EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElSimpleSFTPClient : Connection Lost (error code is 0)

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#13497
Posted: 05/28/2010 16:43:46
by Scott Byam (Standard support level)
Joined: 05/28/2010
Posts: 9

I cannot connect to an SFTP site using the SimpleSftpDemo application for VS 2008 and C#, getting the error: Connection Lost (error code is 0) So far, I have done the following:

1. Read the article "SSH or SFTP connection to the server is not established (connection is closed during handshake). WTF?" and tried all of the steps I could. I noticed that Step 5 refers to some properties that are not on the TElSimpleSFTPClient class such as EncryptionAlgorithms, KEXAlgorithms , MACAlgorithms etc. so I could not adjust these properties.
2. Set the AutoAdjustCiphers property to true which did not fix the issue (as it did in an earlier post).
3. Set the Versions property of TElSimpleSFTPClient such that it references all available SFTP versions.

Thanks for your help.
#13498
Posted: 05/28/2010 17:01:35
by Eugene Mayevski (EldoS Corp.)

The problem is most likely in KEXAlgorithms. These properties are not missing - they are not accessible as properties in C#, which lets you have only one indexed property per class. So they are accessed as get_KEXAlgorithms() and set_KEXAlgorithms() method (and corresponding methods for other such properties).

If the server is publicly accessible, you can post it's address here or to HelpDesk. We don't need login and password - just an address so that we could connect and try various property settings ourselves.


Sincerely yours
Eugene Mayevski
#13499
Posted: 05/28/2010 17:02:40
by Eugene Mayevski (EldoS Corp.)

Also please check the value of ServerSoftwareName property after connection attempt and let us know it. This will help us find out what might be wrong.


Sincerely yours
Eugene Mayevski
#13558
Posted: 06/01/2010 10:43:54
by Scott Byam (Standard support level)
Joined: 05/28/2010
Posts: 9

Hi Eugene,

Thanks for your reply messages.

I received the same error message when trying to connect after setting the KEX algorithms in the sample project as follows:

this.SftpClient.set_KexAlgorithms(SBSSHConstants.Unit.SSH_KEX_DH_GROUP | SBSSHConstants.Unit.SSH_MA_HMAC_MD5, true);

Do I need to explicitly disable all other KEX algorithms in order for this to work?

The ServerSoftwareName property is: http://3sp.com_Maverick_SSHD
The version of SecureBlackBox is: EldoS.SFTPBlackbox.5

I will get you an answer as to whether I can share the server address.

Thank you.
#13559
Posted: 06/01/2010 10:59:05
by Scott Byam (Standard support level)
Joined: 05/28/2010
Posts: 9

Hi Eugene, here is some additional information regarding the attempted SFTP connection:

Key Method: Diffie-Hellman-group1-SHA1

Host Key Algorithm: SSH-RSA

Session Cipher: 192 bit TripleDES-cbc

Session MAC: HMAC-MD5

Session Compressor/Decompressor: ZLIB
#13561
Posted: 06/01/2010 11:13:57
by Eugene Mayevski (EldoS Corp.)

The code

this.SftpClient.set_KexAlgorithms(SBSSHConstants.Unit.SSH_KEX_DH_GROUP | SBSSHConstants.Unit.SSH_MA_HMAC_MD5, true);

is not exactly correct. DH_GROUP is ok. But ...
First, you really need to disable all other KEX algorithms. Next, KEXAlgorithms property is used to enable and disable only Key EXchange algorithms, defined by constants which include KEX_ in their names. You are trying to specify message digest algorithm constant which can correspond to some other KEX algoithm thus enabling it.

And if you can share server address, this will help us too. The reason I am asking is that one can configure the server differently and we might be unable to reproduce server configuration locally (without having that configuration).


Sincerely yours
Eugene Mayevski
#13563
Posted: 06/01/2010 12:13:27
by Scott Byam (Standard support level)
Joined: 05/28/2010
Posts: 9

Okay. I will disable all other KEX algorithms. Question though, what is the entire list of KEX algorithms? These are listed in the documentation for ElSSHClient.KexAlgorithms:

SSH_KEX_FIRST 1 (0x01)
SSH_KEX_DH_GROUP_EXCHANGE 1 (0x01)
SSH_KEX_DH_GROUP 2 (0x02)
SSH_KEX_DH_GROUP_14 3 (0x03)
SSH_KEX_DH_GROUP_EXCHANGE256 4 (0x04)
SSH_KEX_LAST 4 (0x04)

Are there any others? The reason I am asking is because in the aforementioned article "SSH or SFTP connection to the server is not established...." it refers to "SSH_KEX_DH_GROUP, SSH_KEX_DH_GROUP_EXCHANGE" that should be enabled. SSH_KEX_DH_GROUP_EXCHANGE is not in the above list (from the documentation) which raises some doubts as to whether the list in the documentation is complete. If you could send me the entire list that I should disable, as well as those I should enable, that would be very helpful.
In the meantime, I am getting clearance from our IT Dept. on whether I can share the server address with you.

Thanks again Eugene.
#13565
Posted: 06/01/2010 12:40:57
by Eugene Mayevski (EldoS Corp.)

Quote
Scott Byam wrote:
SSH_KEX_DH_GROUP_EXCHANGE is not in the above list


Isn't it? ;)


Sincerely yours
Eugene Mayevski
#13566
Posted: 06/01/2010 12:49:04
by Scott Byam (Standard support level)
Joined: 05/28/2010
Posts: 9

Right, so I'll assume that "SSH_KEX_DH_GROUP_EXCHANGE 1" is the same as "SSH_KEX_DH_GROUP_EXCHANGE". Let me know if this is not correct.

Thanks.
#13567
Posted: 06/01/2010 13:30:37
by Eugene Mayevski (EldoS Corp.)

I am having hard time trying to see the difference between two. Digit 1 is a numeric value of the constant which appeared next to the text for unidentified reason.


Sincerely yours
Eugene Mayevski
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.

Reply

Statistics

Topic viewed 7131 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!