EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SFTP - SSH Error 7

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#24129
Posted: 03/15/2013 09:46:38
by Eric Clark (Standard support level)
Joined: 03/15/2013
Posts: 5

I am evaluating BizCrypto for BizTalk am am unable to connect to a vendors SSH Server using the SFTP adapter.

The error is SSH error 7 and based on the FAQ I made the following changes to the port:

set CompatibilityMode to Old,
set ASCIIMode, UseUTF8, FIPSMode, UseIPv6, ForceCompression properties to false,
set TrustAllKeys to true (for debugging purposes only (!) – setting this property to true in real-world environments makes the overall security of the system void).

and there is no change. I am able to connect to the vendor's server using WinSCP.

The debug log from the adapter:

[3/15/2013 10:19:38.714] Searching for installed BizCrypto addons.
[3/15/2013 10:19:38.715] No addons found (the exact message: BizCrypto.BizTalk.Addons. Could not load file or assembly 'BizCrypto.BizTalk.Addons, Version=9.1.216.0, Culture=neutral, PublicKeyToken=5a62fa96d0ac431a' or one of its dependencies. The system cannot find the file specified.)
[3/15/2013 10:19:38.716] EldoS SFTP Adapter: Loading private key
[3/15/2013 10:19:38.716] EldoS SFTP Adapter: Loading trusted keys
[3/15/2013 10:19:38.717] EldoS SFTP Adapter: Opening connection to SFTP server
[3/15/2013 10:19:38.851] EldoS SFTP Adapter: SSH error 7
[3/15/2013 10:19:38.853] EldoS SFTP Adapter: Call stack: at BizCrypto.BizTalk.Adapters.SFTP.SFTPCommon.OnError(Object Sender, Int32 ErrorCode)
at SBSimpleSftp.TElSimpleSFTPClient.DoError(Object Sender, Int32 ErrorCode)
at SBSSHCommon.TElSSHClass.DoError(Int32 ErrorCode)
at SBSSHClient.TElSSHClient.SSH2ChooseAlgorithms(TElStringList KexLines)
at SBSSHClient.TElSSHClient.SSH2ParseKexInit(Byte[] Buffer, Int32 Size)
at SBSSHClient.TElSSHClient.SSH2ParseOnTransportLayer(Byte[] Buffer, Int32 Size)
at SBSSHClient.TElSSHClient.AnalyseBuffer()
at SBSSHClient.TElSSHClient.DataAvailable()
at SBSimpleSftp.TElSimpleSFTPClient.DataAvailable()
at SBSimpleSftp.TElSimpleSFTPClient.IntMessageLoop()
at SBSimpleSftp.TElSimpleSFTPClient.DoMessageLoop()
at SBSimpleSftp.TElSimpleSFTPClient.Open()
at BizCrypto.BizTalk.Adapters.SFTP.SFTPCommon.OpenClient()
at BizCrypto.BizTalk.Adapters.SFTP.SFTPCommon.DoWork(Trace trace, IBaseMessage message, AdapterProperties props, Boolean upload, ArrayList fileList, ImpersonateUser& impersonateUser)
at BizCrypto.BizTalk.Adapters.SFTP.SFTPReceiverEndpoint.PickupFilesAndSubmit()
at BizCrypto.BizTalk.Adapters.SFTP.SFTPReceiverEndpoint.EndpointTask()
at BizCrypto.BizTalk.Adapters.SFTP.SFTPReceiverEndpoint.ControlledEndpointTask(Object val)
at System.Threading._TimerCallback.TimerCallback_Context(Object state)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx)
at System.Threading._TimerCallback.PerformTimerCallback(Object state)

[3/15/2013 10:19:38.854] EldoS SFTP Adapter: Failed to transfer file(s): Connection lost (error code is 10058)

