Crypto algorithm could not be negotiated. (wodSFTP / wodSFTP.NET / wodSFTPdll)
I receiving the above error using wodFTPDLX.dll version 3.6.2.795
The service provider I am connecting to is changing their ftp server to
AWS Transfer Family.
I can connect to the server using filezilla. Using SFTP on port 22.
Crypto algorithm could not be negotiated.
Hi.
Any chance we can connect there to see which crypto algorithms server support?
Regards,
Jasmine
Crypto algorithm could not be negotiated.
Hi.
Any chance we can connect there to see which crypto algorithms server support?
Regards,
Jasmine
unfortunately I can't because of regulation.
But here is the spec sheet they gave us. It has two columns. On the right is the connection I'm trying to make.
https://drive.google.com/file/d/1ihanni1zb_nWPemt_t5dNale7jR5tVay/view?usp=sharing
and here is the debug log from filezilla as an example of it connecting
Trace: CControlSocket::SendNextCommand()
Trace: CSftpConnectOpData::Send() in state 0
Status: Connecting to files.availity.com...
Trace: Going to execute C:\Program Files\FileZilla FTP Client\fzsftp.exe
Response: fzSftp started, protocol_version=11
Trace: CSftpConnectOpData::ParseResponse() in state 0
Trace: CControlSocket::SendNextCommand()
Trace: CSftpConnectOpData::Send() in state 3
Command: open "*****@files.availity.com" 22
Trace: Looking up host "files.availity.com" for SSH connection
Trace: Connecting to 199.116.188.45 port 22
Trace: We claim version: SSH-2.0-FileZilla_3.68.1
Trace: Connected to 199.116.188.45
Trace: Remote version: SSH-2.0-AWS_SFTP_1.1
Trace: Using SSH protocol version 2
Trace: Doing ECDH key exchange with curve nistp256 and hash SHA-256 (unaccelerated)
Trace: Host key fingerprint is:
Trace: ssh-ed25519 255 SHA256:Y9eKTIbPMgStKTOOGhtA+zTYakwJoHNNHqjEXVIHAgg
Trace: Initialised AES-256 GCM outbound encryption
Trace: Initialised AES256 GCM outbound MAC algorithm (in ETM mode) (required by cipher)
Trace: Initialised AES-256 GCM inbound encryption
Trace: Initialised AES256 GCM inbound MAC algorithm (in ETM mode) (required by cipher)
Status: Using username "*****".
Command: Pass: ********
Trace: Sent password
Trace: Access granted
Trace: Opening main session channel
Trace: Opened main channel
Trace: Started a shell/command
Status: Connected to files.availity.com
Trace: Remote working directory is /
Trace: CSftpConnectOpData::ParseResponse() in state 3
Trace: CControlSocket::ResetOperation(0)
Trace: CSftpConnectOpData::Reset(0) in state 3
Trace: CFileZillaEnginePrivate::ResetOperation(0)
Trace: CControlSocket::SendNextCommand()
Trace: CSftpListOpData::Send() in state 0
Status: Retrieving directory listing...
Trace: CSftpChangeDirOpData::Send() in state 0
Trace: CSftpChangeDirOpData::Send() in state 1
Command: pwd
Response: Current directory is: "/"
Trace: CSftpChangeDirOpData::ParseResponse() in state 1
Trace: CControlSocket::ResetOperation(0)
Trace: CSftpChangeDirOpData::Reset(0) in state 1
Trace: CSftpListOpData::SubcommandResult(0) in state 1
Trace: CControlSocket::SendNextCommand()
Trace: CSftpListOpData::Send() in state 2
Trace: CControlSocket::ResetOperation(0)
Trace: CSftpListOpData::Reset(0) in state 2
Status: Directory listing of "/" successful
Trace: CFileZillaEnginePrivate::ResetOperation(0)
Trace: Got eof from child process
Trace: CControlSocket::DoClose(64)
Trace: CControlSocket::ResetOperation(66)
Trace: CFileZillaEnginePrivate::ResetOperation(66)
Crypto algorithm could not be negotiated.
Hi.
Hmm, I see ecdh-sha2-nistp256 we do support, also ssh-ed25519, also aes128-gcm@openssh.com. I don't know about mac algorithm since it's not listed, but other than that I can't see why wodFtpDLX can not connect.
So, we must connect, we don't need login/pass, only the IP (which I see you provided, but we will not try to connect unless you allow us to). Encryption layer is raised before login/pass is provided, so we don't need credentials to duplicate the issue.
Jasmine
Crypto algorithm could not be negotiated.
Hi.
Hmm, I see ecdh-sha2-nistp256 we do support, also ssh-ed25519, also aes128-gcm@openssh.com. I don't know about mac algorithm since it's not listed, but other than that I can't see why wodFtpDLX can not connect.
So, we must connect, we don't need login/pass, only the IP (which I see you provided, but we will not try to connect unless you allow us to). Encryption layer is raised before login/pass is provided, so we don't need credentials to duplicate the issue.
Jasmine
You can connect.
Crypto algorithm could not be negotiated.
Hi,
seems it is firewalled and doesn't allow connection from any IP:
C:\Users\jasmine>telnet 199.116.188.45 22
Connecting To 199.116.188.45...Could not open connection to the host, on port 22: Connect failed
Any chance you can whitelist our IP?
Jasmine
Crypto algorithm could not be negotiated.
Hi,
seems it is firewalled and doesn't allow connection from any IP:
C:\Users\jasmine>telnet 199.116.188.45 22
Connecting To 199.116.188.45...Could not open connection to the host, on port 22: Connect failedAny chance you can whitelist our IP?
Jasmine
I don't have control over the FTP server or its network infrastructure.
I didn't have to white list my ip to access it using filezilla. I have connected from 2 different networks.
They must be blocking telnet specifically.
Crypto algorithm could not be negotiated.
Hi,
this is not telnet protocol, this is telnet application, using only to make socket connection to the server to port 22 to see if there's any response.
We were able to connect from USA server. Seems that server supports only these two MAC algorithms:
hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
we can add support for it but it will take a week for that.
Regards,
Jasmine
