EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SFTP Protocol selection

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#26557
Posted: 09/20/2013 15:47:20
by Richard Rowley (Standard support level)
Joined: 09/20/2013
Posts: 4

I'm just getting up to speed on how to build an SFTP service to collect files from a drop location to be sent to a SFTP destination.

It looks like my target SFTP server does not accept SSH_FXP_INIT, which makes me think that it's an older version of the protocol.

I can see that version 10 of secure blackbox has version selection, is this automatic or does it need to be defined in code?

Thanks,

R
#26558
Posted: 09/20/2013 15:59:25
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

SSH_FXP_INIT is the basic message of SFTP protocol. So most likely target server doesn't support SFTP at all, maybe it is just SCP or even FTP server?
#26559
Posted: 09/20/2013 16:14:37
by Richard Rowley (Standard support level)
Joined: 09/20/2013
Posts: 4

Win SCP client authenticates but fails to connect:

Code
! 2013-09-18 13:57:20.943 Authenticating with public key "rsa-key-20130917"
. 2013-09-18 13:57:20.948 Prompt (3, SSH key passphrase, , Passphrase for key "rsa-key-20130917": )
. 2013-09-18 13:57:28.728 Sent public key signature
. 2013-09-18 13:57:28.728 Waiting for the server to continue with the initialization
. 2013-09-18 13:57:29.577 Detected network event
! 2013-09-18 13:57:29.577 Further authentication required
. 2013-09-18 13:57:29.588 Further authentication required
. 2013-09-18 13:57:29.588 Prompt (7, SSH password, , &Password: )
. 2013-09-18 13:57:29.588 Using stored password.
. 2013-09-18 13:57:29.642 Sent password
. 2013-09-18 13:57:29.642 Waiting for the server to continue with the initialization
. 2013-09-18 13:57:30.178 Detected network event
. 2013-09-18 13:57:30.178 Access granted
. 2013-09-18 13:57:30.179 Waiting for the server to continue with the initialization
. 2013-09-18 13:57:30.211 Detected network event
. 2013-09-18 13:57:30.211 Opened channel for session
. 2013-09-18 13:57:30.211 Waiting for the server to continue with the initialization
. 2013-09-18 13:57:30.616 Detected network event
. 2013-09-18 13:57:30.616 Started a shell/command
. 2013-09-18 13:57:30.646 --------------------------------------------------------------------------
. 2013-09-18 13:57:30.665 Using SFTP protocol.
. 2013-09-18 13:57:30.665 Doing startup conversation with host.
. 2013-09-18 13:57:30.665 Session upkeep
> 2013-09-18 13:57:30.708 Type: SSH_FXP_INIT, Size: 5, Number: -1
. 2013-09-18 13:57:30.708 Sent 9 bytes
. 2013-09-18 13:57:30.708 There are 0 bytes remaining in the send buffer
. 2013-09-18 13:57:30.708 Waiting for another 4 bytes
. 2013-09-18 13:57:30.740 Detected network event
. 2013-09-18 13:57:30.740 Received 115 bytes (0)
. 2013-09-18 13:57:30.740 Server sent command exit status 0
. 2013-09-18 13:57:30.745 Disconnected: All channels closed


WS FTP however connects:

Code
RSA Signature Verified
Session Keys Created
Ciphers Created
New Client->Server ciphers in place.
New Server->Client ciphers in place.
Completed SSH Key Exchange.  New Keys in place.
Trying authentication method: "publickey"
Loaded key Pair "test key", types(public,private): "RSA","RSA"
Key pair algorithm type: "ssh-rsa"
SFTP SERVER You are attempting to connect to a restricted server. It is confidential and may be legally privileged. If you do not have business on this server, please exit this connection.
Authentication Method publickey(2) resulted in Partial Success
Server Supported Authentication Methods: (* = client also supports)
     password *
     publickey *
Trying authentication method: "password"
User Authenticated OK!
Completed SSH User Authentication.
SSH Channel confirmed open: LocalID:(0760a2ce) ServerID(00000000) ServerMaxPacket(34000) ServerWindow(0)
Started subsystem "sftp" on channel 0760a2ce
SFTP Protocol Version 3 OK
sftp protocol initialized
/  loaded from [Directory Listing Cache]DIREB0F.tmp


I can't seem to get WS FTP to log its commands.
#26560
Posted: 09/20/2013 16:19:28
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

What is the software name/version of this server?
#26561
Posted: 09/20/2013 16:25:39
by Richard Rowley (Standard support level)
Joined: 09/20/2013
Posts: 4

I've asked them for the details, not sure if they will provide too many system details with it being a bank.

