EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Error 10058 Opening SFTP Connection

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
Posted: 05/17/2016 18:43:51
by Craig Boucher (Standard support level)
Joined: 03/03/2014
Posts: 8

I received a .p12 file from a vendor and need to transfer files to them via SFTP. Below is the (VB.Net) code I used to create the SFTP client object. When I open the connection it throws an exception with error code 10058.

_sftpClient = New TElSimpleSFTPClient()
_sftpClient.KeyStorage = New TElSSHMemoryKeyStorage()

Dim cert = new TElX509Certificate()
Dim res As Int32 = cert.LoadFromFileAuto(Me.PrivateKeyFile, Me.PrivateKeyPassword)
If (res <> 0 ) Then
    Throw New Exception("Certificate file could not be loaded due to error " & res.ToString())
End If

Dim key = new TElSSHKey()
_sftpClient.AuthenticationTypes = BSSHConstants.Unit.SSH_AUTH_TYPE_PUBLICKEY
_sftpClient.Address = Me.FtpHostname
_sftpClient.Port = 22
_sftpClient.ASCIIMode = True

I've successfully got similar code working for another vendor using a .ppk file (loading it into the TElSSHKey object). Am I loading the certificate file correctly?

Posted: 05/18/2016 07:26:29
by Ken Ivanov (Team)

Hi Craig,

Thank you for contacting us.

It would be great if you could add OnError, OnAuthenticationSuccess and OnAuthenticationFailed event handlers to your code. They would help much to identify the root cause of the connectivity problem. Error 10058 is a socket WSAESHUTDOWN error, and is actually a consequence of some other, SSH layer error.

You also need to handle the OnKeyValidate event and perform server key validation inside the handler.

Posted: 05/18/2016 17:36:21
by Craig Boucher (Standard support level)
Joined: 03/03/2014
Posts: 8

I added those events and this is what I got from the events:

SftpClient.OnAuthenticationFailed: AuthenticationType = 2
SftpClient.OnError: ErrorCode = 114

I forgot to mention that we also have a userid/password from this vendor and I can log in successfully with that but the password changes every 60 days where the certificate will be good for 2 years. So if possible I'd like to get the
certificate working.

Also, I'm using SecureBlackBox version

Posted: 05/18/2016 17:56:53
by Craig Boucher (Standard support level)
Joined: 03/03/2014
Posts: 8

Another update...

I saw in one of your knowledge base articles that it is common to forget to set the Username property. I had forgot to do this but after I did I still get the same error.

Posted: 05/18/2016 18:42:49
by Ken Ivanov (Team)

Hi Craig,

Thank you for the details.

Authentication failure with type 2, followed by error 114, means that your public key (i.e. your certificate in your case) was not accepted by the server for one or another reason.

In fact, certificate-based authentication is a painful topic with SSH, which normally uses raw keys to authenticate users. For more than a decade that SSH is on the market, a number of different standards and approaches were developed that deal with certificate-based authentication. Different SSH software supports different combinations of these approaches, often requiring a special tune-up for the connecting component. SecureBlackbox supports the majority of existing certificate-based authentication methods, but it may also require you to adjust certain properties to be able to connect.

To identify the exact authentication approach accepted by your server, could you please let us know if you can connect to it with your certificate using some third-party software, and what exactly steps do you take to configure the connection? We could than use that information to help you set up TElSimpleSFTPClient in your application.

Thanks in advance,

Posted: 05/20/2016 11:24:44
by Craig Boucher (Standard support level)
Joined: 03/03/2014
Posts: 8

We also have the option to use FTPS (instead of SFTP). Can certificates be used with FTPS and if so do you have any examples?

Posted: 05/23/2016 06:40:27
by Ken Ivanov (Team)

Hi Craig,

Yes, X.509 certificates are native for FTPS, in contrast to SSH where they were a sort of an 'add-on' functionality up until recently. So as long as the FTPS server you are connecting to is aware of your certificate and is configured to request certificates from connecting clients, you can use your certificate to authenticate yourself to it.

The simplest way to attach your certificate to TElSimpleFTPSClient is to load it into a TElMemoryCertStorage object using its LoadFromStreamPFX() method, and then assign that storage object to TElSimpleFTPSClient.ClientCertStorage property. The component will then sort out authentication automatically.

The SimpleFTPSDemo sample, available both in C# and VB variants, shows an alternative approach of passing the client certificate to the component via the OnCertificateNeededEx event.

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages



Topic viewed 1771 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!