EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SSH or SFTP connection to the server is not established (connection is closed during handshake). WTF? (page 1)

First | 1 | 2 | Last | All
You run the code which uses SSH or SFTP client and ... got nothing. Connection is not established.

SSH family of protocols is complex and various SSH servers interpret the specifications differently. This leads to the problem, when to connect and interoperate with some server you need to select the right combination of SSH protocol settings.

So if you can't connect, please take the following steps. While the list seems to be long, it is a must if you need the connection to be successful.

  1. wrap the call to Open() method with exception handling statement (try/catch, try/except etc. depending on the used language) and check the exception description. If you are catching an exception of type ESecureBlackboxError, this exception has ErrorCode property which provides numeric error code.
  2. Implement event handlers for OnError and OnDisconnect events. If the error is reported via OnError, analyze it's description and error code. OnDisconnect also reports the reason of closing the connection, if the server has sent the text. Note, that SSH and SFTP have the overlapping set of error codes that have different meaning. The error codes are reported by the server, so we don't have influence on them.

Socket error codes start with 10000 (eg. 10060, 10053). You can find description of these errors in Google (type "Winsock error 10060" to get info on error 10060). Error 10053 (connection reset by peer) means that the server forcefully closed connection without properly notifying the client about the problem. This is BUGGY server.

If the error is not reported (this happens sometimes) or it doesn't give you meaningful and helpful information, proceed with problem solving as described below:

  1. Turn off compression. This is done via CompressionAlgorithms property of the client component.
  2. Run the sample applications which are located in various subfolders of \Samples folder. If the samples work correctly, please study the differences between settings of the component in the sample applications and in your code. If the samples don't work, proceed to step 4.
  3. If no connection is established, check your firewall / router. It must allow outgoing connections to port 22 from your computer. Some firewalls detect well-known applications and let them out. So it happens sometimes that WinSCP or FileZilla connects and your code does not.
  4. Check the log of the sample project. If it contains "SSH error 114" text, this means that authentication was not successful. In this case you need to
    1. ensure that you have selected the right authentication mechanism (see AuthenticationTypes property of the client component). SSH authentication mechanisms are described in details in this article. It's a common mistake to enable only password authentication, while the server uses misleadingly similar keyboard-interactive authentication.
    2. if you use key-based authentication, see Step 6.
  5. If the server closes connection without reporting any error, this usually means that you are connecting to the buggy server, which doesn't interpret the client request correctly. What does this mean? The client sends the list of known algorithms to the server. The server must ignore the unknown entries in the list of algorithms. However many servers crash or close connection when they come across the name of the algorithm, that they don't understand. In particular, all 3.x versions of OpenSSH do this. In this case you need to turn off all algorithms besides the very old and well-known (listed below).
    SecureBlacbox tries to detect the old servers automatically and disable the newer algorithms. This is controlled by AutoAdjustCiphers property. Try turning this property ON and see if this solves the problem. If it does not, turn the property off, then turn off all algorithms except the listed ones:
    First | 1 | 2 | Last | All

Return to the list


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!