The only real details they have provided so far are that they use SFTP and connections must be made with a username, then require: key authentication, passphrase, then password.

I'll update my post when I know more.
#26562
Posted: 09/20/2013 16:34:15
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

So, does the authentication succeed or not? SecureBlackbox supports all versions of SFTP protocol from 3 to 6, and all possible authentication methods.
Also did you try SBB 11 beta?
And, just in case, if this bank is JP Morgan - we had some issues with it before which were fixed some time ago, as far as I remember.
#26563
Posted: 09/21/2013 01:20:03
by Eugene Mayevski (EldoS Corp.)

From WS FTP log it seems that the server doesn't have SFTP subsystem, but instead SFTP is started as an external process (this is also possible). SecureBlackbox supports this method as well.

Please try to connect using SimpleSFTPDemo in <SecureBlackbox>\Samples\<language>\SFTPBlackbox\Client folder and see what log it produces. It's possible that you are solving the problem that doesn't exist and our components connect just fine.


Sincerely yours
Eugene Mayevski
#26615
Posted: 09/25/2013 10:35:10
by Richard Rowley (Standard support level)
Joined: 09/20/2013
Posts: 4

So they came back to me eventually. They won't tell me who developed their actual implementation of their SFTP server, which I expected. They have said though that they use SSH protocol version 4.

I set WinSCP to prefer protocol version 4 and it connected fine, even got past the SSH_FXP_INIT this time, even though it states that version 3 was negotiated:

