login about faq

Hello,

Our server products recently upgraded to OpenSSH 6.8. After doing so we noticed that the latest ChilKat SSH v9.5.0 libraries for .NET, as well as other applications such as TeraTerm, can no longer communicate with our server.

It appears that TeraTerm is aware of the issue and are resolving it in their next release:

http://marc.info/?l=openssh-unix-dev&m=142854767827097&w=2

Wondering if this is a known issue, and if there are plans to resolve it?

Thank you - Anthony

asked Apr 23 '15 at 15:31

anthonybarrera's gravatar image

anthonybarrera
11

edited Apr 23 '15 at 15:33


Please post a verbose LastErrorText for the method call that fails..

link

answered Apr 23 '15 at 15:49

chilkat's gravatar image

chilkat ♦♦
11.8k316358421

Using AES 256

ChilkatLog:
  Connect_Ssh:
    DllDate: Mar  6 2015
    ChilkatVersion: 9.5.0.48
    UnlockPrefix: ANTHONSSH
    Username: ANTHONYLAPTOP:anthony barrera
    Architecture: Little Endian; 32-bit
    Language: .NET 2.0
    VerboseLogging: 0
    hostname: 192.168.0.122
    port: 22
    Established TCP/IP connection with SSH server
    clientIdentifier: SSH-2.0-PuTTY_Release_0.63
    Sending client identifier...
    Done sending client identifier.
    Reading server version...
    initialDataFromSshServer: SSH-2.0-OpenSSH_6.8

    serverVersion: SSH-2.0-OpenSSH_6.8
    KeyExchangeAlgs:
      algorithm: curve25519-sha256@libssh.org
      algorithm: ecdh-sha2-nistp256
      algorithm: ecdh-sha2-nistp384
      algorithm: ecdh-sha2-nistp521
      algorithm: diffie-hellman-group-exchange-sha256
      algorithm: diffie-hellman-group14-sha1
    --KeyExchangeAlgs
    HostKeyAlgs:
      algorithm: ssh-rsa
      algorithm: ssh-dss
    --HostKeyAlgs
    EncCS:
      algorithm: aes128-ctr
      algorithm: aes192-ctr
      algorithm: aes256-ctr
      algorithm: aes128-gcm@openssh.com
      algorithm: aes256-gcm@openssh.com
      algorithm: chacha20-poly1305@openssh.com
    --EncCS
    EncSC:
      algorithm: aes128-ctr
      algorithm: aes192-ctr
      algorithm: aes256-ctr
      algorithm: aes128-gcm@openssh.com
      algorithm: aes256-gcm@openssh.com
      algorithm: chacha20-poly1305@openssh.com
    --EncSC
    MacCS:
      algorithm: umac-64-etm@openssh.com
      algorithm: umac-128-etm@openssh.com
      algorithm: hmac-sha2-256-etm@openssh.com
      algorithm: hmac-sha2-512-etm@openssh.com
      algorithm: hmac-sha1-etm@openssh.com
      algorithm: umac-64@openssh.com
      algorithm: umac-128@openssh.com
      algorithm: hmac-sha2-256
      algorithm: hmac-sha2-512
      algorithm: hmac-sha1
    --MacCS
    MacSC:
      algorithm: umac-64-etm@openssh.com
      algorithm: umac-128-etm@openssh.com
      algorithm: hmac-sha2-256-etm@openssh.com
      algorithm: hmac-sha2-512-etm@openssh.com
      algorithm: hmac-sha1-etm@openssh.com
      algorithm: umac-64@openssh.com
      algorithm: umac-128@openssh.com
      algorithm: hmac-sha2-256
      algorithm: hmac-sha2-512
      algorithm: hmac-sha1
    --MacSC
    CompCS:
      algorithm: none
      algorithm: zlib@openssh.com
    --CompCS
    CompSC:
      algorithm: none
      algorithm: zlib@openssh.com
    --CompSC
    ForceCipher: aes256-cbc
    ServerDoesNotSupport: aes256-cbc
    Unable to agree upon server-to-client encryption algorithm.
    ForceCipher: aes256-cbc
    ServerDoesNotSupport: aes256-cbc
    Unable to agree upon client-to-server encryption algorithm.
    ChosenIncomingMac: hmac-sha2-256
    ChosenOutgoingMac: hmac-sha2-256
    ChosenIncomingCompression: zlib@openssh.com
    ChosenOutgoingCompression: zA first chance exception of type 'System.ArgumentException' occurred in WtiManagementUtility.exe
lib@openssh.com
    ChosenKexAlgorithm: diffie-hellman-group-exchange-sha256
    ChosenHostKeyAlgorithm: ssh-dsa
    numBits: 128
    pbits: 1024
    Using GEX Group.
    Sending KEX_DH_GEX_REQUEST...
    pbits: 1024
    WindowsError: An existing connection was forcibly closed by the remote host.
    WindowsErrorCode: 0x2746
    numBytesRequested: 8
    Failed to receive data on the TCP socket
    sshRawPacket: Socket fatal error.
    sshDhGex: Socket fatal error.
    Failed to read KEX_DH_GEX_REQUEST response
    Failed.
  --Connect_Ssh
--ChilkatLog

And using Blowfish 128:

