Crypto algorithm could not be negotiated. (wodSFTP / wodSFTP.NET / wodSFTPdll)
by chris.miller@megaeasy.net, Wednesday, December 18, 2024, 08:17 (15 days ago)
I receiving the above error using wodFTPDLX.dll version 3.6.2.795
The service provider I am connecting to is changing their ftp server to
AWS Transfer Family.
I can connect to the server using filezilla. Using SFTP on port 22.
Crypto algorithm could not be negotiated.
by Jasmine, Wednesday, December 18, 2024, 08:20 (15 days ago) @ chris.miller@megaeasy.net
Hi.
Any chance we can connect there to see which crypto algorithms server support?
Regards,
Jasmine
Crypto algorithm could not be negotiated.
by chris.miller@megaeasy.net, Wednesday, December 18, 2024, 16:39 (15 days ago) @ Jasmine
Hi.
Any chance we can connect there to see which crypto algorithms server support?
Regards,
Jasmine
unfortunately I can't because of regulation.
But here is the spec sheet they gave us. It has two columns. On the right is the connection I'm trying to make.
https://drive.google.com/file/d/1ihanni1zb_nWPemt_t5dNale7jR5tVay/view?usp=sharing
and here is the debug log from filezilla as an example of it connecting
Trace: CControlSocket::SendNextCommand()
Trace: CSftpConnectOpData::Send() in state 0
Status: Connecting to files.availity.com...
Trace: Going to execute C:\Program Files\FileZilla FTP Client\fzsftp.exe
Response: fzSftp started, protocol_version=11
Trace: CSftpConnectOpData::ParseResponse() in state 0
Trace: CControlSocket::SendNextCommand()
Trace: CSftpConnectOpData::Send() in state 3
Command: open "*****@files.availity.com" 22
Trace: Looking up host "files.availity.com" for SSH connection
Trace: Connecting to 199.116.188.45 port 22
Trace: We claim version: SSH-2.0-FileZilla_3.68.1
Trace: Connected to 199.116.188.45
Trace: Remote version: SSH-2.0-AWS_SFTP_1.1
Trace: Using SSH protocol version 2
Trace: Doing ECDH key exchange with curve nistp256 and hash SHA-256 (unaccelerated)
Trace: Host key fingerprint is:
Trace: ssh-ed25519 255 SHA256:Y9eKTIbPMgStKTOOGhtA+zTYakwJoHNNHqjEXVIHAgg
Trace: Initialised AES-256 GCM outbound encryption
Trace: Initialised AES256 GCM outbound MAC algorithm (in ETM mode) (required by cipher)
Trace: Initialised AES-256 GCM inbound encryption
Trace: Initialised AES256 GCM inbound MAC algorithm (in ETM mode) (required by cipher)
Status: Using username "*****".
Command: Pass: ********
Trace: Sent password
Trace: Access granted
Trace: Opening main session channel
Trace: Opened main channel
Trace: Started a shell/command
Status: Connected to files.availity.com
Trace: Remote working directory is /
Trace: CSftpConnectOpData::ParseResponse() in state 3
Trace: CControlSocket::ResetOperation(0)
Trace: CSftpConnectOpData::Reset(0) in state 3
Trace: CFileZillaEnginePrivate::ResetOperation(0)
Trace: CControlSocket::SendNextCommand()
Trace: CSftpListOpData::Send() in state 0
Status: Retrieving directory listing...
