Closed st931630 closed 3 years ago
theophilusx
commented
3 years ago Please start by upgrading to v7.0.1 of ssh2-sftp-client.
I would then start by simplifying your config object. Just use
{ host: config.sftpHost, username: config.sftpID, password: config.sftpPW, debug: console.log }
(add back the port setting if your server is not listening on port 22).
See how this goes and if it doesn't work, post the debug log and we can go from there.
st931630
commented
3 years ago My ssh2-sftp-client version has already v7.0.1. And my host server port is 22. I set port 22 or not, it still connects timeout.
debug log
Protocol.js:125
Handshake: S->C compression: none
Protocol.js:125
Outbound: Sending KEXDH_INIT
Protocol.js:125
Received DH Reply
Protocol.js:125
Host accepted by default (no verification)
Protocol.js:125
Host accepted (verified)
Protocol.js:125
CLIENT[sftp]: getConnection: Handling error: Timed out while waiting for handshake
index.js:80
CLIENT[sftp]: getConnection: handled error with reject
index.js:80
CLIENT[sftp]: Global: Ignoring handled error
index.js:80
CLIENT[sftp]: getConnection: finally clause fired
index.js:80
Socket closed
client.js:753
CLIENT[sftp]: getConnection: handling unexpected close event
index.js:80
CLIENT[sftp]: getConnection: handling close event with reject
index.js:80
CLIENT[sftp]: Global: Ignoring handled close event
index.js:80
CLIENT[sftp]: Removing listener from ready event
index.js:80
CLIENT[sftp]: getConnection: Removing temp event listeners
index.js:80
CLIENT[sftp]: getConnection retry catch
index.js:80
CLIENT[sftp]: connect: Error getConnection: Timed out while waiting for handshake
index.js:80```
Thank you for your reply.Your original message stated you were using version ssh2-sftp-client version: 6.13.4, which is why I asked you to upgrade to 7.0.1.
Your debug log looks wrong. It is missing the critical data needed to diagnose your problem. There are also lines in there which I've never seen in any debug log from ssh2-sftp-client before.
Did you remove all the extra properties from the config object? Exactly what properties do you now have in the config object?
theophilusx
commented
3 years ago Should also have mentioned, the timed out while waiting for handshake typically means that the client is unable to connect to the remote host. This is often because the remote host is either blocked by a firewall, has an error in the address/hostname or is listening on a different port. I would verify you can connect using openssh sftp CLI, possibly adding the -vv switch to get additional debug info.
theophilusx
commented
3 years ago To give you an idea, below is an example of a typical log from ssh2-sftp-client
CLIENT[sftp]: connect: Debugging turned on
CLIENT[sftp]: connect: Connect attempt 1
CLIENT[sftp]: getConnection: Adding temp event listeners
CLIENT[sftp]: getConnection: created promise
CLIENT[sftp]: Adding listener to ready event
Custom crypto binding available
Client: Trying mate-vbox on port 22 ...
Local ident: 'SSH-2.0-ssh2js1.2.0'
Socket connected
Remote ident: 'SSH-2.0-OpenSSH_8.4p1 Ubuntu-5ubuntu1'
Outbound: Sending KEXINIT
Inbound: Handshake in progress
Handshake: (local) KEX method: curve25519-sha256@libssh.org,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512
Handshake: (remote) KEX method: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
Handshake: KEX algorithm: curve25519-sha256@libssh.org
Handshake: (local) Host key format: ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa
Handshake: (remote) Host key format: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
Handshake: Host key format: ssh-ed25519
Handshake: (local) C->S cipher: aes128-gcm,aes128-gcm@openssh.com,aes256-gcm,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
Handshake: (remote) C->S cipher: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
Handshake: C->S Cipher: aes128-gcm@openssh.com
Handshake: (local) S->C cipher: aes128-gcm,aes128-gcm@openssh.com,aes256-gcm,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
Handshake: (remote) S->C cipher: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
Handshake: S->C cipher: aes128-gcm@openssh.com
Handshake: (local) C->S MAC: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
Handshake: (remote) C->S MAC: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
Handshake: C->S MAC: <implicit>
Handshake: (local) S->C MAC: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
Handshake: (remote) S->C MAC: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
Handshake: S->C MAC: <implicit>
Handshake: (local) C->S compression: none,zlib@openssh.com,zlib
Handshake: (remote) C->S compression: none,zlib@openssh.com
Handshake: C->S compression: none
Handshake: (local) S->C compression: none,zlib@openssh.com,zlib
Handshake: (remote) S->C compression: none,zlib@openssh.com
Handshake: S->C compression: none
Outbound: Sending KEXECDH_INIT
Received DH Reply
Host accepted by default (no verification)
Host accepted (verified)
Inbound: NEWKEYS
Verifying signature ...
Verified signature
Outbound: Sending NEWKEYS
Handshake completed
Outbound: Sending SERVICE_REQUEST (ssh-userauth)
Inbound: Received SERVICE_ACCEPT (ssh-userauth)
Outbound: Sending USERAUTH_REQUEST (none)
Inbound: Received USERAUTH_FAILURE (publickey,password)
Client: none auth failed
Outbound: Sending USERAUTH_REQUEST (password)
Inbound: Received USERAUTH_SUCCESS
CLIENT[sftp]: getConnection: got connection - promise resolved
CLIENT[sftp]: getConnection: finally clause fired
Inbound: GLOBAL_REQUEST (hostkeys-00@openssh.com)
Outbound: Sending GLOBAL_REQUEST (hostkeys-prove-00@openssh.com)
Inbound: REQUEST_SUCCESS
CLIENT[sftp]: Removing listener from ready event
CLIENT[sftp]: getConnection: Removing temp event listeners
CLIENT[sftp]: getSftpChannel: Adding temp event listeners
CLIENT[sftp]: getSftpChannel: created promise
Outbound: Sending CHANNEL_OPEN (r:0, session)
Inbound: CHANNEL_OPEN_CONFIRMATION (r:0, s:0)
Outbound: Sending CHANNEL_REQUEST (r:0, subsystem: sftp)
Inbound: CHANNEL_WINDOW_ADJUST (r:0, 2097152)
Inbound: CHANNEL_SUCCESS (r:0)
Outbound: Sending CHANNEL_DATA (r:0, 9)
Inbound: CHANNEL_DATA (r:0, 183)
SFTP: Inbound: Received VERSION (v3, exts:posix-rename@openssh.com,statvfs@openssh.com,fstatvfs@openssh.com,hardlink@openssh.com,fsync@openssh.com,lsetstat@openssh.com)
CLIENT[sftp]: getSftpChannel: SFTP channel established
CLIENT[sftp]: getSftpChannel: finally clause fired
CLIENT[sftp]: getSftpChannel: Removing temp event listeners
CLIENT[sftp]: put: Adding temp event listeners
Outbound: Sending CHANNEL_DATA (r:0, 34)
SFTP: Outbound: Buffered OPEN
CLIENT[sftp]: put source is a stream
Inbound: CHANNEL_DATA (r:0, 17)
SFTP: Inbound: Received HANDLE (id:0)
Outbound: Sending CHANNEL_DATA (r:0, 25)
SFTP: Outbound: Buffered FSETSTAT
Inbound: CHANNEL_DATA (r:0, 28)
SFTP: Inbound: Received STATUS (id:1, 0, "Success")
Outbound: Sending CHANNEL_DATA (r:0, 60)
SFTP: Outbound: Sent WRITE (id:2)
Inbound: CHANNEL_DATA (r:0, 28)
SFTP: Inbound: Received STATUS (id:2, 0, "Success")
Outbound: Sending CHANNEL_DATA (r:0, 17)
SFTP: Outbound: Buffered CLOSE
CLIENT[sftp]: put: promise resolved
CLIENT[sftp]: put: Removing temp event listeners
CLIENT[sftp]: realPath -> .
