Archived Forum Post

Index of archived forum posts

Question:

Chilkat SSH Problems with Openssh 6.8

Apr 24 '15 at 16:33

Hello,

Our server products recently upgraded to OpenSSH 6.8. After doing so we noticed that the latest ChilKat SSH v9.5.0 libraries for .NET, as well as other applications such as TeraTerm, can no longer communicate with our server.

It appears that TeraTerm is aware of the issue and are resolving it in their next release:

http://marc.info/?l=openssh-unix-dev&m=142854767827097&w=2

Wondering if this is a known issue, and if there are plans to resolve it?

Thank you - Anthony

---

Answer

Please post a verbose LastErrorText for the method call that fails..

---

Answer

Using AES 256

ChilkatLog:
  Connect_Ssh:
    DllDate: Mar  6 2015
    ChilkatVersion: 9.5.0.48
    UnlockPrefix: ANTHONSSH
    Username: ANTHONYLAPTOP:anthony barrera
    Architecture: Little Endian; 32-bit
    Language: .NET 2.0
    VerboseLogging: 0
    hostname: 192.168.0.122
    port: 22
    Established TCP/IP connection with SSH server
    clientIdentifier: SSH-2.0-PuTTY_Release_0.63
    Sending client identifier...
    Done sending client identifier.
    Reading server version...
    initialDataFromSshServer: SSH-2.0-OpenSSH_6.8

    serverVersion: SSH-2.0-OpenSSH_6.8
    KeyExchangeAlgs:
      algorithm: curve25519-sha256@libssh.org
      algorithm: ecdh-sha2-nistp256
      algorithm: ecdh-sha2-nistp384
      algorithm: ecdh-sha2-nistp521
      algorithm: diffie-hellman-group-exchange-sha256
      algorithm: diffie-hellman-group14-sha1
    --KeyExchangeAlgs
    HostKeyAlgs:
      algorithm: ssh-rsa
      algorithm: ssh-dss
    --HostKeyAlgs
    EncCS:
      algorithm: aes128-ctr
      algorithm: aes192-ctr
      algorithm: aes256-ctr
      algorithm: aes128-gcm@openssh.com
      algorithm: aes256-gcm@openssh.com
      algorithm: chacha20-poly1305@openssh.com
    --EncCS
    EncSC:
      algorithm: aes128-ctr
      algorithm: aes192-ctr
      algorithm: aes256-ctr
      algorithm: aes128-gcm@openssh.com
      algorithm: aes256-gcm@openssh.com
      algorithm: chacha20-poly1305@openssh.com
    --EncSC
    MacCS:
      algorithm: umac-64-etm@openssh.com
      algorithm: umac-128-etm@openssh.com
      algorithm: hmac-sha2-256-etm@openssh.com
      algorithm: hmac-sha2-512-etm@openssh.com
      algorithm: hmac-sha1-etm@openssh.com
      algorithm: umac-64@openssh.com
      algorithm: umac-128@openssh.com
      algorithm: hmac-sha2-256
      algorithm: hmac-sha2-512
      algorithm: hmac-sha1
    --MacCS
    MacSC:
      algorithm: umac-64-etm@openssh.com
      algorithm: umac-128-etm@openssh.com
      algorithm: hmac-sha2-256-etm@openssh.com
      algorithm: hmac-sha2-512-etm@openssh.com
      algorithm: hmac-sha1-etm@openssh.com
      algorithm: umac-64@openssh.com
      algorithm: umac-128@openssh.com
      algorithm: hmac-sha2-256
      algorithm: hmac-sha2-512
      algorithm: hmac-sha1
    --MacSC
    CompCS:
      algorithm: none
      algorithm: zlib@openssh.com
    --CompCS
    CompSC:
      algorithm: none
      algorithm: zlib@openssh.com
    --CompSC
    ForceCipher: aes256-cbc
    ServerDoesNotSupport: aes256-cbc
    Unable to agree upon server-to-client encryption algorithm.
    ForceCipher: aes256-cbc
    ServerDoesNotSupport: aes256-cbc
    Unable to agree upon client-to-server encryption algorithm.
    ChosenIncomingMac: hmac-sha2-256
    ChosenOutgoingMac: hmac-sha2-256
    ChosenIncomingCompression: zlib@openssh.com
    ChosenOutgoingCompression: zA first chance exception of type 'System.ArgumentException' occurred in WtiManagementUtility.exe
lib@openssh.com
    ChosenKexAlgorithm: diffie-hellman-group-exchange-sha256
    ChosenHostKeyAlgorithm: ssh-dsa
    numBits: 128
    pbits: 1024
    Using GEX Group.
    Sending KEX_DH_GEX_REQUEST...
    pbits: 1024
    WindowsError: An existing connection was forcibly closed by the remote host.
    WindowsErrorCode: 0x2746
    numBytesRequested: 8
    Failed to receive data on the TCP socket
    sshRawPacket: Socket fatal error.
    sshDhGex: Socket fatal error.
    Failed to read KEX_DH_GEX_REQUEST response
    Failed.
  --Connect_Ssh
--ChilkatLog

