hierynomus / sshj

ssh, scp and sftp for java
Apache License 2.0
2.51k stars 601 forks source link

Server closed connection during identification exchange in kernel version Linux 5.4.0-91-generic x86_64 with latest version of sshj 0.33.0 #786

Open nandroy opened 2 years ago

nandroy commented 2 years ago

Facing exception "Server closed connection during identification exchange" in kernel version "Linux 5.4.0-91-generic x86_64" with latest version of sshj 0.33.0

The above exception occurs for the following segment -

LocalPortForwarder localPortForwarderObj; SSHClient clientSsh; Parameters params; ServerSocket serversocket;

this.localPortForwarderObj = this.clientSsh.newLocalPortForwarder(this.params, this.serversocket); this.localPortForwarderObj.listen(); // this lines gives the following exception

where the same is working fine with kernel version "Linux 4.15.0-142-generic x86_64".

What changes need to be done to make it work ?

vladimirlagunov commented 2 years ago

Do you control the server, or is it is controlled by other people?

I've seen such behaviour many times with servers protected by security software (not sure if it is appropriate to mention particular trademarks). SSHJ logs a server identity with the info level. It's like User-Agent in HTTP. If the identity doesn't contain OpenSSH, and especially if it contains a name of some security software, it might be that case.

hierynomus commented 2 years ago

@nandroy Any update?

tsposato commented 7 months ago

@nandroy Any update?

I'm hitting this same issue seemingly with a specific SFTP Server I'm trying to connect to. However connecting to the same SFTP server via command line or using other clients like winscp work fine. When I put it into debug mode I don't see many logs but this is what I get:

2024-04-30 11:20:33.684  INFO 1 --- [    FM-AWS- 434] n.s.sshj.transport.random.JCERandom      : Creating new SecureRandom.
2024-04-30 11:20:33.684 DEBUG 1 --- [    FM-AWS- 434] n.s.sshj.transport.random.JCERandom      : Random creation took 0 ms
2024-04-30 11:20:33.685 DEBUG 1 --- [    FM-AWS- 434] net.schmizz.sshj.DefaultConfig           : Available cipher factories: [aes128-cbc, aes128-ctr, aes192-cbc, aes192-ctr, aes256-cbc, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com, blowfish-cbc, blowfish-ctr, cast128-cbc, cast128-ctr, idea-cbc, idea-ctr, serpent128-cbc, serpent128-ctr, serpent192-cbc, serpent192-ctr, serpent256-cbc, serpent256-ctr, 3des-cbc, 3des-ctr, twofish128-cbc, twofish128-ctr, twofish192-cbc, twofish192-ctr, twofish256-cbc, twofish256-ctr, twofish-cbc, arcfour, arcfour128, arcfour256]
2024-04-30 11:20:33.852  INFO 1 --- [    FM-AWS- 434] n.schmizz.sshj.transport.TransportImpl   : Client identity string: SSH-2.0-SSHJ_0.31.0
2024-04-30 11:20:33.866 ERROR 1 --- [    FM-AWS- 434] n.schmizz.sshj.transport.TransportImpl   : Received end of connection, but no identification received.
2024-04-30 11:20:33.866 ERROR 1 --- [    FM-AWS- 434] c.f.h.s.i.CarrierFtpIntegration          : FTP integration was unsuccessful.
net.schmizz.sshj.transport.TransportException: Server closed connection during identification exchange at net.schmizz.sshj.transport.TransportImpl.init(TransportImpl.java:194) ~[sshj-0.31.0.jar:0.31.0]

This is what WinSCP tells me:

File transfer protocol = SFTP-6
Cryptographic protocol = SSH-2
SSH implementation = CerberusFTPServer_12.0
Encryption algorithm = AES-256 SDCTR (AES-NI accelerated)
Compression = No

When connecting via command line these are the logs:

debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to server [1.2.3.4] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version CerberusFTPServer_12.0
debug1: no match: CerberusFTPServer_12.0
debug1: Authenticating to server:22 as 'user-In'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: ecdh-sha2-nistp256 need=32 dh_need=32
debug1: kex: ecdh-sha2-nistp256 need=32 dh_need=32
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:FM9tGfSMPcQuDM1cmIUL9Ma1ypkUtZ6U2csFY43gf60
debug1: Host 'server' is known and matches the RSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:21
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: password,publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user/.ssh/id_rsa
debug1: Authentications that can continue: password,publickey
debug1: Offering ECDSA public key: /home/user/.ssh/id_ecdsa
debug1: Authentications that can continue: password,publickey
debug1: Trying private key: /home/user/.ssh/id_rsa
debug1: Authentications that can continue: password,publickey
debug1: Trying private key: /home/user/.ssh/id_dsa
debug1: Trying private key: /home/user/.ssh/id_ecdsa
Enter passphrase for key '/home/user/.ssh/id_ecdsa':
debug1: Trying private key: /home/user/.ssh/id_ed25519
debug1: Next authentication method: password
user-In@server's password:
debug1: Authentication succeeded (password).
Authenticated to server ([1.2.3.4]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending subsystem: sftp
Connected to server.
sftp> ls