EldoS | Feel safer!

Software components for data protection, secure storage and transfer

JMeter Test for sFTP wont connect toSBSSHServer

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
Posted: 01/09/2014 09:55:56
by ITSG (Standard support level)
Joined: 06/27/2013
Posts: 34

Happy New Year !

Starting 2014 with a question thats bugging me a few weeks now.
First off: I am not a encrypt/decrypt specialist, so please excuse if my question is kind of trivia...

We are running a sFTP Server build with SBlackbox.
Connection via Filezilla, Winscp is 100% fine.

As mentioned in an older Forum Post, we ar now starting JMeter Loadtests.
Using the same credentials etc. as Filezilla and WinSCP, Jmeter wont connect.
Same Tests on an older WSFTP (sFTP) Server work with JMeter also.

This is the JMeter error:
* Response code: Connection Failed
* Response message: Failed to connect to server: verify: false
(Not very helpful...)

This is what my internal log has to say:
* SSH protocol error #3
(Not very helpful either, at least to me...)

So debugging and logging the socket commmunication is a bit of help:
*First string recieved by socket: SSH-2.0-JSCH-0.1.39
*Second string recieved: d5,hmac-sha1,hmac-sha1-96,hmac-md5-96

Done the socket sniffing with Filezilla and WinSCP:
*First string recieved by socket: SSH-2.0-WinSCP_release_5.1.3
*Second string recieved: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128

So, it looks to me, like the Encrytion Algorhtyms seem "slightly" different.

Remember: other SFTP Servers Work with the md5 Stuff.

Any Idea ? Any settings i can change ?
Any kind of help appreciated ;-)

Thanks in advance
Posted: 01/09/2014 10:31:10
by Eugene Mayevski (Team)

Thank you for contacting us.

From the second string you've posted it looks like the client sends incorrectly formatted data which can't be parsed correctly. I don't think that it's our job to accommodate to client's bugs so it would be nice if you first contacted the vendor of that client software and asked him for comments.

Sincerely yours
Eugene Mayevski
Posted: 01/10/2014 02:01:12
by ITSG (Standard support level)
Joined: 06/27/2013
Posts: 34

Thank You Eugene.

I would agree with your answer and blame the client, if it wouldnt work with all other sFTP Servers i have available.

So to keep it short: Do you have any Information about the possible parameters i can change on the SBSSHServer concerning encrytion/decryption or any other helpful hints concerning that handshake ?

Maybe one Buzzword here is "Digest Authentication".
Can the SBSSHServer handle "Digest Authentication" ?

Kind Regards
Posted: 01/10/2014 02:03:08
by Eugene Mayevski (Team)

You are welcome to contact JMeter's vendors.

Sincerely yours
Eugene Mayevski
Posted: 01/10/2014 02:21:00
by ITSG (Standard support level)
Joined: 06/27/2013
Posts: 34

Hello Eugene,

i dont think they are able to answer my question... :

Can the SBSSHServer (Still an Eldos product...) handle "Digest Authentication" ?

Posted: 01/10/2014 03:19:55
by Vsevolod Ievgiienko (Team)

Can the SBSSHServer (Still an Eldos product...) handle "Digest Authentication" ?

Could you please clarify what do you mean by "Digest Authentication"? Do you know some software that supports this authentication type?
Posted: 01/10/2014 03:50:02
by ITSG (Standard support level)
Joined: 06/27/2013
Posts: 34

Maybe i was not precise enough. We are talking about Message Authentication Code (MAC)


JMeter uses HMAC-SHA1-96 for communicating with the Server.
WsFTP Server for example supports MAC

MAC Algorithms

MAC-SHA1, key length of 160 bit, digest length of 160 bit
HMAC-SHA1-96, key length of 160 bit, digest length of 96 bit
HMAC-MD5, key length of 128 bit, digest length of 128 bit
HMAC-MD5-96, key length of 128 bit, digest length of 96 bit

So the Question is: Can SBSSHServer handle MAC ?

Kind Regards
Posted: 01/10/2014 03:53:17
by Vsevolod Ievgiienko (Team)

Now its clear. Yes our TElSSHServer supports all MAC algorithms mentioned above.
Posted: 01/10/2014 03:54:40
by Eugene Mayevski (Team)

Emm ... It makes sense to read the description of the protocol. MAC is a scheme that is used to check integrity of SSH packets. It is ALWAYS used.

There exist plenty of MAC variants specified in SSH standards. They are *all* supported by SecureBlackbox.

Sincerely yours
Eugene Mayevski
Posted: 01/10/2014 12:49:07
by Eugene Mayevski (Team)

I've looked at your message again... JSCH-0.1.39 is a version of open-source junk called Jsch that was released 5 years ago and was not well-maintained after that (though they did make some update once or twice a year). Given that you are testing not the latest version of Jsch I see no sense in looking further into the problem. The client software needs to be upgraded in any case.

Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.



Topic viewed 3120 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!