And using Blowfish 128:

ChilkatLog:
  Connect_Ssh:
    DllDate: Mar  6 2015
    ChilkatVersion: 9.5.0.48
    UnlockPrefix: ANTHONSSH
    Username: ANTHONYLAPTOP:anthony barrera
    Architecture: Little Endian; 32-bit
    Language: .NET 2.0
    VerboseLogging: 0
    hostname: 192.168.0.122
    port: 22
    Established TCP/IP connection with SSH server
    clientIdentifier: SSH-2.0-PuTTY_Release_0.63
    Sending client identifier...
    Done sending client identifier.
    Reading server version...
    initialDataFromSshServer: SSH-2.0-OpenSSH_6.8

    serverVersion: SSH-2.0-OpenSSH_6.8
    KeyExchangeAlgs:
      algorithm: curve25519-sha256@libssh.org
      algorithm: ecdh-sha2-nistp256
      algorithm: ecdh-sha2-nistp384
      algorithm: ecdh-sha2-nistp521
      algorithm: diffie-hellman-group-exchange-sha256
      algorithm: diffie-hellman-group14-sha1
    --KeyExchangeAlgs
    HostKeyAlgs:
      algorithm: ssh-rsa
      algorithm: ssh-dss
    --HostKeyAlgs
    EncCS:
      algorithm: aes128-ctr
      algorithm: aes192-ctr
      algorithm: aes256-ctr
      algorithm: aes128-gcm@openssh.com
      algorithm: aes256-gcm@openssh.com
      algorithm: chacha20-poly1305@openssh.com
    --EncCS
    EncSC:
      algorithm: aes128-ctr
      algorithm: aes192-ctr
      algorithm: aes256-ctr
      algorithm: aes128-gcm@openssh.com
      algorithm: aes256-gcm@openssh.com
      algorithm: chacha20-poly1305@openssh.com
    --EncSC
    MacCS:
      algorithm: umac-64-etm@openssh.com
      algorithm: umac-128-etm@openssh.com
      algorithm: hmac-sha2-256-etm@openssh.com
      algorithm: hmac-sha2-512-etm@openssh.com
      algorithm: hmac-sha1-etm@openssh.com
      algorithm: umac-64@openssh.com
      algorithm: umac-128@openssh.com
      algorithm: hmac-sha2-256
      algorithm: hmac-sha2-512
      algorithm: hmac-sha1
    --MacCS
    MacSC:
      algorithm: umac-64-etm@openssh.com
      algorithm: umac-128-etm@openssh.com
      algorithm: hmac-sha2-256-etm@openssh.com
      algorithm: hmac-sha2-512-etm@openssh.com
      algorithm: hmac-sha1-etm@openssh.com
      algorithm: umac-64@openssh.com
      algorithm: umac-128@openssh.com
      algorithm: hmac-sha2-256
      algorithm: hmac-sha2-512
      algorithm: hmac-sha1
    --MacSC
    CompCS:
      algorithm: none
      algorithm: zlib@openssh.com
    --CompCS
    CompSC:
      algorithm: none
      algorithm: zlib@openssh.com
    --CompSC
    ForceCipher: blowfish-cbc
    ServerDoesNotSupport: blowfish-cbc
    Unable to agree upon server-to-client encryption algorithm.
    ForceCipher: blowfish-cbc
    ServerDoesNotSupport: blowfish-cbc
    Unable to agree upon client-to-server encryption algorithm.
    ChosenIncomingMac: hmac-sha2-256
    ChosenOutgoingMac: hmac-sha2-256
    ChosenIncomingCompression: zlib@openssh.com
    ChosenOutgoingCompreA first chance exception of type 'System.ArgumentException' occurred in WtiManagementUtility.exe
ssion: zlib@openssh.com
    ChosenKexAlgorithm: diffie-hellman-group-exchange-sha256
    ChosenHostKeyAlgorithm: ssh-dsa
    numBits: 128
    pbits: 1024
    Using GEX Group.
    Sending KEX_DH_GEX_REQUEST...
    pbits: 1024
    WindowsError: An existing connection was forcibly closed by the remote host.
    WindowsErrorCode: 0x2746
    numBytesRequested: 8
    Failed to receive data on the TCP socket
    sshRawPacket: Socket fatal error.
    sshDhGex: Socket fatal error.
    Failed to read KEX_DH_GEX_REQUEST response
    Failed.
  --Connect_Ssh
--ChilkatLog

---

Answer

According to the LastErrorText, the ForceCipher property has been set to blowfish-cbc, but the server doesn't support it:

    ForceCipher: blowfish-cbc
    ServerDoesNotSupport: blowfish-cbc

Have you set the ForceCipher property to blowfish-cbc anywhere in your code?

---

Answer

I have set the forceCipher property to blowfish-cbc to improve speed. If I leave it blank, my app and server negotiate to aes256-ctr and I can conenct.

Thanks for your help!