ChilkatLog:
  Connect_Ssh:
    DllDate: Mar  6 2015
    ChilkatVersion: 9.5.0.48
    UnlockPrefix: ANTHONSSH
    Username: ANTHONYLAPTOP:anthony barrera
    Architecture: Little Endian; 32-bit
    Language: .NET 2.0
    VerboseLogging: 0
    hostname: 192.168.0.122
    port: 22
    Established TCP/IP connection with SSH server
    clientIdentifier: SSH-2.0-PuTTY_Release_0.63
    Sending client identifier...
    Done sending client identifier.
    Reading server version...
    initialDataFromSshServer: SSH-2.0-OpenSSH_6.8

    serverVersion: SSH-2.0-OpenSSH_6.8
    KeyExchangeAlgs:
      algorithm: curve25519-sha256@libssh.org
      algorithm: ecdh-sha2-nistp256
      algorithm: ecdh-sha2-nistp384
      algorithm: ecdh-sha2-nistp521
      algorithm: diffie-hellman-group-exchange-sha256
      algorithm: diffie-hellman-group14-sha1
    --KeyExchangeAlgs
    HostKeyAlgs:
      algorithm: ssh-rsa
      algorithm: ssh-dss
    --HostKeyAlgs
    EncCS:
      algorithm: aes128-ctr
      algorithm: aes192-ctr
      algorithm: aes256-ctr
      algorithm: aes128-gcm@openssh.com
      algorithm: aes256-gcm@openssh.com
      algorithm: chacha20-poly1305@openssh.com
    --EncCS
    EncSC:
      algorithm: aes128-ctr
      algorithm: aes192-ctr
      algorithm: aes256-ctr
      algorithm: aes128-gcm@openssh.com
      algorithm: aes256-gcm@openssh.com
      algorithm: chacha20-poly1305@openssh.com
    --EncSC
    MacCS:
      algorithm: umac-64-etm@openssh.com
      algorithm: umac-128-etm@openssh.com
      algorithm: hmac-sha2-256-etm@openssh.com
      algorithm: hmac-sha2-512-etm@openssh.com
      algorithm: hmac-sha1-etm@openssh.com
      algorithm: umac-64@openssh.com
      algorithm: umac-128@openssh.com
      algorithm: hmac-sha2-256
      algorithm: hmac-sha2-512
      algorithm: hmac-sha1
    --MacCS
    MacSC:
      algorithm: umac-64-etm@openssh.com
      algorithm: umac-128-etm@openssh.com
      algorithm: hmac-sha2-256-etm@openssh.com
      algorithm: hmac-sha2-512-etm@openssh.com
      algorithm: hmac-sha1-etm@openssh.com
      algorithm: umac-64@openssh.com
      algorithm: umac-128@openssh.com
      algorithm: hmac-sha2-256
      algorithm: hmac-sha2-512
      algorithm: hmac-sha1
    --MacSC
    CompCS:
      algorithm: none
      algorithm: zlib@openssh.com
    --CompCS
    CompSC:
      algorithm: none
      algorithm: zlib@openssh.com
    --CompSC
    ForceCipher: blowfish-cbc
    ServerDoesNotSupport: blowfish-cbc
    Unable to agree upon server-to-client encryption algorithm.
    ForceCipher: blowfish-cbc
    ServerDoesNotSupport: blowfish-cbc
    Unable to agree upon client-to-server encryption algorithm.
    ChosenIncomingMac: hmac-sha2-256
    ChosenOutgoingMac: hmac-sha2-256
    ChosenIncomingCompression: zlib@openssh.com
    ChosenOutgoingCompreA first chance exception of type 'System.ArgumentException' occurred in WtiManagementUtility.exe
ssion: zlib@openssh.com
    ChosenKexAlgorithm: diffie-hellman-group-exchange-sha256
    ChosenHostKeyAlgorithm: ssh-dsa
    numBits: 128
    pbits: 1024
    Using GEX Group.
    Sending KEX_DH_GEX_REQUEST...
    pbits: 1024
    WindowsError: An existing connection was forcibly closed by the remote host.
    WindowsErrorCode: 0x2746
    numBytesRequested: 8
    Failed to receive data on the TCP socket
    sshRawPacket: Socket fatal error.
    sshDhGex: Socket fatal error.
    Failed to read KEX_DH_GEX_REQUEST response
    Failed.
  --Connect_Ssh
--ChilkatLog
link

answered Apr 24 '15 at 12:42

anthonybarrera's gravatar image

anthonybarrera
11

According to the LastErrorText, the ForceCipher property has been set to blowfish-cbc, but the server doesn't support it:

    ForceCipher: blowfish-cbc
    ServerDoesNotSupport: blowfish-cbc

Have you set the ForceCipher property to blowfish-cbc anywhere in your code?

link

answered Apr 24 '15 at 13:20

jpbro's gravatar image

jpbro ♦
1.1k2618

I have set the forceCipher property to blowfish-cbc to improve speed. If I leave it blank, my app and server negotiate to aes256-ctr and I can conenct.

Thanks for your help!

link

answered Apr 24 '15 at 14:21

anthonybarrera's gravatar image

anthonybarrera
11

Glad to help! If you accept my answer it will help others know that the problem can be solved if they encounter it too.

(Apr 24 '15 at 16:33) jpbro ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×90

Asked: Apr 23 '15 at 15:31

Seen: 1,359 times

Last updated: Apr 24 '15 at 16:33

powered by OSQA