Is it wise to communicate with servers running older versions of ssh? I mean like pre 2006?
What version does chilkat start with?
We have a client running 3.9, and chilkat will not negotiate. Which is probably good. Filezilla works.
Sending client identifier...
Done sending client identifier.
Reading server version...
OpenSSH is just a particular implementation of the SSH protocol. The SSH protocol is open-ended in that it allows for all sorts of different algorithms (encryption, mac, host key, key exchange, etc.) to be supported or not supported. New algorithms have been standardized over the years.
To see what happened, user verbose logging and post the LastErrorText for the Connect method call.
DllDate: Dec 29 2015 ChilkatVersion: 18.104.22.168 UnlockPrefix:******* Username: W12-FTPPEND01:svc_ftp Architecture: Little Endian; 32-bit Language: Windows Perl VerboseLogging: 1 SftpVersion: 0 connectInner(125ms): hostname: ftp.glasslewis.com port: 22 sshConnect(31ms): connectSocket(31ms): domainOrIpAddress: ftp.glasslewis.com port: 22 connectTimeoutMs: 30000 connect_ipv6_or_ipv4(31ms): Multi-threaded domain to IP address resolution connecting to IPV4 address... ipAddress: 22.214.171.124 createSocket: Setting SO_SNDBUF size sendBufSize: 262144 Setting SO_RCVBUF size recvBufSize: 4194304 --createSocket connect(31ms): Waiting for the connect to complete... myIP: 10.45.6.11 myPort: 51078 socket connect successful. --connect --connect_ipv6_or_ipv4 --connectSocket Established TCP/IP connection with SSH server Turning on TCP_NODELAY. --sshConnect sshSetupConnection(94ms): clientIdentifier: SSH-2.0-PuTTY_Release_0.63 Sending client identifier... Done sending client identifier. Reading server version... initialDataFromSshServer: SSH-2.0-OpenSSH_3.9p1 serverVersion: SSH-2.0-OpenSSH_3.9p1 build_kexInit: preferRsaHostKeyAlgorithm: 1 --build_kexInit KeyExchangeAlgs: algorithm: diffie-hellman-group-exchange-sha1 algorithm: diffie-hellman-group14-sha1 algorithm: diffie-hellman-group1-sha1 --KeyExchangeAlgs HostKeyAlgs: algorithm: ssh-rsa algorithm: ssh-dss --HostKeyAlgs EncCS: algorithm: arcfour algorithm: aes128-ctr algorithm: aes192-ctr algorithm: aes256-ctr --EncCS EncSC: algorithm: arcfour algorithm: aes128-ctr algorithm: aes192-ctr algorithm: aes256-ctr --EncSC MacCS: algorithm: hmac-sha1 algorithm: hmac-ripemd160 --MacCS MacSC: algorithm: hmac-sha1 algorithm: hmac-ripemd160 --MacSC CompCS: algorithm: none algorithm: zlib --CompCS CompSC: algorithm: none algorithm: zlib --CompSC Unable to agree upon server-to-client encryption algorithm. Unable to agree upon client-to-server encryption algorithm. ChosenIncomingMac: hmac-sha1 ChosenOutgoingMac: hmac-sha1 ChosenIncomingCompression: zlib ChosenOutgoingCompression: zlib ChosenKexAlgorithm: diffie-hellman-group-exchange-sha1 choose_hostkey_algorithm: preferRsaHostKeyAlgorithm: 1 --choose_hostkey_algorithm ChosenHostKeyAlgorithm: ssh-rsa numBits: 128 pbits: 1024 Using GEX Group. Sending KEX_DH_GEX_REQUEST... pbits: 1024 numBytesRequested: 8 Connection closed by peer. passiveClose(16ms): Passive socket closing complete. --passiveClose sshRawPacket: Socket connection closed. sshDhGex: Socket connection closed. Failed to read KEX_DH_GEX_REQUEST response --sshSetupConnection --connectInner Failed.
I found comments in Chilkat's internal source indicating that CTR mode was not implemented correctly in some older versions of OpenSSH. Chilkat automatically turned off the ability to select these algorithms when the server version string indicates an older version of OpenSSH.
I made a change so that instead of turning CTR mode off, it puts those algorithms at lowest priority, allowing others to be chosen if any exist. (arcfour is off by default because it is insecure).
Please tell me your version of Perl (such as 5.12, 5.16, etc.) and I'll provide a new build.
Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved.
This is perl 5, version 16, subversion 3 (v5.16.3) built for MSWin32-x86-multi-t hread (with 1 registered patch, see perl -V for more detail)
Copyright 1987-2012, Larry Wall
Binary build 1604  provided by ActiveState http://www.ActiveState.com Built Apr 14 2014 14:32:20
Perl may be copied only under the terms of either the Artistic License or the GNU General Public License, which may be found in the Perl 5 source kit.
Complete documentation for Perl, including FAQ lists, should be found on this system using "man perl" or "perldoc perl". If you have access to the Internet, point your browser at http://www.perl.org/, the Perl Home Page.
Here's a build with the change: http://www.chilkatsoft.com/download/preRelease/chilkat-9.5.0-perl-5.16-x86-win.zip
Thank you so much.