EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SFTP component not connected error

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#11663
Posted: 11/13/2009 06:21:26
by Tom Marshall (Basic support level)
Joined: 11/13/2009
Posts: 11

Hi,

I am having issues sending files to an older SFTP server.

I can connect/authenticate fine, but when I come to execute the .UploadStream function, it throws an execeptions saying:

Quote
SFTP component not connected


I have retrieved some SFTP logs from the server and it suggests the following:

Quote
....: unsupported sftp protocol version:6


The server only supports SFTP protocol version 3, but we have set the 'Versions' property to include:
Code
supportedVersions := [sbSFTP2, sbSFTP3, sbSFTP4, sbSFTP5, sbSFTP6];
SimpleSFTPClient.Versions := supportedVersions;


Shouldn't SecureBlackbox be able to negotiate which protocol version to use with the server?

Many Thanks,
Tom


Incidentally, I am using VCL Secureblackbox 5.1.112 in DELPHI 6.
#11664
Posted: 11/13/2009 07:02:58
by Tom Marshall (Basic support level)
Joined: 11/13/2009
Posts: 11

Update:

When I limit the version to be only 'sbSFTP3', it throws a different exception message from the .UploadStream function:

Quote
[2009/11/13 13:48:04.667] SSE2636 Command rejected due to sftp proxy policy settings: SSH_FXP_OPEN]


I have no idea what could be causing this?

I can connect to this SFTP server with another client (PSFTP), so it must be some difference with the secureBlackbox implementation of SFTP that is stopping it from working.

Many Thanks,
Tom
#11665
Posted: 11/13/2009 07:48:15
by Eugene Mayevski (EldoS Corp.)

Quote
Tom Marshall wrote:
Shouldn't SecureBlackbox be able to negotiate which protocol version to use with the server?


Algorithms and protocols in SSH and SFTP are negotiated in the following way:
the client sends the list of supported ones to the server, and the server chooses. Some buggy servers don't understand lists - they only understand one entry. In other words, you must always enable one version of the protocol (like you did in the second message) etc.

Quote
Tom Marshall wrote:
I have no idea what could be causing this?


Unfortunately neither do I.

Questions:

1. What value does ServerSoftwareName property contains after connection is established?
2. Did you contact server admin asking what this should mean?
3. Try connecting to the server with CuteFTP and post connection log here.
4. Try connecting to the server with SecureBlackbox 7 . Maybe the problem will go away.


Sincerely yours
Eugene Mayevski
#11666
Posted: 11/13/2009 09:59:22
by Tom Marshall (Basic support level)
Joined: 11/13/2009
Posts: 11

Hi Eugene, thanks for the prompt response.


1 - The ServerSoftwareName parameter is XXXXX DEV SFTP, where XXXX is the company name. This doesn't appear to be the brand so is not much help I fear. I have asked them to provide more details, but they are not prepared to divulge that information.

2 - I have asked the server admin and this was the response:

"SSH_FXP_OPEN is the sftp command which open files for writing. This command is probably used by your 'put' command.
...
Also, is your sftp protocol use full V3? For the SSH_FXP_OPEN exists in both V3 and V6 but this command looks quite different between them."

3 - Connecting with PuTTY gives the following logs (red parts masked for anonymity):

D:\PuTTY>psftp.exe [username]@[serverAddress] -P [port] -i [key].ppk -v Looking up host "[serverAddress]"
Connecting to [serverAddress] port [port]
Server version: SSH-2.0-XXXXX DEV SFTP
We claim version: SSH-2.0-PuTTY_Release_0.60 Using SSH protocol version 2 Doing Diffie-Hellman group exchange Doing Diffie-Hellman key exchange with hash SHA-1 Host key fingerprint is:
ssh-dss 1024 a1.b2.........4
Initialised AES-256 CBC client->server encryption Initialised HMAC-SHA1 client->server MAC algorithm Initialised AES-256 CBC server->client encryption Initialised HMAC-SHA1 server->client MAC algorithm Reading private key file "[key].ppk"
Using username "[username]".
XXXXX DEV SFTP
Offered public key
Offer of public key accepted
Authenticating with public key "rsa-key-20091009"
Access granted
Opened channel for session
Started a shell/command
Connected to [serverAddress]
Remote working directory is /[homeDir]
psftp> put testFile.csv
local:testFile.csv => remote:/[homeDir]/testFile.CSV


4 - We do not have a license for SecureBlackbox 7.

