKeyExchanger] 9 Okt 2017 11:08:58.660 :  Reading SSH_MSG_KEXINIT reply
DEBUG [SSH2Connection] 9 Okt 2017 11:08:58.661 :  Waiting for packet
DEBUG [PlainSocket] 9 Okt 2017 11:08:58.669 : SSHSCPClient.1 RepeatCallback received 576 bytes
DEBUG [SSH2Connection] 9 Okt 2017 11:08:58.671 :  Packet arrived
DEBUG [AbstractKeyExchanger] 9 Okt 2017 11:08:58.672 :  Processing SSH_MSG_KEXINIT reply
DEBUG [AbstractKeyExchanger] 9 Okt 2017 11:08:58.673 :  Remote kex alg=ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256
DEBUG [AbstractKeyExchanger] 9 Okt 2017 11:08:58.673 :  Decided kex alg= DiffieHellmanGroupExchangeSha256
DEBUG [AbstractKeyExchanger] 9 Okt 2017 11:08:58.673 :  Remote hostkey alg=ssh-rsa
DEBUG [AbstractKeyExchanger] 9 Okt 2017 11:08:58.674 :  Decided hostkey alg= RSA
DEBUG [ClientKeyExchanger] 9 Okt 2017 11:08:58.674 :  Remote Cipher CS=aes128-cbc,aes128-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes192-ctr,aes256-cbc,aes256-ctr,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
DEBUG [ClientKeyExchanger] 9 Okt 2017 11:08:58.675 :  Decided Cipher C->S= Blowfish
DEBUG [ClientKeyExchanger] 9 Okt 2017 11:08:58.675 :  Remote Cipher SC=aes128-cbc,aes128-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes192-ctr,aes256-cbc,aes256-ctr,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
DEBUG [ClientKeyExchanger] 9 Okt 2017 11:08:58.675 :  Decided Cipher S->C= Blowfish
DEBUG [ClientKeyExchanger] 9 Okt 2017 11:08:58.675 :  Remote MAC CS=hmac-sha2-256,hmac-sha2-512
DEBUG [ClientKeyExchanger] 9 Okt 2017 11:08:58.675 :  Decided MAC C->S= HMAC_SHA2_256
DEBUG [ClientKeyExchanger] 9 Okt 2017 11:08:58.675 :  Remote MAC SC=hmac-sha2-256,hmac-sha2-512
DEBUG [ClientKeyExchanger] 9 Okt 2017 11:08:58.675 :  Decided MAC S->C= HMAC_SHA2_256
DEBUG [ClientKeyExchanger] 9 Okt 2017 11:08:58.675 :  Remote Comp CS=zlib,none
DEBUG [ClientKeyExchanger] 9 Okt 2017 11:08:58.675 :  Decided Comp C->S=None
DEBUG [ClientKeyExchanger] 9 Okt 2017 11:08:58.675 :  Remote Comp SC=zlib,none
DEBUG [ClientKeyExchanger] 9 Okt 2017 11:08:58.675 :  Decided Comp S->C=None
DEBUG [ClientKeyExchanger] 9 Okt 2017 11:08:58.675 :  first_kex_packet_follows=False
DEBUG [AbstractKeyExchanger] 9 Okt 2017 11:08:58.675 :  Processed SSH_MSG_KEXINIT reply
DEBUG [ClientKeyExchanger] 9 Okt 2017 11:08:58.675 :  Sending SSH_MSG_KEX_DH_GEX_REQUEST_OLD
DEBUG [AbstractKeyExchanger] 9 Okt 2017 11:08:58.676 :  DH_PREFERRED_GROUP_SIZE=1024
DEBUG [ClientKeyExchanger] 9 Okt 2017 11:08:58.676 :  Sent SSH_MSG_KEX_DH_GEX_REQUEST_OLD
DEBUG [SSH2Connection] 9 Okt 2017 11:08:58.676 :  Waiting for packet
DEBUG [PlainSocket] 9 Okt 2017 11:08:58.692 : SSHSCPClient.1 RepeatCallback received 112 bytes
DEBUG [SSH2Connection] 9 Okt 2017 11:08:58.692 :  Packet arrived
DEBUG [ClientKeyExchanger] 9 Okt 2017 11:08:58.693 :  Processing SSH_MSG_KEX_DH_GEX_GROUP reply
DEBUG [PlainSocket] 9 Okt 2017 11:08:58.693 : SSHSCPClient.1 RepeatCallback received 0 bytes
ERROR [SSHFTPClient] 9 Okt 2017 11:08:58.694 :  Failed to connect - closing connection
ERROR [SSHFTPClient] 9 Okt 2017 11:08:58.694 :  EnterpriseDT.Net.Ftp.Ssh.SFTPException: KeyExchange response is not SSH_MSG_KEX_DH_GEX_GROUP but SSH_MSG_DISCONNECT
ERROR [SSHFTPClient] 9 Okt 2017 11:08:58.694 :     bei EnterpriseDT.Net.Ftp.Ssh.SSHFTPClient.Connect()
commented Oct 10 by Karl (140 points)
Hi. Sorry for the late reply from our side but this issue is now getting urgent.
commented Oct 10 by support2 (143,750 points)
Posting on our public forums isn't the fastest way to get a response. In future please use our support ticket system (http://www.enterprisedt.com/support/index.php).

It looks here like the server abruptly disconnected the client.  Are you able to inspect the server logs to find out why?
commented Oct 10 by Karl (140 points)
compare Ticket #953121

Please log in or register to answer this question.

...