Trace: CSftpChangeDirOpData::Send() in state 0
Trace: CSftpChangeDirOpData::Send() in state 1
Command: pwd
Response: Current directory is: "/"
Trace: CSftpChangeDirOpData::ParseResponse() in state 1
Trace: CControlSocket::ResetOperation(0)
Trace: CSftpChangeDirOpData::Reset(0) in state 1
Trace: CSftpListOpData::SubcommandResult(0) in state 1
Trace: CControlSocket::SendNextCommand()
Trace: CSftpListOpData::Send() in state 2
Trace: CControlSocket::ResetOperation(0)
Trace: CSftpListOpData::Reset(0) in state 2
Status: Directory listing of "/" successful
Trace: CFileZillaEnginePrivate::ResetOperation(0)
Trace: Got eof from child process
Trace: CControlSocket::DoClose(64)
Trace: CControlSocket::ResetOperation(66)
Trace: CFileZillaEnginePrivate::ResetOperation(66)
Crypto algorithm could not be negotiated.
by Jasmine, Wednesday, December 18, 2024, 16:45 (15 days ago) @ chris.miller@megaeasy.net
Hi.
Hmm, I see ecdh-sha2-nistp256 we do support, also ssh-ed25519, also aes128-gcm@openssh.com. I don't know about mac algorithm since it's not listed, but other than that I can't see why wodFtpDLX can not connect.
So, we must connect, we don't need login/pass, only the IP (which I see you provided, but we will not try to connect unless you allow us to). Encryption layer is raised before login/pass is provided, so we don't need credentials to duplicate the issue.
Jasmine
Crypto algorithm could not be negotiated.
by chris.miller@megaeasy.net, Thursday, December 19, 2024, 07:31 (14 days ago) @ Jasmine
Hi.
Hmm, I see ecdh-sha2-nistp256 we do support, also ssh-ed25519, also aes128-gcm@openssh.com. I don't know about mac algorithm since it's not listed, but other than that I can't see why wodFtpDLX can not connect.
So, we must connect, we don't need login/pass, only the IP (which I see you provided, but we will not try to connect unless you allow us to). Encryption layer is raised before login/pass is provided, so we don't need credentials to duplicate the issue.
Jasmine
You can connect.
Crypto algorithm could not be negotiated.
by Jasmine, Thursday, December 19, 2024, 08:22 (14 days ago) @ chris.miller@megaeasy.net
Hi,
seems it is firewalled and doesn't allow connection from any IP:
C:\Users\jasmine>telnet 199.116.188.45 22
Connecting To 199.116.188.45...Could not open connection to the host, on port 22: Connect failed
Any chance you can whitelist our IP?
Jasmine
Crypto algorithm could not be negotiated.
by chris.miller@megaeasy.net, Thursday, December 19, 2024, 19:55 (14 days ago) @ Jasmine
Hi,
seems it is firewalled and doesn't allow connection from any IP:
C:\Users\jasmine>telnet 199.116.188.45 22
Connecting To 199.116.188.45...Could not open connection to the host, on port 22: Connect failedAny chance you can whitelist our IP?
Jasmine
I don't have control over the FTP server or its network infrastructure.
I didn't have to white list my ip to access it using filezilla. I have connected from 2 different networks.
They must be blocking telnet specifically.
Crypto algorithm could not be negotiated.
by Jasmine, Thursday, December 19, 2024, 21:33 (14 days ago) @ chris.miller@megaeasy.net
Hi,
this is not telnet protocol, this is telnet application, using only to make socket connection to the server to port 22 to see if there's any response.
We were able to connect from USA server. Seems that server supports only these two MAC algorithms:
hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
we can add support for it but it will take a week for that.
Regards,
Jasmine
Crypto algorithm could not be negotiated.
by Jordan Roberts, Monday, December 23, 2024, 17:28 (10 days ago) @ Jasmine
I work with Chris, we will need support for those protocols added, we will wait for your update.
Thank you Jasmine.
"> We were able to connect from USA server. Seems that server supports only these two MAC algorithms:
hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.comwe can add support for it but it will take a week for that.
Regards,
Jasmine"
Crypto algorithm could not be negotiated.
by Jasmine, Sunday, December 29, 2024, 18:49 (4 days ago) @ Jordan Roberts
Hi.
Please request update and try latest version. Make sure Version property returns 3.7.0.798 . It should have required HMAC algorithms.
Let me know how it goes for you!
Regards,
Jasmine