CLIENT[sftp]: realPath: Adding temp event listeners
Outbound: Sending CHANNEL_DATA (r:0, 14)
SFTP: Outbound: Buffered REALPATH
Inbound: CHANNEL_DATA (r:0, 28)
SFTP: Inbound: Received STATUS (id:3, 0, "Success")
Inbound: CHANNEL_DATA (r:0, 43)
SFTP: Inbound: Received NAME (id:4, 1)
CLIENT[sftp]: realPath <- /home/tim
CLIENT[sftp]: realPath: Removing temp event listeners
CLIENT[sftp]: _stat: /home/tim/foo.txt
CLIENT[sftp]: _stat: Adding temp event listeners
Outbound: Sending CHANNEL_DATA (r:0, 30)
SFTP: Outbound: Buffered STAT
Inbound: CHANNEL_DATA (r:0, 41)
SFTP: Inbound: Received ATTRS (id:5)
CLIENT[sftp]: _stat: stats <- {
"mode": 33206,
"uid": 1000,
"gid": 1000,
"size": 31,
"accessTime": 1628404730000,
"modifyTime": 1628471903000,
"isDirectory": false,
"isFile": true,
"isBlockDevice": false,
"isCharacterDevice": false,
"isSymbolicLink": false,
"isFIFO": false,
"isSocket": false
}
CLIENT[sftp]: stat: Removing temp event listeners
CLIENT[sftp]: end: Adding temp event listeners
CLIENT[sftp]: Adding listener to close event
CLIENT[sftp]: end: Have connection - calling end()
Outbound: Sending DISCONNECT (11)
Socket ended
CLIENT[sftp]: end: Ignoring expected end event
CLIENT[sftp]: Global: Ignoring hanlded end event
Socket closed
CLIENT[sftp]: end: Connection closed
CLIENT[sftp]: end: ignoring expected close event
CLIENT[sftp]: Global: Ignoring handled close event
CLIENT[sftp]: end: finally clause fired
CLIENT[sftp]: end: Removing temp event listeners
CLIENT[sftp]: Removing listener from close eventNote how this looks different from the log you have provided. There is no reference to protocol.js or index.js, there are lots of lines showing the initial connection negotiation etc. It is that first half of the log which is crucial to diagnosing your problem and it does not appear in what you are sending.
st931630
commented
3 years ago This debug log use ssh sftp on comand line to connect my server. It does work to connect my server. I compare your sample debug log, some setting don't appear.
xxx-MacBook-Pro:~ xxx$ sftp -v ooo@xxxx
OpenSSH_7.9p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/xxx/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to xxxx [xxxx] port 22.
debug1: Connection established.
debug1: identity file /Users/xxx/.ssh/id_rsa type 0
debug1: identity file /Users/xxx/.ssh/id_rsa-cert type -1
debug1: identity file /Users/xxx/.ssh/id_dsa type -1
debug1: identity file /Users/xxx/.ssh/id_dsa-cert type -1
debug1: identity file /Users/xxx/.ssh/id_ecdsa type -1
debug1: identity file /Users/xxx/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/xxx/.ssh/id_ed25519 type -1
debug1: identity file /Users/xxx/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/xxx/.ssh/id_xmss type -1
debug1: identity file /Users/xxx/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9
debug1: Remote protocol version 2.0, remote software version CoreFTP-0.3.2
debug1: no match: CoreFTP-0.3.2
debug1: Authenticating to xxxx as ‘ooo’
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group14-sha1
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Server host key: ssh-rsa SHA256:1gkOVeoxBZHInusboJ26iL+xXJqbP3VVwBBv23zrqmA
debug1: Host ‘xxxx’ is known and matches the RSA host key.
debug1: Found key in /Users/xxx/.ssh/known_hosts:12
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: Will attempt key: /Users/xxx/.ssh/id_rsa RSA SHA256:on/K5C0qXusCIEInMKn8KC2cDKLfAEL84C3qTwfO4aQ
debug1: Will attempt key: /Users/xxx/.ssh/id_dsa
debug1: Will attempt key: /Users/xxx/.ssh/id_ecdsa
debug1: Will attempt key: /Users/xxx/.ssh/id_ed25519
debug1: Will attempt key: /Users/xxx/.ssh/id_xmss
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: password
debug1: Next authentication method: password
ooo@xxxx’s password:
Connection closed.Wu @.***> writes:
This debug log use ssh sftp on comand line to connect my server. It does work to connect my server. I compare your sample debug log, some setting don't appear.
Yes, that was my point. There are crucial lines missing from the debug log you sent. These are primarily log lines from the ssh2 module which ssh2-sftp-client relies on.
I'm interested in seeing exactly what properties you are putting in the config object. I noticed you had 'protocol' in there - it should not be. Also, I don't think you need all the other properties you have. All you need is host, username, password and debug. You only need to add some of the others when required and most of the time, they are not necessary.
Your debug log looks completely wrong. It has stuff which should not be in there and is missing stuff which should. There is nothing I can help with if you cannot provide a full and correct debug log.
I would make sure that
st931630
commented
3 years ago Your original message stated you were using version ssh2-sftp-client version: 6.13.4, which is why I asked you to upgrade to 7.0.1.
Your debug log looks wrong. It is missing the critical data needed to diagnose your problem. There are also lines in there which I've never seen in any debug log from ssh2-sftp-client before.
Before I write a wrong ssh2-sftp-client version, v7.0.1 is correct. npm info ssh2-sftp-client version
7.0.1
st931630
commented
3 years ago Wu @.***> writes: This debug log use ssh sftp on comand line to connect my server. It does work to connect my server. I compare your sample debug log, some setting don't appear. Yes, that was my point. There are crucial lines missing from the debug log you sent. These are primarily log lines from the ssh2 module which ssh2-sftp-client relies on. I'm interested in seeing exactly what properties you are putting in the config object. I noticed you had 'protocol' in there - it should not be. Also, I don't think you need all the other properties you have. All you need is host, username, password and debug. You only need to add some of the others when required and most of the time, they are not necessary. Your debug log looks completely wrong. It has stuff which should not be in there and is missing stuff which should. There is nothing I can help with if you cannot provide a full and correct debug log. I would make sure that - you don't have any global modules which might be messing things up - delete package-lock.json and node_modules and do a npm i to get a clean install. - Maybe show what is in your package.json file
I delete package-lock.json and node_modules and npm install ssh2-sftp-module. It seems a clear project. And I run this sftp config code, it's debug log display still before. Thank you for your suggestion.
const SftpClient = require("ssh2-sftp-client");
console.log("test");
const sftp = new SftpClient();
sftp.connect({
host: "xxx",
port: "22",
username: "ooo",
password: "***",
readyTimeout: 99999,
debug: console.log,
algorithms: {
kex: [
"diffie-hellman-group1-sha1",
"ecdh-sha2-nistp256",
"ecdh-sha2-nistp384",
"ecdh-sha2-nistp521",
"diffie-hellman-group-exchange-sha256",
"diffie-hellman-group14-sha1"
],
cipher: [
"3des-cbc",
"aes128-ctr",
"aes192-ctr",
"aes256-ctr",
"aes128-gcm",
"aes128-gcm@openssh.com",
"aes256-gcm",
"aes256-gcm@openssh.com",
"aes256-cbc"
],
serverHostKey: [
"ssh-rsa",
"ssh-dss",
"ecdsa-sha2-nistp256",
"ecdsa-sha2-nistp384",
"ecdsa-sha2-nistp521"
],
hmac: ["hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]
}
})
.then(() => {
// console.log("connect SFTP!!");
return sftp.cwd();
// return sftp.get("NTCH_020120210710.txt");
})
// sftp.get(remotePath, dst))
.then(() => {
// console.log("connect SFTP!!");
sftp.end();
})
.catch(err => {
console.error(err.message);
});package-lock.json
{
"requires": true,
"lockfileVersion": 1,
"dependencies": {
"asn1": {
"version": "0.2.4",
"resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.4.tgz",
"integrity": "sha512-jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg==",
"requires": {
"safer-buffer": "~2.1.0"
}
},
"bcrypt-pbkdf": {
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz",
"integrity": "sha1-pDAdOJtqQ/m2f/PKEaP2Y342Dp4=",
"requires": {
"tweetnacl": "^0.14.3"
}
},
"buffer-from": {
"version": "1.1.2",
"resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz",
"integrity": "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ=="
},
"concat-stream": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/concat-stream/-/concat-stream-2.0.0.tgz",
"integrity": "sha512-MWufYdFw53ccGjCA+Ol7XJYpAlW6/prSMzuPOTRnJGcGzuhLn4Scrz7qf6o8bROZ514ltazcIFJZevcfbo0x7A==",
"requires": {
"buffer-from": "^1.0.0",
"inherits": "^2.0.3",
"readable-stream": "^3.0.2",
"typedarray": "^0.0.6"
}
},
"cpu-features": {
"version": "0.0.2",
"resolved": "https://registry.npmjs.org/cpu-features/-/cpu-features-0.0.2.tgz",
"integrity": "sha512-/2yieBqvMcRj8McNzkycjW2v3OIUOibBfd2dLEJ0nWts8NobAxwiyw9phVNS6oDL8x8tz9F7uNVFEVpJncQpeA==",
"optional": true,
"requires": {
"nan": "^2.14.1"
}
},
"err-code": {
"version": "2.0.3",
"resolved": "https://registry.npmjs.org/err-code/-/err-code-2.0.3.tgz",
"integrity": "sha512-2bmlRpNKBxT/CRmPOlyISQpNj+qSeYvcym/uT0Jx2bMOlKLtSy1ZmLuVxSEKKyor/N5yhvp/ZiG1oE3DEYMSFA=="
},
"inherits": {
"version": "2.0.4",
"resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
"integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
},
"nan": {
"version": "2.15.0",
"resolved": "https://registry.npmjs.org/nan/-/nan-2.15.0.tgz",
"integrity": "sha512-8ZtvEnA2c5aYCZYd1cvgdnU6cqwixRoYg70xPLWUws5ORTa/lnw+u4amixRS/Ac5U5mQVgp9pnlSUnbNWFaWZQ==",
"optional": true
},
"promise-retry": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/promise-retry/-/promise-retry-2.0.1.tgz",
"integrity": "sha512-y+WKFlBR8BGXnsNlIHFGPZmyDf3DFMoLhaflAnyZgV6rG6xu+JwesTo2Q9R6XwYmtmwAFCkAk3e35jEdoeh/3g==",
"requires": {
"err-code": "^2.0.2",
"retry": "^0.12.0"
}
},
"readable-stream": {
"version": "3.6.0",
"resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.0.tgz",
"integrity": "sha512-BViHy7LKeTz4oNnkcLJ+lVSL6vpiFeX6/d3oSH8zCW7UxP2onchk+vTGB143xuFjHS3deTgkKoXXymXqymiIdA==",
"requires": {
"inherits": "^2.0.3",
