Unable to connect to SFTP server since 3.21.0
Moderator: Project members
Unable to connect to SFTP server since 3.21.0
Since upgrading to 3.21.0 I cannot connect to a single SFTP server
FileZilla Client
----------------
Version: 3.21.0
Build information:
Compiled for: x86_64-apple-darwin15.6.0
Compiled on: x86_64-apple-darwin15.6.0
Build date: 2016-08-23
Compiled with: Apple LLVM version 7.3.0 (clang-703.0.31)
Compiler flags: -g -O2 -Wall -g -std=gnu++14
Linked against:
wxWidgets: 3.0.3
GnuTLS: 3.4.14
SQLite: 3.11.1
Operating system:
Name: Mac OS X (Darwin 16.0.0 x86_64)
Version: 10.12
CPU features: sse sse2 sse3 ssse3 sse4.1 sse4.2 avx avx2 aes pclmulqdq rdrnd bmi2 bmi2
Settings dir: /Users/me/.config/filezilla/
I can connect to this server by opening a terminal prompt and running
sftp -P 22 user@hostname
so my connection to it is working just fine
this is what I see the the message window
Status: Connecting to <HOSTNAME>...
Response: fzSftp started, protocol_version=6
Command: open "<USER>@<HOSTNAME>" 22
Error: Server unexpectedly closed network connection
Error: Could not connect to server
Status: Waiting to retry...
FileZilla Client
----------------
Version: 3.21.0
Build information:
Compiled for: x86_64-apple-darwin15.6.0
Compiled on: x86_64-apple-darwin15.6.0
Build date: 2016-08-23
Compiled with: Apple LLVM version 7.3.0 (clang-703.0.31)
Compiler flags: -g -O2 -Wall -g -std=gnu++14
Linked against:
wxWidgets: 3.0.3
GnuTLS: 3.4.14
SQLite: 3.11.1
Operating system:
Name: Mac OS X (Darwin 16.0.0 x86_64)
Version: 10.12
CPU features: sse sse2 sse3 ssse3 sse4.1 sse4.2 avx avx2 aes pclmulqdq rdrnd bmi2 bmi2
Settings dir: /Users/me/.config/filezilla/
I can connect to this server by opening a terminal prompt and running
sftp -P 22 user@hostname
so my connection to it is working just fine
this is what I see the the message window
Status: Connecting to <HOSTNAME>...
Response: fzSftp started, protocol_version=6
Command: open "<USER>@<HOSTNAME>" 22
Error: Server unexpectedly closed network connection
Error: Could not connect to server
Status: Waiting to retry...
Re: Unable to connect to SFTP server since 3.21.0
Which SSH server software (product and version) is your server running?
Re: Unable to connect to SFTP server since 3.21.0
The server is running OpenSSH_6.2p2, if I SSH -v into it this is what I see
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
Re: Unable to connect to SFTP server since 3.21.0
It's a bug in your server, you need to upgrade your server. See https://trac.filezilla-project.org/tick ... #comment:9
Re: Unable to connect to SFTP server since 3.21.0
thanks - I upgraded to OpenSSH_7.3p1, OpenSSL 1.0.2j 26 Sep 2016 and I am able to use filezilla again
- batagy
- 503 Bad sequence of commands
- Posts: 19
- Joined: 2004-03-01 08:50
- First name: György
- Last name: Bata
- Location: Hungary
Re: Unable to connect to SFTP server since 3.21.0
Hi Tim!
I'm having the same problem.
Here using FileZilla 64bit on a Windows 7 PC, often connecting to SFTP servers, usually linux servers with OpenSSH.
All SFTP connections worked in version 3.20.1 and before. Now with 3.21 version and latest 3.22.0-RC1, SFTP doesn't work for certain servers.
Here is build info:
Here is logs (Debug info level 2):
What can be the cause?
On server we have OpenSSE 6.2p2-0.9.1 version installed, this is a Suse Linux Enterprise 11 SP3.
From the linux package manager, only 6.2p2-0.13.1 is available, which is not much newer.
On other hand, SFTP works on other servers, where OpenSSH version is:
Server version: SSH-2.0-OpenSSH_5.1
Server version: SSH-2.0-OpenSSH_6.2 (6.2p2-3.10.2)
Server version: SSH-2.0-OpenSSH_6.6.1 (6.6p1-5.3.1)
If I'm downgrading to 3.20.1 version, the same connection works fine this way:
Thanks You
György
I'm having the same problem.
