Page 1 of 1

Filezilla works, or doesn't, with Win 10 openSSH server

Posted: 2019-12-29 18:02
by johnny_canuck
Greetings --

I recently 'upgraded' my main Windows machine from Win 7 -> Win 10 (keeping my local IT folks happy). On said Win 7 machine, I'd been using Cygwin sshd as a service, and could sftp connect to it using Filezilla from any machine I tried. For the newly installed Win 10 machine, I decided to avoid some of the hassles of using Cygwin sshd (and there are a few), and set up Win 10 using the openSSH server (7.7p1, LibreSSL 2.6.5) which you can install as an 'additional application' in Win 10. No muss, no fuss. Works absolutely perfectly, with one small exception -- I can't connect from my RHEL 7.5 linux box, using FileZilla. I can connect from various other machines using various release of FileZilla, so I'm trying to figure out what the issue might be.

Some details:

1\ RHEL 7.5 is pretty far from the 'bleeding' edge (which is why I use it for some purposes where I want stability, not blood), and the only version of FileZilla available for it is 3.7.4.1

2\ I can connect fine from one of my Linux Mint machines, where FileZilla is closer to 'current' (but not much): 3.28.0. [Note added: I just realized that I can use flatpak to upgrade FileZIlla on my Mint boxes -- have done so -- to 3.46.3]

3\ on the RHEL 7.5 box (which is the 'problem child' here), I can sftp to my Win 10 server fine from the cli. I can also use gFTP, which is older than FileZilla 3.7.4.1 (I *think*), but it works fine. I suppose I should be happy that I have at least one GUI-based ftp client that connects, but I'd much prefer to use FileZilla (better, IMO, and I have more experience using it).

I'm guessing its a problem of 'too old a version of FileZilla' on the RHEL box, but wanted to check first. When I try to connect, this is what I see in the message log:
Status: Connecting to xx.yy.zz:22...
Trace: Going to execute /usr/bin/fzsftp
Response: fzSftp started
Trace: CSftpControlSocket::ConnectParseResponse(fzSftp started)
Trace: CSftpControlSocket::SendNextCommand()
Trace: CSftpControlSocket::ConnectSend()
Command: open "user@xx.yy.zz" 22
Trace: Server version: SSH-2.0-OpenSSH_for_Windows_7.7
Trace: Using SSH protocol version 2
Trace: We claim version: SSH-2.0-PuTTY_Local:_Apr__9_2014_12:23:17
Trace: Doing Diffie-Hellman group exchange
Trace: CSftpControlSocket::ResetOperation(66)
Trace: CControlSocket::ResetOperation(66)
Error: Could not connect to server
Status: Waiting to retry...
Status: Connecting to xx.yy.zz:22...
Trace: Going to execute /usr/bin/fzsftp
Response: fzSftp started
Trace: CSftpControlSocket::ConnectParseResponse(fzSftp started)
Trace: CSftpControlSocket::SendNextCommand()
Trace: CSftpControlSocket::ConnectSend()

and so on, until I kill it.

For chuckles, I installed RHEL 8.xx in a VM, and used flatpak to install FileZilla. Version 3.46.3. Connected just fine.

Collectively, this seems to suggest that FileZilla 3.7.4.1 on RHEL 7.5 is too old, but I was hoping someone could either outright confirm, or suggest things I could try.

Many thanks in advance...

Re: Filezilla works, or doesn't, with Win 10 openSSH server

Posted: 2019-12-30 03:14
by boco
Yes, that's definitely too old. It's as if you tried to access a modern, TLS-enabled website, using an old web browser. Will fail as well.

The reason is, with high certainty, the lack of a common cipher suite used for intercommunication. The old FileZilla does not speak any of the new ciphers, and the OpenSSH does not speak any of the old ones, anymore. As a result, they don't understand each other, and the handshake fails.

Re: Filezilla works, or doesn't, with Win 10 openSSH server

Posted: 2019-12-30 12:15
by johnny_canuck
Thanks! The odd thing, though, is that when I was running the Cygwin sshd, which is/was at least as 'current' as the Microsoft openSSH service (in fact, it is/was more current -- MS is openSSH 7.xx, whereas Cygwin is/was openSSH 8.xx), I had no problem connecting with the 'old' FileZilla. This would suggest that there is something inherently different between the Cygwin and Microsoft incarnations of sshd. Hmmm.....

Re: Filezilla works, or doesn't, with Win 10 openSSH server

Posted: 2019-12-30 14:29
by botg
Different ciphers enabled through the respective server configs?

Re: Filezilla works, or doesn't, with Win 10 openSSH server

Posted: 2019-12-31 03:11
by boco
Yep, the config of the Cygwin release might have been a bit more conservative, regarding legacy ciphers (or key exchange / MAC).

Re: Filezilla works, or doesn't, with Win 10 openSSH server

Posted: 2019-12-31 13:57
by johnny_canuck
Perhaps I'd reverse the phrasing: Cygwin had no problems with connections from old(er) FileZilla, whereas the MS ssh server refuses to play nice. So, the Cygwin setup is more liberal(allowing a greater 'diversity' of connections of various vintages), whereas the MS ssh server is more 'conservative', in that it allows only 'more recent' clients.

Maybe (which still wouldn't explain why gFTP connects without any problems).

As more people use MS ssh server as an alternative to Cygwin (if for no other reason than it took about 60 seconds to get working, another 60 to tweak the sshd_config file a bit), might be interesting to know why some clients connect to it without issue, and some don't.