"string_decoder": "^1.1.1",
"util-deprecate": "^1.0.1"
}
},
"retry": {
"version": "0.12.0",
"resolved": "https://registry.npmjs.org/retry/-/retry-0.12.0.tgz",
"integrity": "sha1-G0KmJmoh8HQh0bC1S33BZ7AcATs="
},
"safe-buffer": {
"version": "5.2.1",
"resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
"integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ=="
},
"safer-buffer": {
"version": "2.1.2",
"resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
"integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
},
"ssh2": {
"version": "1.2.0",
"resolved": "https://registry.npmjs.org/ssh2/-/ssh2-1.2.0.tgz",
"integrity": "sha512-vklfVRyylayGV/zMwVEkTC9kBhA3t264hoUHV/yGuunBJh6uBGP1VlzhOp8EsqxpKnG0xkLE1qHZlU0+t8Vh6Q==",
"requires": {
"asn1": "^0.2.4",
"bcrypt-pbkdf": "^1.0.2",
"cpu-features": "0.0.2",
"nan": "^2.14.2"
}
},
"ssh2-sftp-client": {
"version": "7.0.1",
"resolved": "https://registry.npmjs.org/ssh2-sftp-client/-/ssh2-sftp-client-7.0.1.tgz",
"integrity": "sha512-+mI/Mh9IGoQfgc/XVWm/W7TkOMDomvqz0bXvQEXEwqeWqkjbiDc3FQ5ZWUiwpL1IblZ7+lsmXEVGasE8U901kw==",
"requires": {
"concat-stream": "^2.0.0",
"promise-retry": "^2.0.1",
"ssh2": "^1.2.0"
}
},
"string_decoder": {
"version": "1.3.0",
"resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz",
"integrity": "sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==",
"requires": {
"safe-buffer": "~5.2.0"
}
},
"tweetnacl": {
"version": "0.14.5",
"resolved": "https://registry.npmjs.org/tweetnacl/-/tweetnacl-0.14.5.tgz",
"integrity": "sha1-WuaBd/GS1EViadEIr6k/+HQ/T2Q="
},
"typedarray": {
"version": "0.0.6",
"resolved": "https://registry.npmjs.org/typedarray/-/typedarray-0.0.6.tgz",
"integrity": "sha1-hnrHTjhkGHsdPUfZlqeOxciDB3c="
},
"util-deprecate": {
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
"integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8="
}
}
}Wu @.***> writes:
sftp.connect({ host: "xxx", port: "22", username: "ooo", password: "", readyTimeout: 99999, debug: console.log, algorithms: { kex: [ "diffie-hellman-group1-sha1", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group14-sha1" ], cipher: [ "3des-cbc", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm", @.", "aes256-gcm", @.***", "aes256-cbc" ], serverHostKey: [ "ssh-rsa", "ssh-dss", "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521" ], hmac: ["hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"] } })
Try without the readyTimeout and algorithms properties. Just have host, username, password and debug.
st931630
commented
3 years ago Wu @.> writes: sftp.connect({ host: "xxx", port: "22", username: "ooo", password: "", readyTimeout: 99999, debug: console.log, algorithms: { kex: [ "diffie-hellman-group1-sha1", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group14-sha1" ], cipher: [ "3des-cbc", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm", @.", "aes256-gcm", @.", "aes256-cbc" ], serverHostKey: [ "ssh-rsa", "ssh-dss", "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521" ], hmac: ["hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"] } }) Try without the readyTimeout and algorithms properties. Just have host, username, password and debug.
this is without readyTimeout and algorithms properties of the debug log If sftp config without set algorithms properties in my case, it will get the error.
error: CLIENT[sftp]: connect: Error getConnection: Handshake failed: no matching key exchange algorithm
CLIENT[sftp]: connect: Debugging turned on
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: connect: Connect attempt 1
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: getConnection: Adding temp event listeners
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: getConnection: created promise
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: Adding listener to ready event
node_modules/ssh2-sftp-client/src/index.js:80
Custom crypto binding available
node_modules/ssh2/lib/protocol/Protocol.js:125
Client: Trying 203.73.97.204 on port 22 ...
node_modules/ssh2/lib/client.js:1026
Local ident: 'SSH-2.0-ssh2js1.2.0'
node_modules/ssh2/lib/protocol/Protocol.js:125
Socket connected
node_modules/ssh2/lib/client.js:706
Remote ident: 'SSH-2.0-CoreFTP-0.3.2'
node_modules/ssh2/lib/protocol/Protocol.js:125
Outbound: Sending KEXINIT
node_modules/ssh2/lib/protocol/Protocol.js:125
Inbound: Handshake in progress
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: (local) KEX method: curve25519-sha256@libssh.org,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: (remote) KEX method: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: No matching key exchange algorithm
node_modules/ssh2/lib/protocol/Protocol.js:125
Outbound: Sending DISCONNECT (3)
node_modules/ssh2/lib/protocol/Protocol.js:125
CLIENT[sftp]: getConnection: Handling error: Handshake failed: no matching key exchange algorithm
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: getConnection: handled error with reject
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: Global: Ignoring handled error
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: getConnection: finally clause fired
node_modules/ssh2-sftp-client/src/index.js:80
Socket ended
node_modules/ssh2/lib/client.js:746
CLIENT[sftp]: getConnection: Handling end event
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: getConnection: handling end event with reject'
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: Global: Ignoring hanlded end event
node_modules/ssh2-sftp-client/src/index.js:80
Socket closed
node_modules/ssh2/lib/client.js:753
CLIENT[sftp]: getConnection: handling close event with reject
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: Global: Ignoring handled close event
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: Removing listener from ready event
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: getConnection: Removing temp event listeners
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: getConnection retry catch
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: connect: Connect attempt 2
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: getConnection: Adding temp event listeners
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: getConnection: created promise
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: Adding listener to ready event
node_modules/ssh2-sftp-client/src/index.js:80
Custom crypto binding available
node_modules/ssh2/lib/protocol/Protocol.js:125
Client: Trying 203.73.97.204 on port 22 ...
node_modules/ssh2/lib/client.js:1026
Local ident: 'SSH-2.0-ssh2js1.2.0'
node_modules/ssh2/lib/protocol/Protocol.js:125
Socket connected
node_modules/ssh2/lib/client.js:706
Remote ident: 'SSH-2.0-CoreFTP-0.3.2'
node_modules/ssh2/lib/protocol/Protocol.js:125
Outbound: Sending KEXINIT
node_modules/ssh2/lib/protocol/Protocol.js:125
Inbound: Handshake in progress
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: (local) KEX method: curve25519-sha256@libssh.org,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: (remote) KEX method: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: No matching key exchange algorithm
node_modules/ssh2/lib/protocol/Protocol.js:125
Outbound: Sending DISCONNECT (3)
node_modules/ssh2/lib/protocol/Protocol.js:125
CLIENT[sftp]: getConnection: Handling error: Handshake failed: no matching key exchange algorithm
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: getConnection: handled error with reject
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: Global: Ignoring handled error
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: getConnection: finally clause fired
node_modules/ssh2-sftp-client/src/index.js:80
Socket ended
node_modules/ssh2/lib/client.js:746
CLIENT[sftp]: getConnection: Handling end event
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: getConnection: handling end event with reject'
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: Global: Ignoring hanlded end event
node_modules/ssh2-sftp-client/src/index.js:80
Socket closed
node_modules/ssh2/lib/client.js:753
CLIENT[sftp]: getConnection: handling unexpected close event
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: getConnection: handling close event with reject
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: Global: Ignoring handled close event
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: Removing listener from ready event
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: getConnection: Removing temp event listeners
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: getConnection retry catch
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: connect: Error getConnection: Handshake failed: no matching key exchange algorithmThat actually helps a lot. We now know that one reason the connection is timing out is because there are no key exchange algorithms available which your remote server supports. Checking the log output from your previous sftp CLI run, we know the remote server wants diffie-hellman-group14-sha1, so now try a config with
{ host: xxxx, username: xxxx, password: xxx, algorithms: { kex: ["diffie-hellman-group14-sha1"] }, }, debug: console.log }
and see if we get a bit further. It might still fail, but that will be (hopefully) a bit further on and a different error (like no matching cipher etc).
st931630
commented
3 years ago That actually helps a lot. We now know that one reason the connection is timing out is because there are no key exchange algorithms available which your remote server supports. Checking the log output from your previous sftp CLI run, we know the remote server wants diffie-hellman-group14-sha1, so now try a config with { host: xxxx, username: xxxx, password: xxx, algorithms: { kex: ["diffie-hellman-group14-sha1"] }, }, debug: console.log } and see if we get a bit further. It might still fail, but that will be (hopefully) a bit further on and a different error (like no matching cipher etc).
