Our Products:   CompleteFTP  edtFTPnet/Free  edtFTPnet/PRO  edtFTPj/Free  edtFTPj/PRO
0 votes
in CompleteFTP by (170 points)
We've been using CompleteFTP Professional for many years. We have sftp enabled on the server with all authentication methods available. We created an RSA and DSA key public key pair on the server, but have not created any keys for individual users.

Recently, with version 12.1.5, we have two clients out of 1,000+ clients that almost every day, they are unable to upload files because of the RSA fingerprint stores in their machine mismatching the server. In our troubleshooting, the RSA fingerprint presented is different every time, and doesn't match the RSA or DSA key fingerprint public key on the server when viewing it.

This issue persists after updating to 13.0.1. We even manually stored the DSA key fingerprint value from the server into the clients' database tables where this information is stored, but the next day or so, the client complains that the RSA key fingerprint does not match what is stored in the client's database. The key being presented is different than before.

Aside from MITM, any ideas what this could be?
by (158k points)
It's probably best to open a support ticket for this, go to https://enterprisedt.com/help.

If you have access to the client's private key so you can test connecting yourself, generate a debug log of a failed login attempt and include it. Otherwise, if you are able to supply a debug log file that shows them failing to log in.
by (170 points)
reshown by
Thanks; I opened up a ticket.
by (170 points)
Resolved with one of the clients. It turns out there was a "man-in-the-middle" in the form of a network-based IPS. It was interfering with SSH communication between the client and server.

1 Answer

0 votes
by (158k points)
Best answer
This was an interesting problem. It turns out (see the comment) that somewhere on the client side, they had an intrusion prevention system (IPS) that intercepted SSH traffic and changed the server's RSA fingerprint!