Stack:
at SBSimpleSftp.TElSimpleSFTPClient.DoSend(Object Sender, Byte[] Buffer)
at SBSSHCommon.TElSSHClass.DoSend(Byte[] Buffer, Int32 Size)
at SBSSHClient.TElSSHClient.SSH2SendOnTransportLayer(Int32 Size)
at SBSSHClient.TElSSHClient.SSH2SendDisconnect(Int32 ReasonCode, Byte[] Desc)
at SBSSHClient.TElSSHClient.PerformClose(Boolean Forced, String CloseReason)
at SBSSHClient.TElSSHClient.CloseByError(String ReasonLine)
at SBSSHClient.TElSSHClient.SSH2ChooseAlgorithms(TElStringList KexLines)
at SBSSHClient.TElSSHClient.SSH2ParseKexInit(Byte[] Buffer, Int32 Size)
at SBSSHClient.TElSSHClient.SSH2ParseOnTransportLayer(Byte[] Buffer, Int32 Size)
at SBSSHClient.TElSSHClient.AnalyseBuffer()
at SBSSHClient.TElSSHClient.DataAvailable()
at SBSimpleSftp.TElSimpleSFTPClient.DataAvailable()
at SBSimpleSftp.TElSimpleSFTPClient.IntMessageLoop()
at SBSimpleSftp.TElSimpleSFTPClient.DoMessageLoop()
at SBSimpleSftp.TElSimpleSFTPClient.Open()
at BizCrypto.BizTalk.Adapters.SFTP.SFTPCommon.OpenClient()
at BizCrypto.BizTalk.Adapters.SFTP.SFTPCommon.DoWork(Trace trace, IBaseMessage message, AdapterProperties props, Boolean upload, ArrayList fileList, ImpersonateUser& impersonateUser)
[3/15/2013 10:19:38.855] EldoS SFTP Adapter: Closing the connection
[3/15/2013 10:19:38.856] EldoS SFTP Adapter (receive): Failed to pickup files: Connection lost (error code is 10058)
[3/15/2013 10:19:38.880] EldoS SFTP Adapter (receive): Removing receiver endpoint.
[3/15/2013 10:19:38.881] EldoS SFTP Adapter (receive): Stop()

The WinSCP log:

. 2013-03-15 09:38:37.737 --------------------------------------------------------------------------
. 2013-03-15 09:38:37.737 WinSCP Version 5.1.0 (Build 2625) (OS 6.1.7601 Service Pack 1)
. 2013-03-15 09:38:37.737 Configuration: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\
. 2013-03-15 09:38:37.739 Local account: <redacted>
. 2013-03-15 09:38:37.739 Working directory: E:\Program Files (x86)\WinSCP
. 2013-03-15 09:38:37.739 Command-line: "E:\Program Files (x86)\WinSCP\WinSCP.exe"
. 2013-03-15 09:38:37.739 Login time: Friday, March 15, 2013 9:38:37 AM
. 2013-03-15 09:38:37.739 --------------------------------------------------------------------------
. 2013-03-15 09:38:37.739 Session name: <redacted> (Stored session)
. 2013-03-15 09:38:37.739 Host name: <redacted> (Port: 22)
. 2013-03-15 09:38:37.739 User name: <redacted> (Password: No, Key file: No)
. 2013-03-15 09:38:37.739 Tunnel: No
. 2013-03-15 09:38:37.739 Transfer Protocol: SFTP
. 2013-03-15 09:38:37.739 Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. 2013-03-15 09:38:37.739 Proxy: none
. 2013-03-15 09:38:37.739 SSH protocol version: 2; Compression: No
. 2013-03-15 09:38:37.739 Bypass authentication: No
. 2013-03-15 09:38:37.739 Try agent: Yes; Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No
. 2013-03-15 09:38:37.739 Ciphers: aes,blowfish,3des,WARN,arcfour,des; Ssh2DES: No
. 2013-03-15 09:38:37.739 SSH Bugs: A,A,A,A,A,A,A,A,A,A
. 2013-03-15 09:38:37.739 SFTP Bugs: A,A
. 2013-03-15 09:38:37.739 Return code variable: Autodetect; Lookup user groups: A
. 2013-03-15 09:38:37.739 Shell: default
. 2013-03-15 09:38:37.739 EOL: 0, UTF: 2
. 2013-03-15 09:38:37.739 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. 2013-03-15 09:38:37.739 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No
. 2013-03-15 09:38:37.739 Local directory: <redacted>, Remote directory: /out, Update: Yes, Cache: Yes
. 2013-03-15 09:38:37.739 Cache directory changes: Yes, Permanent: Yes
. 2013-03-15 09:38:37.739 DST mode: 1
. 2013-03-15 09:38:37.739 --------------------------------------------------------------------------
. 2013-03-15 09:38:37.810 Looking up host "<redacted>"
. 2013-03-15 09:38:37.819 Connecting to <redacted> port 22
. 2013-03-15 09:38:37.961 Server version: SSH-2.0-Welcome to Sterling SSP.
. 2013-03-15 09:38:37.961 Using SSH protocol version 2
. 2013-03-15 09:38:37.962 We claim version: SSH-2.0-WinSCP_release_5.1
. 2013-03-15 09:38:38.031 Doing Diffie-Hellman group exchange
. 2013-03-15 09:38:38.213 Doing Diffie-Hellman key exchange with hash SHA-1
. 2013-03-15 09:38:38.367 Verifying host key rsa2 0x10001,0x91...aa25 with fingerprint ssh-rsa 1024 a8:c3:28:b8:91:be:bb:0e:e5:be:0a:23:7f:62:67:6b
. 2013-03-15 09:38:38.414 Host key matches cached key
. 2013-03-15 09:38:38.414 Host key fingerprint is:
. 2013-03-15 09:38:38.414 ssh-rsa 1024 a8:c3:28:b8:91:be:bb:0e:e5:be:0a:23:7f:62:67:6b
. 2013-03-15 09:38:38.415 Initialised AES-256 CBC client->server encryption
. 2013-03-15 09:38:38.415 Initialised HMAC-SHA1 client->server MAC algorithm
. 2013-03-15 09:38:38.415 Initialised zlib (RFC1950) compression
. 2013-03-15 09:38:38.415 Initialised AES-256 CBC server->client encryption
. 2013-03-15 09:38:38.415 Initialised HMAC-SHA1 server->client MAC algorithm
. 2013-03-15 09:38:38.415 Initialised zlib (RFC1950) decompression
! 2013-03-15 09:38:38.591 Using username "<redacted>".
. 2013-03-15 09:38:38.687 Prompt (7, SSH password, , &Password: )
. 2013-03-15 09:38:44.799 Sent password
. 2013-03-15 09:38:44.871 Access granted
. 2013-03-15 09:38:44.940 Opened channel for session
. 2013-03-15 09:38:45.220 Started a shell/command
. 2013-03-15 09:38:45.250 --------------------------------------------------------------------------
. 2013-03-15 09:38:45.250 Using SFTP protocol.
. 2013-03-15 09:38:45.250 Doing startup conversation with host.
> 2013-03-15 09:38:45.301 Type: SSH_FXP_INIT, Size: 5, Number: -1
< 2013-03-15 09:38:45.372 Type: SSH_FXP_VERSION, Size: 5, Number: -1
. 2013-03-15 09:38:45.372 SFTP version 3 negotiated.
. 2013-03-15 09:38:45.372 We believe the server has signed timestamps bug
. 2013-03-15 09:38:45.372 We will use UTF-8 strings for status messages only
. 2013-03-15 09:38:45.409 Changing directory to "/out".
. 2013-03-15 09:38:45.409 Getting real path for '/out'
> 2013-03-15 09:38:45.409 Type: SSH_FXP_REALPATH, Size: 13, Number: 16
< 2013-03-15 09:38:45.493 Type: SSH_FXP_NAME, Size: 57, Number: 16
. 2013-03-15 09:38:45.494 Real path is '/out'
. 2013-03-15 09:38:45.494 Trying to open directory "/out".
> 2013-03-15 09:38:45.494 Type: SSH_FXP_LSTAT, Size: 13, Number: 263
< 2013-03-15 09:38:45.578 Type: SSH_FXP_ATTRS, Size: 37, Number: 263
. 2013-03-15 09:38:45.578 Getting current directory name.
. 2013-03-15 09:38:45.709 Listing directory "/out".
> 2013-03-15 09:38:45.709 Type: SSH_FXP_OPENDIR, Size: 13, Number: 523
< 2013-03-15 09:38:45.811 Type: SSH_FXP_HANDLE, Size: 10, Number: 523
> 2013-03-15 09:38:45.811 Type: SSH_FXP_READDIR, Size: 10, Number: 780
< 2013-03-15 09:38:45.916 Type: SSH_FXP_STATUS, Size: 48, Number: 780
< 2013-03-15 09:38:45.916 Status code: 1
. 2013-03-15 09:38:45.916 Listing file "/out/..".
> 2013-03-15 09:38:45.916 Type: SSH_FXP_LSTAT, Size: 16, Number: 1031
< 2013-03-15 09:38:46.001 Type: SSH_FXP_ATTRS, Size: 37, Number: 1031
> 2013-03-15 09:38:46.001 Type: SSH_FXP_CLOSE, Size: 10, Number: 1284
. 2013-03-15 09:38:46.059 Startup conversation with host finished.
. 2013-03-15 09:39:53.080 Closing connection.
. 2013-03-15 09:39:53.080 Sending special code: 12
. 2013-03-15 09:39:53.080 Sent EOF message