I modify algorithms properties for two versions, and it still timeout.
{
host: xxxx,
username: xxxx,
password: xxx,
algorithms: {
kex: ["diffie-hellman-group14-sha1"]
},
},
debug: console.log
}or according to my stfp CLI to set algorithms properties
{
host: xxxx,
username: xxxx,
password: xxx,
algorithms: {
kex: ["diffie-hellman-group14-sha1"],
cipher: "aes128-ctr",
serverHostKey: "ssh-rsa"
},
debug: console.log
}debug log
CLIENT[sftp]: connect: Debugging turned on
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: connect: Connect attempt 1
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: getConnection: Adding temp event listeners
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: getConnection: created promise
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: Adding listener to ready event
node_modules/ssh2-sftp-client/src/index.js:80
Custom crypto binding available
node_modules/ssh2/lib/protocol/Protocol.js:125
Client: Trying 203.73.97.204 on port 22 ...
node_modules/ssh2/lib/client.js:1026
Local ident: 'SSH-2.0-ssh2js1.2.0'
node_modules/ssh2/lib/protocol/Protocol.js:125
Socket connected
node_modules/ssh2/lib/client.js:706
Remote ident: 'SSH-2.0-CoreFTP-0.3.2'
node_modules/ssh2/lib/protocol/Protocol.js:125
Outbound: Sending KEXINIT
node_modules/ssh2/lib/protocol/Protocol.js:125
Inbound: Handshake in progress
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: (local) KEX method: diffie-hellman-group1-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: (remote) KEX method: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: KEX algorithm: diffie-hellman-group1-sha1
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: (local) Host key format: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: (remote) Host key format: ssh-rsa
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: Host key format: ssh-rsa
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: (local) C->S cipher: aes128-gcm,aes128-gcm@openssh.com,aes256-gcm,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: (remote) C->S cipher: aes128-cbc,aes128-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes192-ctr,aes256-cbc,aes256-ctr,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: C->S Cipher: aes128-ctr
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: (local) S->C cipher: aes128-gcm,aes128-gcm@openssh.com,aes256-gcm,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: (remote) S->C cipher: aes128-cbc,aes128-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes192-ctr,aes256-cbc,aes256-ctr,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: S->C cipher: aes128-ctr
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: (local) C->S MAC: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: (remote) C->S MAC: hmac-sha1,hmac-md5,none
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: C->S MAC: hmac-sha1
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: (local) S->C MAC: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: (remote) S->C MAC: hmac-sha1,hmac-md5,none
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: S->C MAC: hmac-sha1
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: (local) C->S compression: none,zlib@openssh.com,zlib
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: (remote) C->S compression: none,none
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: C->S compression: none
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: (local) S->C compression: none,zlib@openssh.com,zlib
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: (remote) S->C compression: none,none
node_modules/ssh2/lib/protocol/Protocol.js:125
Handshake: S->C compression: none
node_modules/ssh2/lib/protocol/Protocol.js:125
Outbound: Sending KEXDH_INIT
node_modules/ssh2/lib/protocol/Protocol.js:125
Received DH Reply
node_modules/ssh2/lib/protocol/Protocol.js:125
Host accepted by default (no verification)
node_modules/ssh2/lib/protocol/Protocol.js:125
Host accepted (verified)
node_modules/ssh2/lib/protocol/Protocol.js:125
CLIENT[sftp]: getConnection: Handling error: Timed out while waiting for handshake
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: getConnection: handled error with reject
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: Global: Ignoring handled error
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: getConnection: finally clause fired
node_modules/ssh2-sftp-client/src/index.js:80
Socket closed
node_modules/ssh2/lib/client.js:753
CLIENT[sftp]: getConnection: handling unexpected close event
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: getConnection: handling close event with reject
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: Global: Ignoring handled close event
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: Removing listener from ready event
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: getConnection: Removing temp event listeners
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: getConnection retry catch
node_modules/ssh2-sftp-client/src/index.js:80
CLIENT[sftp]: connect: Error getConnection: Timed out while waiting for handshake
node_modules/ssh2-sftp-client/src/index.js:80
connect->getConnection: Timed out while waiting for handshake
test.js:91OK, I think your getting closer. At least we are now getting meaningful debug output.
From that output, it does look like you are now negotiating key exchange, ciphers, hmac and compression successfully. My guess is that this is taking too long and you will need the readyTimout. I would now add
compress: "none", readyTimeout: 40000,
and see if that helps. From the debug log, it appears your remote sftp server does not support compression, so setting this to none might speed up the handshake as it won't attempt to negotiate a compression algorithm.
It does look like for some reason that the client and host is negotiating things twice - this could just be misleading debug messages, but perhaps not.
I think if it still doesn't work, you will need to write a very simple script using just ssh2 and see if that works (I expect it won't). Then you will need to log an issue wiht the ssh2 maintainer as this is clearly and ssh2 issue and nothing ssh2-sftp-client can do to address it.
In the ssh2-sftp-client repository, there is a directory called validate which contains some example scripts that just use ssh2. You can use one of these as a template. You need to demonstrate the problem with only using ssh2 to ensure it is seen as an ssh2 issue and not an ssh2-sftp-client issue. The ssh2 module has just gone under a complete re-write, so it is quite possible there is some bugs still needing to be identified and fixed.
If by some chance the pure ssh2 script works, then let me know as that would indicate it is an ssh2-sftp-client issue. I think this is unlikely as ssh2-sftp-client doesn't do any of the connection stuff - it just passes that off to ssh2, but you never know.....
Note that I also just checked the issues in the ssh2 repository. There is one other issue where they appear to be having the same problem, but that was with the 1.0.0 version and I think it was supposed to be fixed in the 1.1.0 and we are running the 1.2.0 version.
When you do log your issue, include a full debug log and mention which sftp version the server is running (as well as your node version and platform). There have been known issues with some sftp servers, so providing that info may help.
st931630
commented
3 years ago OK, I think your getting closer. At least we are now getting meaningful debug output. From that output, it does look like you are now negotiating key exchange, ciphers, hmac and compression successfully. My guess is that this is taking too long and you will need the readyTimout. I would now add compress: "none", readyTimeout: 40000, and see if that helps. From the debug log, it appears your remote sftp server does not support compression, so setting this to none might speed up the handshake as it won't attempt to negotiate a compression algorithm. It does look like for some reason that the client and host is negotiating things twice - this could just be misleading debug messages, but perhaps not. I think if it still doesn't work, you will need to write a very simple script using just ssh2 and see if that works (I expect it won't). Then you will need to log an issue wiht the ssh2 maintainer as this is clearly and ssh2 issue and nothing ssh2-sftp-client can do to address it. In the ssh2-sftp-client repository, there is a directory called validate which contains some example scripts that just use ssh2. You can use one of these as a template. You need to demonstrate the problem with only using ssh2 to ensure it is seen as an ssh2 issue and not an ssh2-sftp-client issue. The ssh2 module has just gone under a complete re-write, so it is quite possible there is some bugs still needing to be identified and fixed. If by some chance the pure ssh2 script works, then let me know as that would indicate it is an ssh2-sftp-client issue. I think this is unlikely as ssh2-sftp-client doesn't do any of the connection stuff - it just passes that off to ssh2, but you never know..... Note that I also just checked the issues in the ssh2 repository. There is one other issue where they appear to be having the same problem, but that was with the 1.0.0 version and I think it was supposed to be fixed in the 1.1.0 and we are running the 1.2.0 version. When you do log your issue, include a full debug log and mention which sftp version the server is running (as well as your node version and platform). There have been known issues with some sftp servers, so providing that info may help.
Thank you for your kindly help. I also try to modify the config setting, it is handshake timeout and debug log on the same as before.
compress: "none",
readyTimeout: 40000,However, I have tried to run ssh2 npm module and reply some detail on mscdex/ssh2 github.
Skromak
commented
3 years ago For what it's worth, I faced the same issue on v7.0.0 and v7.0.1. I am using an M1 mac and have a small suspicion the cpu-features dependency caused the issue. Rolling back to 6.0.1 meant I no longer faced this issue.
theophilusx
commented
3 years ago This issue is in the ssh2 module. Could you please add a comment to the issue in that repository as the more info available might help find a resolution. See mscdex/ssh2#1040
Note that the 6.x series of ssh2-sftp-client is based on the old ssh2, prior to the rewrite and has significant problems with node v14.x due to network changes in the node stack introduced in v14. These changes were rolled back in v15, but as they did provide significant performance improvements, they are likely to be rolled back in at some future date.
