Error Connecting to SFTP Server

[ffattizzi]

I get the following error when connecting to an SFTP server.

FATAL ERROR: Received unexpected packet when expecting ECDH reply, type 1 (SSH2_MSG_DISCONNECT)

I was able to connect to this server until I removed some insecure ciphers, mac algorithms and kex algorithms form the server. I reverted the changes and still get the error.

I can successfully connect to the SFTP using WinSCP or command line.

Here is the full log.

Code: Select all

14:11:33 Trace:        	Looking up host "sftp.example.com" for SSH connection
14:11:33 Trace:        	Connecting to xxx.xxx.xxx.xxx port 2222
14:11:33 Trace:        	We claim version: SSH-2.0-FileZilla_3.66.4
14:11:34 Trace:        	Connected to xxx.xxx.xxx.xxx
14:11:34 Trace:        	Remote version: SSH-2.0-CrushFTPSSHD
14:11:34 Trace:        	Using SSH protocol version 2
14:11:34 Trace:        	Enabling strict key exchange semantics
14:11:34 Trace:        	Doing ECDH key exchange with curve nistp256 and hash SHA-256 (unaccelerated)
14:11:34 Trace:        	Received unexpected packet when expecting ECDH reply, type 1 (SSH2_MSG_DISCONNECT)
14:11:34 Error:         FATAL ERROR: Received unexpected packet when expecting ECDH reply, type 1 (SSH2_MSG_DISCONNECT)

[botg]

For some unknown reason the server closes the connection. Please check the server logs and the server configuration.

[ffattizzi]

I'm not sure that the issue is with the server. Other clients are able to successfully connect, it is only FileZilla that can't connect. It started after removing some insecure ciphers and algorithms from the sftp server.

[jw90at]

I also seem to be having this issue. Other SFTP clients can connect to my server fine, and older versions of FileZilla can too (3.66.3 rc1 & prior).

However, FileZilla version 3.66.4 & 3.66.5 cannot connect, and fail with the "Received unexpected packet when expecting ECDH reply, type 1 (SSH2_MSG_DISCONNECT)" error.

So, it looks like it was 3.66.4 where the issue was introduced.

Any hints about what "SFTP: Address Terrapin protocol vulnerability" did and how to get things working again?

Status: Connecting to X.X.X.X...
Trace: Going to execute C:\FileZilla FTP Client\fzsftp.exe
Response: fzSftp started, protocol_version=11
Trace: CSftpConnectOpData::ParseResponse() in state 0
Trace: CControlSocket::SendNextCommand()
Trace: CSftpConnectOpData::Send() in state 3
Command: open "XX@X.X.X.X" 22
Trace: Looking up host "X.X.X.X" for SSH connection
Trace: Connecting to X.X.X.X port 22
Trace: We claim version: SSH-2.0-FileZilla_3.66.5
Trace: Connected to X.X.X.X
Trace: Remote version: SSH-2.0-CrushFTPSSHD
Trace: Using SSH protocol version 2
Trace: Enabling strict key exchange semantics
Trace: Doing ECDH key exchange with curve nistp256 and hash SHA-256 (unaccelerated)
Trace: Received unexpected packet when expecting ECDH reply, type 1 (SSH2_MSG_DISCONNECT)
Trace: Got eof from child process
Trace: CControlSocket::DoClose(64)
Trace: CControlSocket::ResetOperation(66)
Trace: CSftpConnectOpData::Reset(66) in state 3
Error: Could not connect to server
Trace: CFileZillaEnginePrivate::ResetOperation(66)

[jw90at]

And to answer my own question:

CrushFTP support got back to me, and upgrading the CrushFTP server resolves this issue.

In my case, CrushFTP v10.6.1_10 was incompatible with v3.66.4/5 of FZ.

Upgrading CrushFTP to v10.6.1_20 fixes things.

[adacsaba]

For anyone experiencing this issue. Need to update the Crush server to a newer build thna v10.5.1_15, related to a followup patch for the Terrapin vulnerability fix.