Connecting to Microsoft Azure blob (wodFtpDLX / wodFtpDLX.NET)
by dfb, Wednesday, August 03, 2022, 08:08 (853 days ago)
Hi there,
A client is requesting an SFTP connection to an Azure blob.
Testing using WOD FTP DLX.Net 1.9.0.253 shows a connection error: Could not negotiate key exchange algorithm.
Microsoft has a list of supported algorithms https://docs.microsoft.com/en-au/azure/storage/blobs/secure-file-transfer-protocol-supp...
Is it possible to find out if versions later than 1.9.0.253 support some of these algorithms, and/or will coming versions support more of them?
Thanks!
Connecting to Microsoft Azure blob
by wodSupport, Wednesday, August 03, 2022, 09:14 (853 days ago) @ dfb
Hi.
If you're using NET 4+, you should be able to connect using ecdh-sha2-nistp256 or ecdh-sha2-nistp384 key exchanges. Otherwise we would need to add support to match exact ones supported by azure.
Regards,
Jasmine
Connecting to Microsoft Azure blob
by dfb, Thursday, August 04, 2022, 03:07 (853 days ago) @ wodSupport
Thanks Jasmine.
Confirming we are using .Net Framework 4.8
We have been able to run a network trace when trying to connect, if this helps.
Error returned: WeOnlyDo.Exceptions.FtpDLX.ProtocolException: Could not negotiate key exchange algorithm.
(Spaces added after commas to avoid "word too long" errors)
SSH Protocol
SSH Version 2
Packet Length: 684
Padding Length: 7
Key Exchange
Message Code: Key Exchange Init (20)
Algorithms
Cookie: a951aaef8388f72ad4dfc0a1148ebd0b
kex_algorithms length: 145
kex_algorithms string: ecdh-sha2-nistp384, ecdh-sha2-nistp256, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group-exchange-sha256, ext-info-s
server_host_key_algorithms length: 65
server_host_key_algorithms string: rsa-sha2-256, rsa-sha2-512, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384
encryption_algorithms_client_to_server length: 111
encryption_algorithms_client_to_server string: aes128-gcm@openssh.com, aes256-gcm@openssh.com, aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr
encryption_algorithms_server_to_client length: 111
encryption_algorithms_server_to_client string: aes128-gcm@openssh.com, aes256-gcm@openssh.com, aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr
mac_algorithms_client_to_server length: 87
mac_algorithms_client_to_server string: hmac-sha2-256, hmac-sha2-512, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com
mac_algorithms_server_to_client length: 87
mac_algorithms_server_to_client string: hmac-sha2-256, hmac-sha2-512, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com
compression_algorithms_client_to_server length: 4
compression_algorithms_client_to_server string: none
compression_algorithms_server_to_client length: 4
compression_algorithms_server_to_client string: none
languages_client_to_server length: 0
languages_client_to_server string: [Empty]
languages_server_to_client length: 0
languages_server_to_client string: [Empty]
First KEX Packet Follows: 0
Reserved: 00000000
Padding String: 25c2630451e8de
Many thanks.
Hi.
If you're using NET 4+, you should be able to connect using ecdh-sha2-nistp256 or ecdh-sha2-nistp384 key exchanges. Otherwise we would need to add support to match exact ones supported by azure.
Regards,
Jasmine
Connecting to Microsoft Azure blob
by wodSupport, Thursday, August 04, 2022, 09:24 (852 days ago) @ dfb
Hi.
We made an update, please download wodFtpDLX.NET again (or request update if you have valid updates subscription) and try it now.
Regards,
Jasmine
Connecting to Microsoft Azure blob
by dfb, Tuesday, August 09, 2022, 09:28 (847 days ago) @ wodSupport
Thanks Jasmine!
We're testing that new version, and it seems to work with the Azure blob SFTP connection - but I notice some existing code that was working with private key authentication to another server is no longer working.
It fails when trying to connect, with this error:
System.NullReferenceException: Object reference not set to an instance of an object.
Was there any behaviour change between versions 1.9.0.253 and 1.9.2.260 ?
Thanks
Connecting to Microsoft Azure blob
by wodSupport, Tuesday, August 09, 2022, 09:45 (847 days ago) @ dfb
Hi.
I don't think so. Is it something we could duplicate by ourselves? Can you share your code as separate sample?
Jasmine
Connecting to Microsoft Azure blob
by dfb, Wednesday, August 10, 2022, 07:14 (846 days ago) @ wodSupport
Thanks Jasmine. Some test VB code below. As shown using key file, it fails at the connect. It works if modified to authenticate with a password.
[code]
Try
Using ftps As New WeOnlyDo.Client.FtpDLX
ftps.Hostname = hostname
ftps.ListParams = ""
ftps.LicenseKey = licenceKey
ftps.TransferMode = TransferModes.Binary
ftps.Blocking = True
ftps.Passive = False
ftps.Protocol = Protocols.SFTP
ftps.Authentication = Authentications.Certificate
ftps.PrivateKey = IO.File.ReadAllText(privateKeyFile)
ftps.Login = login
ftps.Connect()
ftps.ListDir("\")
For Each ftpDirItem As DirItem In ftps.DirItems
Console.WriteLine(ftpDirItem.FullLine)
Next
ftps.Disconnect()
End Using
Catch ex As Exception
Console.WriteLine(ex.ToString)
End Try
[code]
Hi.
I don't think so. Is it something we could duplicate by ourselves? Can you share your code as separate sample?
Jasmine
Connecting to Microsoft Azure blob
by wodSupport, Wednesday, August 10, 2022, 23:15 (846 days ago) @ dfb
Thank you! I believe we were able to duplicate and fix the issue, so please request update to obtain latest wodFtpDLX.NET (or download DEMO if you don't have valid update subscription) and try it now. Make sure Version property returns 1.9.2.261
Note that most probably your key was invalid, and didn't contain private part of the key, but now you will receive more descriptive error and it will not just crash.
Let me know if it's ok now!
Regards,
Jasmine
Connecting to Microsoft Azure blob
by dfb, Thursday, August 11, 2022, 02:59 (846 days ago) @ wodSupport
Thank you Jasmine!
I have tried with 1.9.2.261 and am now getting "Authentication with the server failed."
However, reverting to the old wodFtpDLX.NET version (1.9.0.253) it connects successfully - using the same test code and the same key file.
Any ideas what else we can try?
Connecting to Microsoft Azure blob
by wodSupport, Thursday, August 11, 2022, 23:20 (845 days ago) @ dfb
Hi.
Yes, you seem to be right, there was code change in later versions that could cause problems with the key authentication. It is now fixed, please request update and try it out, it should be working ok now.
Regards,
Jasmine
Connecting to Microsoft Azure blob
by dfb, Tuesday, August 16, 2022, 02:08 (841 days ago) @ wodSupport
Many thanks Jasmine.
We'll continue to test, but so far this looks like it's working well for us.
Thanks again!