Skromak
commented
3 years ago Ah, good to know, thanks. I've made a comment on that ssh2 issue. Thanks @theophilusx
Batistleman
commented
3 years ago Applying the patch from this comment fixes the problem for me: https://github.com/mscdex/ssh2/issues/1040#issuecomment-895564708
I didn't need to specify algorithms or readyTimeout.
theophilusx
commented
3 years ago OK. As soon as a new ssh2 version is pushed to npmjs.com, I'll release an update for ssh2-sftp-client.
theophilusx
commented
3 years ago About to push version v7.0.2, which is based on ssh2 1.3.0, that includes the patch to fix the timeout issue.
QAnders
commented
3 years ago Thanks for the detailed explanations, @theophilusx!
This thread helped me a lot as I got an error when running this in a AWS LAmbda (Node12):
Error: connect->getConnection: Timed out while waiting for handshakeI enabled debug as per the instruction above and found that the server asked for diffie-hellman-group16-sha512,diffie-hellman-group14-sha256 so adding that to the connect() solved my issue!
bjacques
commented
2 years ago For those who follow, I experienced the same behaviour as described above although I am using later code versions:
"ssh2-sftp-client": "^8.1.0"
"ssh2": "^1.10.0"To resolve my issue I had to ensure that each of the algorithm config options was defined using an array and not a string (like what is shown in this thread above).
This works...
const config: sftp.ConnectOptions = {
host,
username,
password,
port,
algorithms: {
kex: [
"diffie-hellman-group16-sha512",
"diffie-hellman-group14-sha256",
"diffie-hellman-group-exchange-sha256"
],
cipher: [ "aes128-ctr" ],
serverHostKey: [ "ssh-rsa" ],
compress: [ "none" ],
},
readyTimeout: 40000,
debug: log.info
};When I incorrectly defined cipher: "aes128-ctr" and serverHostKey: "ssh-rsa" (not arrays) then I was getting the timeout issues but no obvious error in the debug logs
nimrodyanai
commented
2 years ago I am getting this error now, too. Using the latest code version 7.2.3.
It was working fine until a couple of weeks ago, when it suddenly stopped. I don't know what changed. Here is the code:
var config = {
host: urls,
port: port,
user: user,
//compress: "none",
readyTimeout: 99999,
password: password,
algorithms: {
//Adding algorithms for server support
kex: [
"diffie-hellman-group1-sha1",
"ecdh-sha2-nistp256",
"ecdh-sha2-nistp384",
"ecdh-sha2-nistp521",
"diffie-hellman-group-exchange-sha256",
"diffie-hellman-group14-sha1",
],
cipher: [
"3des-cbc",
"aes128-ctr",
"aes192-ctr",
"aes256-ctr",
"aes128-gcm",
"aes128-gcm@openssh.com",
"aes256-gcm",
"aes256-gcm@openssh.com",
],
serverHostKey: [
"ssh-rsa",
"ecdsa-sha2-nistp256",
"ecdsa-sha2-nistp384",
"ecdsa-sha2-nistp521",
],
hmac: ["hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"],
},
debug: console.log
};
let sftp = new Client();
sftp
.connect(config)
.then (***)Here is my debug log:
CLIENT[sftp]: connect: Debugging turned on
CLIENT[sftp]: connect: Connect attempt 1
CLIENT[sftp]: getConnection: Adding temp event listeners
CLIENT[sftp]: getConnection: created promise
CLIENT[sftp]: Adding listener to ready event
Custom crypto binding not available
Local ident: 'SSH-2.0-ssh2js1.10.0'
Client: Trying ***.***.***.*** on port 22 ...
Socket error: connect ETIMEDOUT ***.***.***.***:22
CLIENT[sftp]: getConnection Error: Handling error: connect ETIMEDOUT ***.***.***.***:22
CLIENT[sftp]: getConnection Error: handled error with reject
CLIENT[sftp]: Global: Ignoring handled error: connect ETIMEDOUT ***.***.***.***:22
CLIENT[sftp]: getConnection: finally clause fired
Socket closed
CLIENT[sftp]: getConnection Close: handling unexpected close event
CLIENT[sftp]: getConnection Close: handling close event with reject
CLIENT[sftp]: Global: Ignoring handled close event
CLIENT[sftp]: Removing listener from ready event
CLIENT[sftp]: getConnection: Removing temp event listeners
CLIENT[sftp]: getConnection retry catch: getConnection: connect ETIMEDOUT ***.***.***.***:22 Code: ETIMEDOUT
CLIENT[sftp]: connect: Connect attempt 2
CLIENT[sftp]: getConnection: Adding temp event listeners
CLIENT[sftp]: getConnection: created promise
CLIENT[sftp]: Adding listener to ready event
Custom crypto binding not available
Local ident: 'SSH-2.0-ssh2js1.10.0'
Client: Trying ***.***.***.*** on port 22 ...
Socket error: connect ETIMEDOUT ***.***.***.***:22
CLIENT[sftp]: getConnection Error: Handling error: connect ETIMEDOUT ***.***.***.***:22
CLIENT[sftp]: getConnection Error: handled error with reject
CLIENT[sftp]: Global: Ignoring handled error: connect ETIMEDOUT ***.***.***.***:22
CLIENT[sftp]: getConnection: finally clause fired
Socket closed
CLIENT[sftp]: getConnection Close: handling unexpected close event
CLIENT[sftp]: getConnection Close: handling close event with reject
CLIENT[sftp]: Global: Ignoring handled close event
CLIENT[sftp]: Removing listener from ready event
CLIENT[sftp]: getConnection: Removing temp event listeners
CLIENT[sftp]: getConnection retry catch: getConnection: connect ETIMEDOUT ***.***.***.***:22 Code: ETIMEDOUT
CLIENT[sftp]: connect: Error getConnection: connect ETIMEDOUT ***.***.***.***:22
Error: connect->getConnection: connect ETIMEDOUT ***.***.***.***:22
at fmtError (C:\Users\***\node_modules\ssh2-sftp-client\src\utils.js:55:18)
at SftpClient.connect (C:\Users\***\node_modules\ssh2-sftp-client\src\index.js:218:13) {
code: 'ETIMEDOUT',
custom: true
}nimrodyanai @.***> writes:
I am getting this error now, too. Using the latest code version 7.2.3.
The current version is 9.0.3, which is based on later versions of ssh2. Please upgrade to 9.0.3 and see if the problem persists.
nimrodyanai
commented
2 years ago nimrodyanai @.***> writes: I am getting this error now, too. Using the latest code version 7.2.3. The current version is 9.0.3, which is based on later versions of ssh2. Please upgrade to 9.0.3 and see if the problem persists.
Strange, I had to uninstall and reinstall, it wouldn't update otherwise. Anyway, this did not solve the issue. Still a timeout error:
CLIENT[sftp]: connect: Debugging turned on
CLIENT[sftp]: ssh2-sftp-client Version: 9.0.2 {
"node": "18.0.0",
"v8": "10.1.124.8-node.13",
"uv": "1.43.0",
"zlib": "1.2.11",
"brotli": "1.0.9",
"ares": "1.18.1",
"modules": "108",
"nghttp2": "1.47.0",
"napi": "8",
"llhttp": "6.0.4",
"openssl": "3.0.2+quic",
"cldr": "41.0",
"icu": "71.1",
"tz": "2022a",
"unicode": "14.0",
"ngtcp2": "0.1.0-DEV",
"nghttp3": "0.1.0-DEV"
}
CLIENT[sftp]: connect: Connect attempt 1
Custom crypto binding not available
Local ident: 'SSH-2.0-ssh2js1.11.0'
Client: Trying ***.***.***.*** on port 22 ...
Socket error: connect ETIMEDOUT ***.***.***.***:22
CLIENT[sftp]: connect errorListener - ignoring handled error
CLIENT[sftp]: Global: Ignoring handled error: connect ETIMEDOUT ***.***.***.***
Socket closed
CLIENT[sftp]: connect closeListener - ignoring handled error
CLIENT[sftp]: Global: Ignoring handled close event
CLIENT[sftp]: connect: Connect attempt 2
Custom crypto binding not available
Local ident: 'SSH-2.0-ssh2js1.11.0'
Client: Trying ***.***.***.*** on port 22 ...
Socket error: connect ETIMEDOUT ***.***.***.***:22
CLIENT[sftp]: connect errorListener - ignoring handled error
CLIENT[sftp]: Global: Ignoring handled error: connect ETIMEDOUT ***.***.***.***:22
Socket closed
CLIENT[sftp]: end: Connection closed
CLIENT[sftp]: end closeListener - ignoring handled error
CLIENT[sftp]: connect closeListener - ignoring handled error
CLIENT[sftp]: Global: Ignoring handled close event
CLIENT[sftp]: connect: getConnection: connect ETIMEDOUT ***.***.***.***:22 (ETIMEDOUT)
Error: connect: getConnection: connect ETIMEDOUT ***.***.***.***:22
at SftpClient.fmtError (C:\***\node_modules\ssh2-sftp-client\src\index.js:111:22)
at SftpClient.connect (C:\***\node_modules\ssh2-sftp-client\src\index.js:241:37)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5) {
code: 'ETIMEDOUT',
custom: true
}Based on the log, I would say there is some sort of network problem - possibly a firewall issue. It looks like you are unable to make the initial socket connection. The failure is occurring before any negotiation of keys, ciphers etc.