Here using FileZilla 64bit on a Windows 7 PC, often connecting to SFTP servers, usually linux servers with OpenSSH.
All SFTP connections worked in version 3.20.1 and before. Now with 3.21 version and latest 3.22.0-RC1, SFTP doesn't work for certain servers.
Here is build info:
Code: Select all
FileZilla Client
----------------
Version: 3.22.0-rc1
Build information:
Compiled for: x86_64-w64-mingw32
Compiled on: x86_64-unknown-linux-gnu
Build date: 2016-09-24
Compiled with: x86_64-w64-mingw32-gcc (GCC) 4.9.1
Compiler flags: -g -O2 -Wall -g -std=gnu++14
Linked against:
wxWidgets: 3.0.3
GnuTLS: 3.4.15
SQLite: 3.11.1
Operating system:
Name: Windows 7 (build 7601, Service Pack 1), 64-bit edition
Version: 6.1
Platform: 64-bit system
CPU features: sse sse2 sse3 ssse3 sse4.1 sse4.2 avx avx2 aes pclmulqdq rdrnd bmi2 bmi2
Settings dir: C:\Users\[username]\AppData\Roaming\FileZilla\
Code: Select all
17:00:24 Status: Disconnected from server
17:00:24 Status: Connecting to [ipaddr]...
17:00:24 Response: fzSftp started, protocol_version=6
17:00:24 Command: open "[username]@[ipaddr]" 22
17:00:24 Trace: Connecting to [ipaddr] port 22
17:00:24 Trace: We claim version: SSH-2.0-PuTTY_Local:_Sep_24_2016_16:48:44
17:00:24 Trace: Server version: SSH-2.0-OpenSSH_6.2
17:00:24 Trace: We believe remote version has SSH-2 channel request bug
17:00:24 Trace: Using SSH protocol version 2
17:00:24 Trace: Doing ECDH key exchange with curve nistp256 and hash SHA-256
17:00:24 Trace: Server unexpectedly closed network connection
17:00:24 Error: Server unexpectedly closed network connection
17:00:24 Error: Could not connect to server
17:00:24 Status: Waiting to retry...
17:00:29 Status: Connecting to [ipaddr]...
17:00:30 Response: fzSftp started, protocol_version=6
17:00:30 Command: open "[username]@[ipaddr]" 22
17:00:30 Trace: Connecting to [ipaddr] port 22
17:00:30 Trace: We claim version: SSH-2.0-PuTTY_Local:_Sep_24_2016_16:48:44
17:00:30 Trace: Server version: SSH-2.0-OpenSSH_6.2
17:00:30 Trace: We believe remote version has SSH-2 channel request bug
17:00:30 Trace: Using SSH protocol version 2
17:00:30 Trace: Doing ECDH key exchange with curve nistp256 and hash SHA-256
17:00:30 Trace: Server unexpectedly closed network connection
17:00:30 Error: Server unexpectedly closed network connection
17:00:30 Error: Could not connect to server
On server we have OpenSSE 6.2p2-0.9.1 version installed, this is a Suse Linux Enterprise 11 SP3.
From the linux package manager, only 6.2p2-0.13.1 is available, which is not much newer.
On other hand, SFTP works on other servers, where OpenSSH version is:
Server version: SSH-2.0-OpenSSH_5.1
Server version: SSH-2.0-OpenSSH_6.2 (6.2p2-3.10.2)
Server version: SSH-2.0-OpenSSH_6.6.1 (6.6p1-5.3.1)
If I'm downgrading to 3.20.1 version, the same connection works fine this way:
Code: Select all
18:00:16 Status: Connecting to [ipaddr]...