Code
. 2013-09-25 08:41:38.343 --------------------------------------------------------------------------
. 2013-09-25 08:41:38.523 Using SFTP protocol.
. 2013-09-25 08:41:38.523 Doing startup conversation with host.
. 2013-09-25 08:41:38.523 Session upkeep
> 2013-09-25 08:41:38.679 Type: SSH_FXP_INIT, Size: 5, Number: -1
. 2013-09-25 08:41:38.679 Sent 9 bytes
. 2013-09-25 08:41:38.679 There are 0 bytes remaining in the send buffer
. 2013-09-25 08:41:38.679 Waiting for another 4 bytes
. 2013-09-25 08:41:38.700 Detected network event
. 2013-09-25 08:41:38.700 Received 9 bytes (0)
. 2013-09-25 08:41:38.700 Read 4 bytes (5 pending)
. 2013-09-25 08:41:38.700 Read 5 bytes (0 pending)
< 2013-09-25 08:41:38.700 Type: SSH_FXP_VERSION, Size: 5, Number: -1
. 2013-09-25 08:41:38.700 SFTP version 3 negotiated.
. 2013-09-25 08:41:38.700 We believe the server has signed timestamps bug
. 2013-09-25 08:41:38.700 We will use UTF-8 strings for status messages only
. 2013-09-25 08:41:38.798 Getting current directory name.
. 2013-09-25 08:41:38.839 Getting real path for '.'
> 2013-09-25 08:41:38.839 Type: SSH_FXP_REALPATH, Size: 10, Number: 16
. 2013-09-25 08:41:38.839 Sent 14 bytes
. 2013-09-25 08:41:38.839 There are 0 bytes remaining in the send buffer
. 2013-09-25 08:41:38.839 Waiting for another 4 bytes
. 2013-09-25 08:41:38.871 Detected network event
. 2013-09-25 08:41:38.871 Received 55 bytes (0)
. 2013-09-25 08:41:38.871 Read 4 bytes (51 pending)
. 2013-09-25 08:41:38.871 Read 51 bytes (0 pending)
< 2013-09-25 08:41:38.871 Type: SSH_FXP_NAME, Size: 51, Number: 16
. 2013-09-25 08:41:38.871 Real path is '/'
. 2013-09-25 08:41:38.998 Listing directory "/".
> 2013-09-25 08:41:38.998 Type: SSH_FXP_OPENDIR, Size: 10, Number: 267
. 2013-09-25 08:41:38.998 Sent 14 bytes
. 2013-09-25 08:41:38.998 There are 0 bytes remaining in the send buffer
. 2013-09-25 08:41:38.998 Waiting for another 4 bytes
. 2013-09-25 08:41:39.030 Detected network event
. 2013-09-25 08:41:39.030 Received 14 bytes (0)
. 2013-09-25 08:41:39.030 Read 4 bytes (10 pending)
. 2013-09-25 08:41:39.030 Read 10 bytes (0 pending)
< 2013-09-25 08:41:39.030 Type: SSH_FXP_HANDLE, Size: 10, Number: 267
> 2013-09-25 08:41:39.030 Type: SSH_FXP_READDIR, Size: 10, Number: 524
. 2013-09-25 08:41:39.030 Sent 14 bytes
. 2013-09-25 08:41:39.030 There are 0 bytes remaining in the send buffer
. 2013-09-25 08:41:39.030 Waiting for another 4 bytes
. 2013-09-25 08:41:39.110 Detected network event
. 2013-09-25 08:41:39.110 Received 118 bytes (0)
. 2013-09-25 08:41:39.110 Read 4 bytes (114 pending)
. 2013-09-25 08:41:39.110 Read 114 bytes (0 pending)
< 2013-09-25 08:41:39.110 Type: SSH_FXP_NAME, Size: 114, Number: 524
> 2013-09-25 08:41:39.110 Type: SSH_FXP_READDIR, Size: 10, Number: 780
. 2013-09-25 08:41:39.110 Sent 14 bytes
. 2013-09-25 08:41:39.110 There are 0 bytes remaining in the send buffer
. 2013-09-25 08:41:39.213 Read file 'Inbox' from listing
. 2013-09-25 08:41:39.213 Waiting for another 4 bytes
. 2013-09-25 08:41:39.213 Detected network event
. 2013-09-25 08:41:39.214 Received 49 bytes (0)
. 2013-09-25 08:41:39.214 Read 4 bytes (45 pending)
. 2013-09-25 08:41:39.214 Read 45 bytes (0 pending)
< 2013-09-25 08:41:39.214 Type: SSH_FXP_STATUS, Size: 45, Number: 780
< 2013-09-25 08:41:39.214 Status code: 1
> 2013-09-25 08:41:39.214 Type: SSH_FXP_CLOSE, Size: 10, Number: 1028
. 2013-09-25 08:41:39.214 Sent 14 bytes
. 2013-09-25 08:41:39.214 There are 0 bytes remaining in the send buffer
. 2013-09-25 08:41:39.214 Inbox;d;1024;2013-09-25T13:41:41.000Z;"300" [300];"100" [100];rwx------;0
. 2013-09-25 08:41:39.298 Startup conversation with host finished.
. 2013-09-25 08:41:43.449 Session upkeep
. 2013-09-25 08:41:43.449 Detected network event
. 2013-09-25 08:41:43.449 Received 44 bytes (0)
. 2013-09-25 08:41:43.925 Session upkeep
. 2013-09-25 08:41:44.425 Session upkeep
. 2013-09-25 08:41:44.939 Session upkeep
. 2013-09-25 08:41:45.441 Session upkeep
. 2013-09-25 08:41:45.953 Session upkeep


I built your demo and ran through a connection, but it looks like it may be connecting like the WinSCP was set to a high version:

Code

9/25/2013 10:33:30 AM: TCP connection opened.
9/25/2013 10:33:31 AM: Server key received
9/25/2013 10:33:33 AM: Authentication type 2 failed.
9/25/2013 10:33:33 AM: Authentication succeeded.
9/25/2013 10:33:33 AM: SSH Connection started.
9/25/2013 10:33:34 AM: Error 6 with comment "[2013/09/25 11:33:34.230] SSE2636 Command rejected due to sftp proxy policy settings: SSH_FXP_INIT".
9/25/2013 10:33:34 AM: Sftp connection closed.
9/25/2013 10:33:34 AM: TCP connection closed.
9/25/2013 10:33:34 AM: Error 103 with comment "Connection closed by lower level protocol".
9/25/2013 10:33:34 AM: Sftp connection closed.


Is there a way to force a lower version?
#26617
Posted: 09/25/2013 10:53:26
by Eugene Mayevski (EldoS Corp.)

Yes, the SFTP component has Versions property which you can use to choose which SFTP versions to choose.


Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 3113 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!