EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Connection is dropped immediately

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
Posted: 09/17/2007 11:22:43
by  Richard Price
This works. But using the secureblackbox simple sample does not. The connection is immediately dropped? Please help.


*** CuteFTP 8.0 - build May 31 2007 ***

STATUS:> [17/09/2007 17:28:35] Getting listing "report_upload"...
STATUS:> [17/09/2007 17:28:35] Initializing SFTP21 module...
STATUS:> [17/09/2007 17:28:35] Resolving host name trs.fsa.gov.uk...
STATUS:> [17/09/2007 17:28:35] Host name trs.fsa.gov.uk resolved: ip =
STATUS:> [17/09/2007 17:28:35] Connecting to SFTP server... trs.fsa.gov.uk:22 (ip =
Key Method: Diffie-Hellman-group1-SHA1
Host Key Algorithm: SSH-DSS
Session Cipher: 192 bit TripleDES-cbc
Session MAC: HMAC-MD5
Session Compressor/Decompressor: ZLIB
STATUS:> [17/09/2007 17:28:36] Getting working directory...
STATUS:> [17/09/2007 17:28:36] Home directory: /
STATUS:> [17/09/2007 17:28:36] Connected successfully.
STATUS:> [17/09/2007 17:28:36] Getting listing for directory '/report_upload'...
STATUS:> [17/09/2007 17:28:36] Getting working directory...
STATUS:> [17/09/2007 17:28:36] Directory listing completed.
Posted: 09/17/2007 12:00:41
by Eugene Mayevski (Team)

There can be many reasons, the main one being that the server doesn't understand or parse incorrectly the list of supported algorithms, sent by the server. This is a common bug in many servers. I tried to connect to the specified server and reached the authentication stage successfully. Of course the authentication didn't work.

To help you further we would need a log of the sample application from you.

Sincerely yours
Eugene Mayevski
Posted: 09/18/2007 03:02:23
by  Richard Price
Dear Eugene,

Thank you for you reply. The log is typed below:

Connecting to trs.fsa.gov.uk
Server received fingerprint: <Long string here snipped>
SSH Error 114
SSH Connection Failed: Connection Lost.

I did manage to speak to someone from the FSA Unix team who said that the bare SSH shell is what is required and the application that I use must not request the password. How do I configure blackbox so that it does not request the password? Is this likely to be the problem?

I am using the SimpleSSHDemo_2005 project from the samples directory. It is unchanged code, I haven't altered it from the copy that was installed. I can attach the code sample if you like.

All the best,
Posted: 09/18/2007 03:28:47
by Eugene Mayevski (Team)

Error 114 means that the enabled authentication methods didn't work. The most common reason is that the server uses keyboard-interactive authentication and this type of authentication is somehow disabled in code.
Note, that current version (5.2) handles the situation automatically.

Richard Price wrote:
did manage to speak to someone from the FSA Unix team who said that the bare SSH shell is what is required and the application that I use must not request the password. How do I configure blackbox so that it does not request the password? Is this likely to be the problem?

SSH can use several authentication schemes, such as password-based, key-based, keyboard-interactive (there are more, but the mentioned ones are most often used). The phrase "must not request a password" can mean the only thing - you must have a client-side SSH key to authorize yourself with. In other words, key-based authentication is used. It is not possible to login without any authentication at all (even empty password IS an authentication method).

Sincerely yours
Eugene Mayevski
Posted: 09/18/2007 03:39:27
by Eugene Mayevski (Team)

BTW the server reports, that it supports publickey and password authentications. So the keyboard-interactive authentication is not used.

Sincerely yours
Eugene Mayevski
Posted: 09/18/2007 11:06:17
by  Richard Price
Thank you Eugene.

I have tried everything that I can think of.

I tried ensuring that the authentication type is correct just before the open in the SimpleSSHDemo_VS2005.sln

I have tried every authentication type but nothing works. I even tried a combination of publickey and password authentications using And to join them. Are you sure that blackbox is not crippled software with the evaluation version and this is something that is fixed in the paid for version? Because I read the comment that the 5.2 handles it automatically.

I cannot work out what version I have and my manager does not want to buy the full version until he sees it working.

If the sample applications don't work against the server I don't know how to proceed?

I have noticed that if I use the SSHDemo_VS2005.sln I get a better result that I have output below.

Client socket connected
Server key received (DSA). Fingerprint is bf:37:cd:f3:8c:01:e2:cc:80:82:67:0b:b9:79:13:d9
Authentication succeeded
Connection started
Server: ReflectionForSecureIT_6.1.2.0 build 2935
Version: SSHv2
PublicKey algorithm: 0
Kex algorithm: 3
Block algorithm: 20
Compression algorithm: 0
MAC algorithm: 0
Shell connection closed

If I use CuteFTP version 8 than there is a key in the trusted identity list that I have exported into a .pub file. If I delete this key from the list and then open CuteFTP again it asks me if I want to trust the certificate that it has found on the SSH server. And the SSH2 Host key for this server was not found in your trusted identity list. It gives the public fingerprint. If I say no than the connection is immediately closed without an error code.

Is there a way of adding the public fingerprint to the trusted identity list in SecureBlackBox.Net??

Posted: 09/18/2007 11:35:09
by Eugene Mayevski (Team)

If the SSH sample works, then there's no issue to fix. ElSimpleSSHClient class incapsulates the same SSH component that the SSH demo uses.

So it's the problem of settings.
BTW you didn't tell us, what samples to check (C# or VB.NET ;) so I can't do a lot.
You need to check and ensure that the connection settings in two demos are the same. Also please check the event handlers to ensure that the same handlers are assigned. There's one thing I can see in the sample that might cause troubles - the event handler for OnKeyValidate doesn't set Validate out parameter to true. This means that the server key is not validated successfully. Just add "Validate = true;" to the event handler and see if this helps.

I can do this all for you but I will need your login/password. You can use HelpDesk to contact tech.support privately and give us the login credentials. This is done often by users and there's no risk in this.

Sincerely yours
Eugene Mayevski
Posted: 09/20/2007 04:03:37
by  Richard Price
Dear Eugene,

The code SSH_Demo works fine, the SSHSimpleDemo does not work against the server. I have been trying to copy code from SSH_Demo into my class library and get the component working with my application in that way. However, there is a AppendTextCallback that uses Private Sub AppendText. Is this important? Because it uses a textbox I have commented this out in my application.

In my application this works:

ClientSocket.SendFile("c:\FSAMarketsFeedClean" & CStr(intCount) & ".xml")
ConnectAndSend = ""
Catch ex As Exception
ConnectAndSend = ex.ToString
End Try

But I would like to do a change directory before the send file, how is this done?

This does not work because the SSHTunnelConnection is nothing:

If Not (SSHTunnelConnection Is Nothing) Then
Dim s As String = "cd report_upload" + vbCr + vbTab

Is there a version of SSH_Demo that is a class library or a demo without the interface?

Shall I attach the entire class minus the password and username?

Yours sincerely,
Posted: 09/20/2007 04:20:29
by Eugene Mayevski (Team)

AppendTextCallback is a leftover from the previous version of the code, you don't need it.

Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.



Topic viewed 3894 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!