Archived Forum Post

Index of archived forum posts

Question:

SFTP connection issue: Failed to read initial server version string

Jan 31 '14 at 07:14

Hi,

I have a problem with connecting to one of our SFTP servers using Chilkat library. From the same client machine I can connect to one of the servers without any problems but I can't establish connection to the another one and I'm getting below message:

Connect_SFtp:
    DllDate: Aug 15 2013
    ChilkatVersion: 9.4.1.42
    UnlockPrefix: KARATHSSH
    Username: PKD3L6PB2S:1218541
    Architecture: Little Endian; 32-bit
    Language: .NET 2.0
    VerboseLogging: 1
    SftpVersion: 0
    hostname: 10.20.225.209
    port: 22
    ConnectTimeoutMs_1: 5000
    calling ConnectSocket2
    IPV6 enabled connect with NO heartbeat.
    This is an IPV4 numeric address...
    AddrInfoList:
        AddrInfo:
            ai_flags: 4
            ai_family: 2
            ai_socktype: 1
            ai_protocol: 0
            ai_addrlen: 16
            ai_canonname: (NULL)
            (leaveContext)
        (leaveContext)
    Connect using IPV4.
    ipAddress1: 10.20.225.209
    myIP_3: 10.152.228.110
    myPort_3: 59682
    connect successful (2)
    Established TCP/IP connection with SSH server
    Turning on TCP_NODELAY.
    clientIdentifier: SSH-2.0-PuTTY_Local:_May_11_2009_17:22:38
    Sending client identifier...
    Done sending client identifier.
    Reading server version...
    initialDataFromSshServer: P
    initialDataFromSshServer: 
    Timeout waiting to read socket or accept connection
    timeoutMs: 15000
    Failed to read initial server version string
    bytesReceived: \x14\xADz\x18\xA5&\x9A\x17\xDDl(\?T\xA8\xD7\r\x19\0\0\0Ndiffie-hellman-group

14-sha1,diffie-hellman-group1-sha1,extension1-sha1@ssh.com\0\0\0\assh-rsa\0\0

\0qaes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,3des-cb

c,seed-cbc@ssh.com,crypticore128@ssh.com\0\0\0qaes128-cbc,aes192-cbc,aes256-

cbc,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,seed-cbc@ssh.com,crypticore128

@ssh.com\0\0\0)hmac-sha1,hmac-md5,crypticore-mac@ssh.com\0\0\0)hmac-sha1,hma

c-md5,crypticore-mac@ssh.com\0\0\0\x09none,zlib\0\0\0\x09none,zlib\0\0\0\0\0

\0\0\0\0\0\0\0\0\x8D\x96\'\x17Q\x14\xB7\xB0\x88x
    Failed.
    (leaveContext)

Any idea how to find where the issue is?

Thanks MaciekG


Answer

The SSH server should have a version string that begins with "SSH-".

When an SSH client connects to an SSH server, the first thing the server sends is it's server version identifier, which should be a string that begins with "SSH-" and ends in a CRLF (or LF, Chilkat can handle either). In the case above, the very first bytes received from the server were not "SSH-", it was "P"

initialDataFromSshServer: P
Chilkat then decided to keep reading for the SSH server version, but what it instead received was the SSH server's KEX_INIT message, which is what normally follows.

The solution is to fix the server to send an appropriately formatted server-version string.


Answer

Hi,

Thanks for your answer but the problem here is that ~2000 other clients connects to this SFTP server without any problem. I have this problem only with ~30 clients and have no idea where is the issue.

Greetings MaciekG