EldoS | Feel safer!

Software components for data protection, secure storage and transfer

JMeter Test for sFTP wont connect toSBSSHServer

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#27862
Posted: 01/09/2014 09:55:56
by ITSG (Standard support level)
Joined: 06/27/2013
Posts: 34

Happy New Year !

Starting 2014 with a question thats bugging me a few weeks now.
First off: I am not a encrypt/decrypt specialist, so please excuse if my question is kind of trivia...

We are running a sFTP Server build with SBlackbox.
Connection via Filezilla, Winscp is 100% fine.

As mentioned in an older Forum Post, we ar now starting JMeter Loadtests.
Using the same credentials etc. as Filezilla and WinSCP, Jmeter wont connect.
Same Tests on an older WSFTP (sFTP) Server work with JMeter also.

This is the JMeter error:
* Response code: Connection Failed
* Response message: Failed to connect to server: verify: false
(Not very helpful...)

This is what my internal log has to say:
* SSH protocol error #3
(Not very helpful either, at least to me...)

So debugging and logging the socket commmunication is a bit of help:
*First string recieved by socket: SSH-2.0-JSCH-0.1.39
*Second string recieved: d5,hmac-sha1,hmac-sha1-96,hmac-md5-96

Done the socket sniffing with Filezilla and WinSCP:
*First string recieved by socket: SSH-2.0-WinSCP_release_5.1.3
*Second string recieved: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128

So, it looks to me, like the Encrytion Algorhtyms seem "slightly" different.

Remember: other SFTP Servers Work with the md5 Stuff.

Any Idea ? Any settings i can change ?
Any kind of help appreciated ;-)

Thanks in advance
Martin
#27863
Posted: 01/09/2014 10:31:10
by Eugene Mayevski (EldoS Corp.)

Thank you for contacting us.

From the second string you've posted it looks like the client sends incorrectly formatted data which can't be parsed correctly. I don't think that it's our job to accommodate to client's bugs so it would be nice if you first contacted the vendor of that client software and asked him for comments.


Sincerely yours
Eugene Mayevski
#27874
Posted: 01/10/2014 02:01:12
by ITSG (Standard support level)
Joined: 06/27/2013
Posts: 34

Thank You Eugene.

I would agree with your answer and blame the client, if it wouldnt work with all other sFTP Servers i have available.

So to keep it short: Do you have any Information about the possible parameters i can change on the SBSSHServer concerning encrytion/decryption or any other helpful hints concerning that handshake ?

Maybe one Buzzword here is "Digest Authentication".
Can the SBSSHServer handle "Digest Authentication" ?

Kind Regards
Martin
#27875
Posted: 01/10/2014 02:03:08
by Eugene Mayevski (EldoS Corp.)

You are welcome to contact JMeter's vendors.


Sincerely yours
Eugene Mayevski
#27876
Posted: 01/10/2014 02:21:00
by ITSG (Standard support level)
Joined: 06/27/2013
Posts: 34

Hello Eugene,

i dont think they are able to answer my question... :

Can the SBSSHServer (Still an Eldos product...) handle "Digest Authentication" ?


Thanks
Martin
#27884
Posted: 01/10/2014 03:19:55
by Vsevolod Ievgiienko (EldoS Corp.)

Quote
Can the SBSSHServer (Still an Eldos product...) handle "Digest Authentication" ?

Could you please clarify what do you mean by "Digest Authentication"? Do you know some software that supports this authentication type?
#27885
Posted: 01/10/2014 03:50:02
by ITSG (Standard support level)
Joined: 06/27/2013
Posts: 34

Maybe i was not precise enough. We are talking about Message Authentication Code (MAC)

http://en.wikipedia.org/wiki/Message_authentication_code

JMeter uses HMAC-SHA1-96 for communicating with the Server.
WsFTP Server for example supports MAC

MAC Algorithms

MAC-SHA1, key length of 160 bit, digest length of 160 bit
HMAC-SHA1-96, key length of 160 bit, digest length of 96 bit
HMAC-MD5, key length of 128 bit, digest length of 128 bit
HMAC-MD5-96, key length of 128 bit, digest length of 96 bit

So the Question is: Can SBSSHServer handle MAC ?

Kind Regards
Martin
#27886
Posted: 01/10/2014 03:53:17
by Vsevolod Ievgiienko (EldoS Corp.)

Now its clear. Yes our TElSSHServer supports all MAC algorithms mentioned above.
#27888
Posted: 01/10/2014 03:54:40
by Eugene Mayevski (EldoS Corp.)

Emm ... It makes sense to read the description of the protocol. MAC is a scheme that is used to check integrity of SSH packets. It is ALWAYS used.

There exist plenty of MAC variants specified in SSH standards. They are *all* supported by SecureBlackbox.


Sincerely yours
Eugene Mayevski
#27919
Posted: 01/10/2014 12:49:07
by Eugene Mayevski (EldoS Corp.)

I've looked at your message again... JSCH-0.1.39 is a version of open-source junk called Jsch that was released 5 years ago and was not well-maintained after that (though they did make some update once or twice a year). Given that you are testing not the latest version of Jsch I see no sense in looking further into the problem. The client software needs to be upgraded in any case.


Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.

Reply

Statistics

Topic viewed 2810 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!