First thing I would do is verify you can connect to the remote sftp server using openssh's sftp CLI. If that works, I would run that same command with -vvv to get detailed debugging to verify what ciphers, key exchange etc algorithms are being used.
If you are able to get openssh sftp to work, I would then try a very simple node scirpt which just uses ssh2. If there is a code issue here, it is almost certainly with the ssh2 module and not ssh2-sftp-client. Verifying yo still cannot connect using just ssh2 will verify that. Note that there are some example ssh2 scripts in the validate directory of the ssh2-sftp-client repo.
Note that I have seen errors like this caused by deep packet inspecting firewalls (like Palo Alto). These firewalls use a signature system which looks at network packet patterns to decide whether to allow traffic through the firewall. As ssh2 does not use openssh, the signature it creates may not match existing signatures, so a connection will work with openssh CLI and not with ssh2 based scripts. One way to verify this is to try connecting from a different network which uses a different firwall. If that works, then ther is a good chance it is a local network/firewall issue.
Finally, I would remove all the algorithm settings in your config object. Your connection isn't getting that far. In most cases, it is not necessary to set any algorithms - the defaults work fine. Only add algorithm configurations when you know they are necessary (you will see log messages stating that there was a problem in negotiating key exchange, ciphers etc. As I say, I don't think your getting that far. From the log, it looks like you are unable to make the initial socket connection. This is typically a sign of a firewall or local network misconfiguration. I've seen very similar issues with people using docker containers or Windows WSL.
nimrodyanai
commented
2 years ago Yeah, I figured it would be something on their side. The strange thing is that it worked before, then stopped working after an update, so I thought it would be from that, but all signs point to it being on the customer's side. I'll try everything you suggested. Thanks!
gianlucadonato
commented
2 years ago I'm having the same error on v9.0.4
CLIENT[sftp]: ssh2-sftp-client Version: 9.0.4 {
"node": "18.4.0",
"v8": "10.2.154.4-node.8",
"uv": "1.43.0",
"zlib": "1.2.11",
"brotli": "1.0.9",
"ares": "1.18.1",
"modules": "108",
"nghttp2": "1.47.0",
"napi": "8",
"llhttp": "6.0.6",
"openssl": "3.0.3+quic",
"cldr": "41.0",
"icu": "71.1",
"tz": "2022a",
"unicode": "14.0",
"ngtcp2": "0.1.0-DEV",
"nghttp3": "0.1.0-DEV"
}
CLIENT[sftp]: connect: Connect attempt 1
Custom crypto binding not available
Local ident: 'SSH-2.0-ssh2js1.11.0'
Client: Trying ***.***.***.*** on port 21 ...
Socket connected
CLIENT[sftp]: connect errorListener - ignoring handled error
CLIENT[sftp]: Global: Ignoring handled error: Timed out while waiting for handshake
Socket closed
CLIENT[sftp]: connect errorListener - ignoring handled error
CLIENT[sftp]: Global: Ignoring handled error: Connection lost before handshake
CLIENT[sftp]: connect closeListener - ignoring handled error
CLIENT[sftp]: Global: Ignoring handled close event
CLIENT[sftp]: connect: Connect attempt 2
Custom crypto binding not available
Local ident: 'SSH-2.0-ssh2js1.11.0'
Client: Trying ***.***.***.*** on port 21 ...
Socket connected
CLIENT[sftp]: connect errorListener - ignoring handled error
CLIENT[sftp]: Global: Ignoring handled error: Timed out while waiting for handshake
CLIENT[sftp]: connect: getConnection: Timed out while waiting for handshake (ERR_GENERIC_CLIENT)@nimrodyanai did you managed to solve it? Was it indeed a firewall issue/misconfiguration of the ftp server? @theophilusx I'm able to successfully connect via Cyberduck (sftp client for mac), but I'm receiving this error when connecting via ssh2-sftp-client. Any idea what could be?
theophilusx
commented
2 years ago o Some crypto algorithms can be very slow, which makes the initial negotiation/handshake slow. People have solved this by
Increasing the readyTImeout value (see ssh2 docs for connection options)
Forcing negotiation of a faster kex algorithms using the algorithms property of the connect options object. (again, see the ssh2 docs).
You may also find other exaples of how people have solved this in the issues log for the ssh2 project.
vrana055
commented
1 year ago I am facing issue while connecting SFTP with Error: connect: Remote host refused connection using docker.
FYI it is working fine/as expected without docker.
Logs without docker (where the SFTP connection successfully established)
CLIENT[sftp]: connect: Debugging turned on
CLIENT[sftp]: ssh2-sftp-client Version: 9.0.4 {
"node": "16.14.1",
"v8": "9.4.146.24-node.20",
"uv": "1.43.0",
"zlib": "1.2.11",
"brotli": "1.0.9",
"ares": "1.18.1",
"modules": "93",
"nghttp2": "1.45.1",
"napi": "8",
"llhttp": "6.0.4",
"openssl": "1.1.1m+quic",
"cldr": "40.0",
"icu": "70.1",
"tz": "2021a3",
"unicode": "14.0",
"ngtcp2": "0.1.0-DEV",
"nghttp3": "0.1.0-DEV"
}
CLIENT[sftp]: connect: Connect attempt 1
Custom crypto binding not available
Local ident: 'SSH-2.0-ssh2js1.11.0'
Client: Trying <hostname> on port 22 ...
Socket connectedLogs with docker container (where the SFTP connection getting error Error: connect: Remote host refused connection
CLIENT[sftp]: connect: Debugging turned on
CLIENT[sftp]: ssh2-sftp-client Version: 9.0.4 {
"node": "16.18.1",
"v8": "9.4.146.26-node.22",
"uv": "1.43.0",
"zlib": "1.2.11",
"brotli": "1.0.9",
"ares": "1.18.1",
"modules": "93",
"nghttp2": "1.47.0",
"napi": "8",
"llhttp": "6.0.10",
"openssl": "1.1.1q+quic",
"cldr": "41.0",
"icu": "71.1",
"tz": "2022b",
"unicode": "14.0",
"ngtcp2": "0.8.1",
"nghttp3": "0.7.0"
}
CLIENT[sftp]: connect: Connect attempt 1
Custom crypto binding available
Local ident: 'SSH-2.0-ssh2js1.11.0'
Client: Trying <hostname> on port 27017 ...
Socket error: connect ECONNREFUSED X.XX.X.XXX:XXXXX
CLIENT[sftp]: connect errorListener - ignoring handled error
CLIENT[sftp]: Global: Ignoring handled error: connect ECONNREFUSED X.XX.X.XXX:XXXXX
CLIENT[sftp]: connect: Remote host refused connection (ECONNREFUSED)Can anyone suggest me what is the issue?
Here is my Dockerfile
FROM node:16
WORKDIR /home
COPY package*.json ./
COPY yarn.lock ./
RUN yarn install
COPY *.sh ./
COPY ./src src
EXPOSE 3000
CMD chmod u+x *.sh && ./docker-start.shSorry, I don't use docker, so cannot help.
I do know that without exception, every report I have had which involves docker and connection issues has been due to a configuration issue with docker. It is usually related to the network stack and firewalls or MTU settings.
Are you able to connect from within the docker container using openSSH CLI? Have you done basic network diagnosis like pings, traceroutes DNS lookups, disabling firewalls etc?a Do the logs on the remote sftp server provide any clues (if you have access)? Have you tried connecting from the docker container to a different sftp server?
You probably need to seek assistance on a docker specific forum.
vrana055
commented
1 year ago Thanks for your suggestion, it is really helpful for me to proceed ahead.
roberto-cachoeira
commented
1 year ago This is fixed for me. "ssh2-sftp-client": "7.2.3",
readyTimeout: 99999,
secure: true,
compress: "none",
pasvTimeout: 200000,
keepalive: 200000,
secureOptions: {
rejectUnauthorized: false
},
retries: 3,
retry_factor: 2,
retry_minTimeout: 2000,
algorithms: {
kex: [
"diffie-hellman-group1-sha1",
"ecdh-sha2-nistp256",
"ecdh-sha2-nistp384",
"ecdh-sha2-nistp521",
"diffie-hellman-group-exchange-sha256",
"diffie-hellman-group14-sha1",
],
cipher: [
"3des-cbc",
"aes128-ctr",
"aes192-ctr",
"aes256-ctr",
"aes128-gcm",
"aes256-gcm",
"aes256-cbc"
],
serverHostKey: [
"ssh-rsa",
"ssh-dss",
"ecdsa-sha2-nistp256",
"ecdsa-sha2-nistp384",
"ecdsa-sha2-nistp521"
],
hmac: ["hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]
}
elitan
commented
1 year ago I had a similar problem:
Inbound: Handshake in progress
Handshake: (local) KEX method: curve25519-sha256@libssh.org,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,ext-info-c
Handshake: (remote) KEX method: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
Handshake: No matching key exchange algorithmI solved it by adding the following:
algorithms: {
kex: ['diffie-hellman-group1-sha1'],
},like this:
await sftp.connect({
...
algorithms: {
kex: ['diffie-hellman-group1-sha1'],
},
});That is definitely a valid solution.