Many Thanks,
Tom
#11667
Posted: 11/13/2009 10:34:19
by Eugene Mayevski (EldoS Corp.)

Thank you for information. Not very informative though. Putty doesn't give enough information in it's log regarding how SFTP is used. Putty is capable of running SFTP via shell channel (instead of SFTP channel). This is a hack around disabled SFTP subsystem. We don't support such hack (well, it's possible to make it with SecureBlackbox, but not trivial). So if it's the hack, then it's a misconfiguration of the server.

Admin's comments regarding SSH_FXP_OPEN are not applicable: Secureblackbox is standard-compliant and it works fine with many flavors of SSH servers. So if there's a problem, it's much more likely to be caused by the server side.

However, it's important that you test SecureBlackbox 7 (you can download evaluation version and test if it connects). With so little other information we won't be able to help you effectively, so if SecureBlackbox 7 works, this would solve the problem automatically.


Sincerely yours
Eugene Mayevski
#11669
Posted: 11/13/2009 11:42:58
by Tom Marshall (Basic support level)
Joined: 11/13/2009
Posts: 11

Thanks for the help.

Switching to SBB v7 introduces a few errors to the application, so I am going to investigate the server config a bit more before comitting to sorting them out.

I'll keep this thread updated with my results.
#11670
Posted: 11/13/2009 11:51:02
by Eugene Mayevski (EldoS Corp.)

Moving from version 5 to version 7 should not cause any problems except maybe a couple of constants being moved from one unit to another. You can try connecting to your server using a sample application. It will be enough to tell you if SecureBlackbox 7 connects to your server or not.


Sincerely yours
Eugene Mayevski
#11672
Posted: 11/13/2009 17:36:21
by Tim Molloy (Standard support level)
Joined: 11/13/2009
Posts: 21

I'm having the same problem "SFTP component not connected".

I'm using SecureBlackbox.7 using the TElSimpleSFTPClient and automating uploads for multiple accounts to a remove server running VShell_3_0_1_478 VShell.

It's unusual, some accounts can UploadFile() successfully, yet others raise the above exception. The same accounts are successful everytime.

So far, the remote server admin hasn't been very helpful.

The exception is raised as class Exception and doesn't get raised in the OnError event handler of the TElSimpleSFTPClient. I'm not sure if there's another type of exception I should be capturing or not.

I can connect via FizeZilla Portable just fine, here's the messages I get back:

Status: Connecting to 216.75.196.23...
Response: fzSftp started
Command: open "t00033edi@216.75.196.23" 22
Command: Pass: ********
Status: Connected to 216.75.196.23
Status: Retrieving directory listing...
Command: pwd
Response: Current directory is: "/t00033edi"
Command: ls
Status: Listing directory /t00033edi
Status: Directory listing successful

I'm at a loss here and need to get this figured out ASAP. Thanks a ton for the help!
#11673
Posted: 11/13/2009 17:45:08
by Tim Molloy (Standard support level)
Joined: 11/13/2009
Posts: 21

Here's the FileZilla Portable messages upon uploading a test file:

Command: rm "/t00033edi/TestFile.tst"
Response: rm /t00033edi/TestFile.tst: OK
Status: Connecting to 216.75.196.23...
Response: fzSftp started
Command: open "t00033edi@216.75.196.23" 22
Command: Pass: ********
Status: Connected to 216.75.196.23
Status: Starting upload of C:\temp\MbiDocuments\DBI\ImportFiles\TestFile.tst
Command: cd "/t00033edi"
Response: New directory is: "/t00033edi"
Command: put "C:\temp\MbiDocuments\DBI\ImportFiles\TestFile.tst" "TestFile.tst"
Status: local:C:\temp\MbiDocuments\DBI\ImportFiles\TestFile.tst => remote:/t00033edi/TestFile.tst
Status: File transfer successful
Status: Retrieving directory listing...
Command: ls
Status: Listing directory /t00033edi
Status: Directory listing successful
Status: Disconnected from server
#11674
Posted: 11/13/2009 17:46:44
by Tim Molloy (Standard support level)
Joined: 11/13/2009
Posts: 21

The remote path I get from SBB is: t00033edi:/TestFile.tst. Different format path or different path?
Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.

Reply

Statistics

Topic viewed 17845 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!