Question:
Is it wise to communicate with servers running older versions of ssh? I mean like pre 2006?
What version does chilkat start with?
We have a client running 3.9, and chilkat will not negotiate. Which is probably good. Filezilla works.
clientIdentifier: SSH-2.0-PuTTY_Release_0.63
Sending client identifier...
Done sending client identifier.
Reading server version...
initialDataFromSshServer: SSH-2.0-OpenSSH_3.9p1
Thanks.
OpenSSH is just a particular implementation of the SSH protocol. The SSH protocol is open-ended in that it allows for all sorts of different algorithms (encryption, mac, host key, key exchange, etc.) to be supported or not supported. New algorithms have been standardized over the years.
To see what happened, user verbose logging and post the LastErrorText for the Connect method call.
ChilkatLog:
Connect_SFtp(125ms):
DllDate: Dec 29 2015
ChilkatVersion: 9.5.0.55
UnlockPrefix:*******
Username: W12-FTPPEND01:svc_ftp
Architecture: Little Endian; 32-bit
Language: Windows Perl
VerboseLogging: 1
SftpVersion: 0
connectInner(125ms):
hostname: ftp.glasslewis.com
port: 22
sshConnect(31ms):
connectSocket(31ms):
domainOrIpAddress: ftp.glasslewis.com
port: 22
connectTimeoutMs: 30000
connect_ipv6_or_ipv4(31ms):
Multi-threaded domain to IP address resolution
connecting to IPV4 address...
ipAddress: 72.3.217.177
createSocket:
Setting SO_SNDBUF size
sendBufSize: 262144
Setting SO_RCVBUF size
recvBufSize: 4194304
--createSocket
connect(31ms):
Waiting for the connect to complete...
myIP: 10.45.6.11
myPort: 51078
socket connect successful.
--connect
--connect_ipv6_or_ipv4
--connectSocket
Established TCP/IP connection with SSH server
Turning on TCP_NODELAY.
--sshConnect
sshSetupConnection(94ms):
clientIdentifier: SSH-2.0-PuTTY_Release_0.63
Sending client identifier...
Done sending client identifier.
Reading server version...
initialDataFromSshServer: SSH-2.0-OpenSSH_3.9p1
serverVersion: SSH-2.0-OpenSSH_3.9p1
build_kexInit:
preferRsaHostKeyAlgorithm: 1
--build_kexInit
KeyExchangeAlgs:
algorithm: diffie-hellman-group-exchange-sha1
algorithm: diffie-hellman-group14-sha1
algorithm: diffie-hellman-group1-sha1
--KeyExchangeAlgs
HostKeyAlgs:
algorithm: ssh-rsa
algorithm: ssh-dss
--HostKeyAlgs
EncCS:
algorithm: arcfour
algorithm: aes128-ctr
algorithm: aes192-ctr
algorithm: aes256-ctr
--EncCS
EncSC:
algorithm: arcfour
algorithm: aes128-ctr
algorithm: aes192-ctr
algorithm: aes256-ctr
--EncSC
MacCS:
algorithm: hmac-sha1
algorithm: hmac-ripemd160
--MacCS
MacSC:
algorithm: hmac-sha1
algorithm: hmac-ripemd160
--MacSC
CompCS:
algorithm: none
algorithm: zlib
--CompCS
CompSC:
algorithm: none
algorithm: zlib
--CompSC
Unable to agree upon server-to-client encryption algorithm.
Unable to agree upon client-to-server encryption algorithm.
ChosenIncomingMac: hmac-sha1
ChosenOutgoingMac: hmac-sha1
ChosenIncomingCompression: zlib
ChosenOutgoingCompression: zlib
ChosenKexAlgorithm: diffie-hellman-group-exchange-sha1
choose_hostkey_algorithm:
preferRsaHostKeyAlgorithm: 1
--choose_hostkey_algorithm
ChosenHostKeyAlgorithm: ssh-rsa
numBits: 128
pbits: 1024
Using GEX Group.
Sending KEX_DH_GEX_REQUEST...
pbits: 1024
numBytesRequested: 8
Connection closed by peer.
passiveClose(16ms):
Passive socket closing complete.
--passiveClose
sshRawPacket: Socket connection closed.
sshDhGex: Socket connection closed.
Failed to read KEX_DH_GEX_REQUEST response
--sshSetupConnection
--connectInner
Failed.
--Connect_SFtp
--ChilkatLog
I found comments in Chilkat's internal source indicating that CTR mode was not implemented correctly in some older versions of OpenSSH. Chilkat automatically turned off the ability to select these algorithms when the server version string indicates an older version of OpenSSH.
I made a change so that instead of turning CTR mode off, it puts those algorithms at lowest priority, allowing others to be chosen if any exist. (arcfour is off by default because it is insecure).
Please tell me your version of Perl (such as 5.12, 5.16, etc.) and I'll provide a new build.
Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:UsersLE03964a>perl --version
This is perl 5, version 16, subversion 3 (v5.16.3) built for MSWin32-x86-multi-t hread (with 1 registered patch, see perl -V for more detail)
Copyright 1987-2012, Larry Wall
Binary build 1604 [298023] provided by ActiveState http://www.ActiveState.com Built Apr 14 2014 14:32:20
Perl may be copied only under the terms of either the Artistic License or the GNU General Public License, which may be found in the Perl 5 source kit.
Complete documentation for Perl, including FAQ lists, should be found on this system using "man perl" or "perldoc perl". If you have access to the Internet, point your browser at http://www.perl.org/, the Perl Home Page.
Here's a build with the change: http://www.chilkatsoft.com/download/preRelease/chilkat-9.5.0-perl-5.16-x86-win.zip
Thank you so much.