Bottom line is that some algorithms are significantly slower than others.You have basically two choices. Either set a higher timeout via the connection configuration object (see ssh2 documentation on cnnect) or select a different algorithm. Setting a timeout is easy, though it ins't always obvious what the new timeout should be. Setting a different algorithm can be slightly tricky in that you don't always know which algorithms the remote sftp server supports. One good approoach is to use the openSSH CLI sftp client with -vvv for increased debugging and use it to connect to the remote server. THis will give you details regarding available algorithms, allowing you to choose an altgernative which is faster.
The author of the ssh2 library has made some good posts/responses to this issue in the ssh2 issues within the repo on github. He has also suggested which algorithms are faster/slower, which may help in selecting a different algorithm.
aswinkumar686
commented
9 months ago Hi Iam facing the same issue
CLIENT[sftp]: connect: Debugging turned on CLIENT[sftp]: ssh2-sftp-client Version: 9.0.4 { "node": "16.20.2", "v8": "9.4.146.26-node.26", "uv": "1.43.0", "zlib": "1.2.11", "brotli": "1.0.9", "ares": "1.19.1", "modules": "93", "nghttp2": "1.47.0", "napi": "8", "llhttp": "6.0.11", "openssl": "1.1.1v+quic", "cldr": "41.0", "icu": "71.1", "tz": "2022f", "unicode": "14.0", "ngtcp2": "0.8.1", "nghttp3": "0.7.0" } CLIENT[sftp]: connect: Connect attempt 1 Custom crypto binding not available Local ident: 'SSH-2.0-ssh2js1.15.0' Client: Trying ** on port 22 ... CLIENT[sftp]: connect errorListener - ignoring handled error CLIENT[sftp]: Global error event: Ignoring expected and handled event Socket closed CLIENT[sftp]: connect closeListener - ignoring handled error CLIENT[sftp]: Global close event: Ignoring expected and handled event CLIENT[sftp]: connect: Connect attempt 2 Custom crypto binding not available Local ident: 'SSH-2.0-ssh2js1.15.0' Client: Trying on port 22 ... CLIENT[sftp]: connect errorListener - ignoring handled error CLIENT[sftp]: Global error event: Ignoring expected and handled event Socket closed CLIENT[sftp]: connect closeListener - ignoring handled error CLIENT[sftp]: Global close event: Ignoring expected and handled event CLIENT[sftp]: connect: Connect attempt 3 Custom crypto binding not available Local ident: 'SSH-2.0-ssh2js1.15.0' Client: Trying on port 22 ... CLIENT[sftp]: connect errorListener - ignoring handled error CLIENT[sftp]: Global error event: Ignoring expected and handled event Socket closed CLIENT[sftp]: connect closeListener - ignoring handled error CLIENT[sftp]: Global close event: Ignoring expected and handled event CLIENT[sftp]: connect: Connect attempt 4 Custom crypto binding not available Local ident: 'SSH-2.0-ssh2js1.15.0' Client: Trying ***** on port 22 ... CLIENT[sftp]: connect errorListener - ignoring handled error CLIENT[sftp]: Global error event: Ignoring expected and handled event CLIENT[sftp]: end: Called when no connection active CLIENT[sftp]: connect: getConnection: Timed out while waiting for handshake (ERR_GENERIC_CLIENT) [info][2024-01-18 05:08:59][EkitService] - connect: getConnection: Timed out while waiting for handshake Socket closed CLIENT[sftp]: Global close event: Handling unexpected event
Here is the config
readyTimeout: 99999,
secure: true,
compress: 'none',
debug: console.info,
pasvTimeout: 200000,
keepalive: 200000,
secureOptions: {
rejectUnauthorized: false
},
retries: 3,
retry_factor: 2,
retry_minTimeout: 2000,
algorithms: {
kex: [
'diffie-hellman-group1-sha1',
'ecdh-sha2-nistp256',
'ecdh-sha2-nistp384',
'ecdh-sha2-nistp521',
'diffie-hellman-group-exchange-sha256',
'diffie-hellman-group14-sha1'
],
cipher: [
'3des-cbc',
'aes128-ctr',
'aes192-ctr',
'aes256-ctr',
'aes128-gcm',
'aes256-gcm',
'aes256-cbc'
],
serverHostKey: [
'ssh-rsa',
'ssh-dss',
'ecdsa-sha2-nistp256',
'ecdsa-sha2-nistp384',
'ecdsa-sha2-nistp521'
],
hmac: ['hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1']
}
ubaidraza
commented
9 months ago Hi,
I'm having this issue 'custom crypto binding not available' when our server is making call to SFTP server of Cloudflare, can you please help us.
I tried latest version 10.0.1 and 7.2.3 also but that doesn't work also
following are parameters
const SFTP_CREDENTIALS = {
host: 'HOST_NAME',
port: '22',
username: 'USER_NAME',
password: 'PASSWORD',
readyTimeout: 99999,
keepaliveInterval: 9999,
keepaliveCountMax: 99,
debug: console.log
};Here is debug logs
CLIENT[****-client]: connect: Debugging turned on
CLIENT[****-client]: ssh2-sftp-client Version: 9.0.4 {
"node": "16.13.0",
"v8": "9.4.146.19-node.13",
"uv": "1.42.0",
"zlib": "1.2.11",
"brotli": "1.0.9",
"ares": "1.17.2",
"modules": "93",
"nghttp2": "1.45.1",
"napi": "8",
"llhttp": "6.0.4",
"openssl": "1.1.1l+quic",
"cldr": "39.0",
"icu": "69.1",
"tz": "2021a",
"unicode": "13.0",
"ngtcp2": "0.1.0-DEV",
"nghttp3": "0.1.0-DEV"
}
CLIENT[****-client]: connect: Connect attempt 1
Custom crypto binding not available
Local ident: 'SSH-2.0-ssh2js1.15.0'Your timeout issue is unrelated to the custom crypto binding message. That message is just telling you your module is not using the optional 'native' crypto code (optional C++ node-gyp code). Really just means your code may be slightly slower than it would be if using the native version).
Without a full debug log, I have no idea what the cause of your timeout problem is. Most likely cause is that your sftp server does not support any of the default key exchange or crypto algorithms available to the ssh2 library OR the server and client are negotiating to use one of the slower algorithms which are timing out. Have a look at the documentation for the algorithm property of the connect options object at https://github.com/mscdex/ssh2?tab=readme-ov-file#client-methods
A useful trick is to use openSSH's sftp client with the -vvv argument to connect to your remote sftp server. This will show you what algorithms are supported by the remote sftp server for both key exchange and ciphers and which ones are negotiated by the client. This will both confirm you can connect to the remote sftp server and you can then use the information dumped by the client to identify which key exchange and cipher algorithms to set via the algorithm property of the connect optons object.
Please also upgrade to ssh2-sftp-client 10.0.3
I Also note that you are running node v16.13.0, which is not only no longer maintained, it isn't even the last v16 version (which is v16.20.2). This project only actively supports version >= v18.
ubaidraza
commented
9 months ago Thank you for your prompt response. This was the full debug log that I've shared with you above.
I don't have SSH access of SFTP, would that be okay if I can raise this to those who are managing the SFTP. I tried passing algorithms but none worked
As far as version is concerned, I have their staging SFTP which is working with ssh2 version 7.2.3 and Node Version is 14.. I'll upgrade both versions here.
ubaidraza
commented
9 months ago i tried by passing some algorithems and this is what that i get now
CLIENT[verst-client]: connect errorListener - ignoring handled error 2024-02-02T18:01:40: CLIENT[verst-client]: Global error event: Ignoring expected and handled event 2024-02-02T18:01:40: CLIENT[verst-client]: connect errorListener - ignoring handled error 2024-02-02T18:01:40: CLIENT[verst-client]: Global error event: Ignoring expected and handled event 2024-02-02T18:01:40: Socket closed 2024-02-02T18:01:40: CLIENT[verst-client]: connect closeListener - ignoring handled error 2024-02-02T18:01:40: CLIENT[verst-client]: Global close event: Ignoring expected and handled event 2024-02-02T18:01:40: Socket closed 2024-02-02T18:01:40: CLIENT[verst-client]: connect closeListener - ignoring handled error 2024-02-02T18:01:40: CLIENT[verst-client]: Global close event: Ignoring expected and handled event 2024-02-02T18:02:05: CLIENT[verst-client]: connect: Connect attempt 2 2024-02-02T18:02:05: Custom crypto binding not available 2024-02-02T18:02:05: Local ident: 'SSH-2.0-ssh2js1.15.0' 2024-02-02T18:02:05: Client: Trying **.cloud on port 22 ... 2024-02-02T18:02:05: CLIENT[verst-client]: connect: Connect attempt 2 2024-02-02T18:02:05: Custom crypto binding not available 2024-02-02T18:02:05: Local ident: 'SSH-2.0-ssh2js1.15.0'
theophilusx
commented
9 months ago Don't use ssh2-sftp-client v7.x - that is a very old version and uses an old version of ssh2 which has known problems as well as some security holes. Use ssh2-sftp-client 10.0.3
DOn't use node < v18. Node v16 was end of life October 2023.