It isn't obvious in the settings how to resolve this issue.
#24131
Posted: 03/15/2013 10:41:08
by Ken Ivanov (EldoS Corp.)

Eric,

Thank you for contacting us.

Error 7 means that the adapter and the SFTP server were unable to negotiate a shared cipher. Did you try using the Default and Progressive compatibility modes, and if you did, what was their outcome?
#24168
Posted: 03/19/2013 07:49:16
by Eric Clark (Standard support level)
Joined: 03/15/2013
Posts: 5

I was able to get past this error by adjusting the compatibility modes as well as the vendor making some "adjustments" on their end, but now I am stuck on the following error:

SSE2636 Command rejected due to sftp proxy policy settings: SSH_FXP_OPENDIR
#24169
Posted: 03/19/2013 07:55:09
by Ken Ivanov (EldoS Corp.)

Eric,

This means that the server apparently has directory listing support turned off. Please try setting the Overwrite property of the adapter to Yes (this tells the adapter to upload the file without checking for its presence on the server side) and check if it changes anything.
#24195
Posted: 03/20/2013 08:06:31
by Eric Clark (Standard support level)
Joined: 03/15/2013
Posts: 5

Trying to use the same configuration on a send port returns SSH Error 2
#24196
Posted: 03/20/2013 08:25:28
by Eric Clark (Standard support level)
Joined: 03/15/2013
Posts: 5

SSH Error 2 according to the documentation means the server doesn't support SSH v2 but according to the properties gathered using WinSCP it does (see below).

Session protocol = SSH-2
SSH implementation = Welcome to Sterling SSP.
Encryption algorithm = aes
Compression = ZLib
File transfer protocol = SFTP-3
------------------------------------------------------------
Server host key fingerprint
ssh-rsa 1024 <redacted>
------------------------------------------------------------
Can change permissions = Yes
Can change owner/group = Yes
Can execute arbitrary command = No
Can create symlink/hardlink = Yes/No
Can lookup user groups = No
Can duplicate remote files = No
Can check available space = No
Can calculate file checksum = No
Native text (ASCII) mode transfers = No
------------------------------------------------------------
Additional information
The server does not support any SFTP extension.
#24199
Posted: 03/20/2013 10:08:58
by Ken Ivanov (EldoS Corp.)

Eric,

Thank you for the details. It looks like the problems you've got with the receive and send adapters have different roots, so let's investigate them individually.

First, you said that the receive adapter is returning some SSH_FXP_OPENDIR-specific error. Could you please check if you are able to browse remote file system with some third-party product, such as FileZilla or WinSCP? It would also be great to see a debug trace created by the adapter for such a connection.

Regarding the send adapter issue, could you please send us the adapter's debug trace as well?

Not to share all the connection details with the public, let's continue the conversation privately in the Helpdesk. I'll create a ticket for you right away.
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages

Reply

Statistics

Topic viewed 7393 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!