18:00:16 Response: fzSftp started, protocol_version=6
18:00:16 Command: open "[username]@[ipaddr]" 22
18:00:16 Trace: Connecting to [ipaddr] port 22
18:00:16 Trace: We claim version: SSH-2.0-PuTTY_Local:_Aug__3_2016_17:44:48
18:00:16 Trace: Server version: SSH-2.0-OpenSSH_6.2
18:00:16 Trace: We believe remote version has SSH-2 channel request bug
18:00:16 Trace: Using SSH protocol version 2
18:00:16 Trace: Doing ECDH key exchange with curve nistp256 and hash SHA-256
18:00:16 Trace: Server also has ssh-dss/ssh-rsa host keys, but we don't know any of them
18:00:16 Trace: Host key fingerprint is:
18:00:16 Trace: ecdsa-sha2-nistp256 256 24:1c:ab:d7:cc:01:a2:0e:e9:8a:24:ea:56:e3:a8:91
18:00:16 Trace: Initialised AES-256 SDCTR client->server encryption
18:00:16 Trace: Initialised HMAC-SHA-256 client->server MAC algorithm
18:00:16 Trace: Initialised AES-256 SDCTR server->client encryption
18:00:16 Trace: Initialised HMAC-SHA-256 server->client MAC algorithm
18:00:16 Trace: Attempting keyboard-interactive authentication
18:00:16 Trace: Using keyboard-interactive authentication. inst_len: 0, num_prompts: 1
18:00:16 Command: Pass: *********
18:00:16 Trace: Access granted
18:00:16 Trace: Opening session as main channel
18:00:16 Trace: Opened main channel
18:00:16 Trace: Started a shell/command
18:00:16 Status: Connected to [ipaddr]
18:00:17 Status: Retrieving directory listing...
18:00:17 Command: pwd
18:00:17 Response: Current directory is: "/root/home/[username]"
18:00:17 Status: Directory listing of "/root/home/[username]" successful
György
Hungarian translator of FileZilla
Re: Unable to connect to SFTP server since 3.21.0
botg wrote:It's a bug in your server, you need to upgrade your server. See https://trac.filezilla-project.org/tick ... #comment:9
- batagy
- 503 Bad sequence of commands
- Posts: 19
- Joined: 2004-03-01 08:50
- First name: György
- Last name: Bata
- Location: Hungary
Re: Unable to connect to SFTP server since 3.21.0
Hi Tim!botg wrote:botg wrote:It's a bug in your server, you need to upgrade your server. See https://trac.filezilla-project.org/tick ... #comment:9
Thanks!
The 'aes256-gcm@openssh.com' should be in /etc/ssh/sshd_config in line Ciphers , or it shouldn't be there?
Should this cipher be disabled or enabled?
Our sshd_config doesn't included such Ciphers line by default.
Thanks
György
Hungarian translator of FileZilla
Re: Unable to connect to SFTP server since 3.21.0
It should be sshd_config if your server supports it, because not only is it secure, it's also the fastest cipher. If your server does not support aes256-gcm@openssh.com, it rejects the setting and refuses to start. Only then should it be removed.
If however there is no Ciphers line to begin with in sshd_config, the server uses its built-in defaults, which are not being validated when the server starts. Due to the bug, the built-in defaults always include aes256-gcm@openssh.com even on servers that do not support it.
If however there is no Ciphers line to begin with in sshd_config, the server uses its built-in defaults, which are not being validated when the server starts. Due to the bug, the built-in defaults always include aes256-gcm@openssh.com even on servers that do not support it.
- batagy
- 503 Bad sequence of commands
- Posts: 19
- Joined: 2004-03-01 08:50
- First name: György
- Last name: Bata
- Location: Hungary
Re: Unable to connect to SFTP server since 3.21.0
Hi Tim,botg wrote:It should be sshd_config if your server supports it, because not only is it secure, it's also the fastest cipher. If your server does not support aes256-gcm@openssh.com, it rejects the setting and refuses to start. Only then should it be removed.
If however there is no Ciphers line to begin with in sshd_config, the server uses its built-in defaults, which are not being validated when the server starts. Due to the bug, the built-in defaults always include aes256-gcm@openssh.com even on servers that do not support it.
Many thanks for helping!
I can verify back now that changing the cipher configuration indeed fixed the problem with latest FileZilla SFTP.
It took time because our servers operated by another company, had to open tickets officially, etc.
Solution was adding one line to /etc/ssh/sshd_config:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
This is SLES11 SP3 system, running openssh-6.2p2-0.13.1.
FileZilla 3.21 (and newer) works great with modified ciphers. The point is disabling 'aes256-gcm@openssh.com'.
Regards
György
Hungarian translator of FileZilla