The log information stilll seems to be missing data to me. What I really need to see is example code which reproduces the problem. None of the data you have provided shows the specific error. My suggestion would be
I don't have SSH access of SFTP, would that be okay if I can raise this to those who are managing the SFTP. I tried passing algorithms but none worked
I"m not really sure what your asking here. However, at the end of the day, the issue you are experiencing is a local issue to do with your environment. I'm confident this is not a bug or problem with ssh2-sftp-client. As such, it really needs to be something you resolve locally.
To be clear. I cannot do anything until I'm provided with a way to reproduce the problem. From the information provided, this looks like a local configuration problem which needs to be sorted out between you and your sftp server maintainers. I can provide suggestions and some guidance, but at the end of the day, unless you can demonstrate it is either a bug in ssh2-sftp-client (which I would then endeavour to resolve) or a bug in the ssh2 module (which would then need to be logged with the ssh2 project), it is up to you and your team to resolve as this is a local environment issue.
ubaidraza
commented
9 months ago Hi @theophilusx ,
I Updated Package SSH2-SFTP-CLIENT to 10.0.3 and Node to 20.11.0 but still no success. With the same package and node, I'm able to make connection with SFTP server from my local. Where I received following logs.
CLIENT[verst-client]: connect: Connect attempt 1
Custom crypto binding not available
Local ident: 'SSH-2.0-ssh2js1.15.0'
Client: Trying [SFTP_SERVER_HOST_NAME] on port 22 ...
Socket connected
Remote ident: 'SSH-2.0-SFTP server'
Outbound: Sending KEXINIT
Inbound: Handshake in progress
Handshake: (local) KEX method: curve25519-sha256@libssh.org,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,ext-info-c,kex-strict-c-v00@openssh.com
Handshake: (remote) KEX method: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
Handshake: KEX algorithm: curve25519-sha256@libssh.org
Handshake: (local) Host key format: ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa
Handshake: (remote) Host key format: rsa-sha2-256,rsa-sha2-512,ssh-rsa
Handshake: Host key format: rsa-sha2-512
Handshake: (local) C->S cipher: aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305@openssh.com
Handshake: (remote) C->S cipher: aes128-ctr,aes192-ctr,aes256-ctr
Handshake: C->S Cipher: aes128-ctr
Handshake: (local) S->C cipher: aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305@openssh.com
Handshake: (remote) S->C cipher: aes128-ctr,aes192-ctr,aes256-ctr
Handshake: S->C cipher: aes128-ctr
Handshake: (local) C->S MAC: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
Handshake: (remote) C->S MAC: hmac-sha2-256,hmac-sha2-512
Handshake: C->S MAC: hmac-sha2-256
Handshake: (local) S->C MAC: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
Handshake: (remote) S->C MAC: hmac-sha2-256,hmac-sha2-512
Handshake: S->C MAC: hmac-sha2-256
Handshake: (local) C->S compression: none,zlib@openssh.com,zlib
Handshake: (remote) C->S compression: none,zlib,zlib@openssh.com
Handshake: C->S compression: none
Handshake: (local) S->C compression: none,zlib@openssh.com,zlib
Handshake: (remote) S->C compression: none,zlib,zlib@openssh.com
Handshake: S->C compression: none
Outbound: Sending KEXECDH_INIT
Received DH Reply
Host accepted by default (no verification)
Host accepted (verified)
Outbound: Sending NEWKEYS
Inbound: NEWKEYS
Verifying signature ...
Verified signature
Handshake completed
Outbound: Sending SERVICE_REQUEST (ssh-userauth)
Inbound: Received SERVICE_ACCEPT (ssh-userauth)
Outbound: Sending USERAUTH_REQUEST (none)
Inbound: Received USERAUTH_FAILURE (password,keyboard-interactive)
Client: none auth failed
Outbound: Sending USERAUTH_REQUEST (password)
Inbound: Received USERAUTH_SUCCESS
CLIENT[verst-client]: getConnection ready listener: got connection - promise resolved
Outbound: Sending CHANNEL_OPEN (r:0, session)
Inbound: CHANNEL_OPEN_CONFIRMATION (r:0, s:0)
Outbound: Sending CHANNEL_REQUEST (r:0, subsystem: sftp)
Inbound: CHANNEL_SUCCESS (r:0)
Outbound: Sending CHANNEL_DATA (r:0, 9)
Inbound: CHANNEL_DATA (r:0, 9)
SFTP: Inbound: Received VERSION (v3)
Outbound: Sending CHANNEL_DATA (r:0, 23)
SFTP: Outbound: Buffered OPENDIR
Inbound: CHANNEL_DATA (r:0, 46)
SFTP: Inbound: Received HANDLE (id:0)
Outbound: Sending CHANNEL_DATA (r:0, 46)
SFTP: Outbound: Buffered READDIR
Outbound: Sending ping (GLOBAL_REQUEST: keepalive@openssh.com)
Inbound: CHANNEL_DATA (r:0, 18513)
SFTP: Inbound: Received NAME (id:1, 100)
Outbound: Sending CHANNEL_DATA (r:0, 46)
SFTP: Outbound: Buffered READDIR
Inbound: Received REQUEST_FAILURE
Inbound: CHANNEL_DATA (r:0, 18143)
SFTP: Inbound: Received NAME (id:2, 98)
Outbound: Sending CHANNEL_DATA (r:0, 46)
SFTP: Outbound: Buffered READDIR
Inbound: CHANNEL_DATA (r:0, 44)
SFTP: Inbound: Received STATUS (id:3, 1, "There are no more files")
Outbound: Sending CHANNEL_DATA (r:0, 46)
SFTP: Outbound: Buffered CLOSE
Inbound: CHANNEL_DATA (r:0, 46)
SFTP: Inbound: Received STATUS (id:4, 0, "Binary transfer complete.")
Outbound: Sending DISCONNECT (11)From these logs I picked algorithms [HMAC, CYPHER, KEX and HOST_KEY_NAME] that are valids for SFTP Server
algorithms: {
kex: [
'curve25519-sha256@libssh.org',
'curve25519-sha256',
'ecdh-sha2-nistp256',
'ecdh-sha2-nistp384',
'ecdh-sha2-nistp521',
'diffie-hellman-group-exchange-sha256',
'diffie-hellman-group14-sha256',
'diffie-hellman-group15-sha512',
'diffie-hellman-group16-sha512',
'diffie-hellman-group17-sha512',
'diffie-hellman-group18-sha512',
'ext-info-c',
'kex-strict-c-v00@openssh.com'
],
cipher: [
'aes128-gcm@openssh.com',
'aes256-gcm@openssh.com',
'aes128-ctr',
'aes192-ctr',
'aes256-ctr'
],
serverHostKey: [
'ssh-ed25519',
'ecdsa-sha2-nistp256',
'ecdsa-sha2-nistp384',
'ecdsa-sha2-nistp521',
'rsa-sha2-512',
'rsa-sha2-256',
'ssh-rsa'
],
hmac: ['hmac-sha2-256-etm@openssh.com','hmac-sha2-512-etm@openssh.com','hmac-sha1-etm@openssh.com','hmac-sha2-256','hmac-sha2-512','hmac-sha1']
}As I Stated, I'm able to make connection from my local, but not from my production server. You are right, there is some environment issue, since I've limited access to production server so can you give us any idea what could be the reason so that I can pass the information to system administrator.
This is an error that I'm getting in my production server
Error: connect: getConnection: Timed out while waiting for handshake
{
code: 'ERR_GENERIC_CLIENT',
custom: true
}any clue will be helpful for me @theophilusx
Really thank you for your time and effort that you're putting in to solve my issue.
theophilusx
commented
9 months ago I cannot provide much as it all depends on your production environment. From the error your getting, it looks like the remote sftp server is not responding. This would make me suspect you have some sort of network issue, such as a firewall blocking access from your client to your sftp server.
Questions I'd be asking include
Do logs for sftp server show any connection attempts from your client. If your problem is a firewall, the sftp server won't be seeing the connection attempts.
Is there any form of firewall between your client host and the sftp server?
Can you run any network validation commands from the host where your client runs e.g. ping, traceroute, tcpdump/wireshark? These might provide more details regarding where the error is.
Can you connect to a public sftp server outside your production sftp server host? This might confirm networking is OK (I've seen frequent failures for people using docker where their network stack is not correctly configured).
As I said, I don't think this issue has anything to do with ssh2-sftp-client. THis is most likely either a firewall or local network configuration problem and will need to be diagnosed at that level.
I have set redyTimeout to 99999, but it still connects time out. I use sftp on the command line, it works to connect my host. Please some suggestions on how can I process it. Thanks.
this is code
this is debug log