Connecting to Microsoft Azure blob - WeOnlyDo Discussion board

Connecting to Microsoft Azure blob (wodFtpDLX / wodFtpDLX.NET)

by dfb, Wednesday, August 03, 2022, 08:08 (603 days ago)

Hi there,

A client is requesting an SFTP connection to an Azure blob.

Testing using WOD FTP DLX.Net 1.9.0.253 shows a connection error: Could not negotiate key exchange algorithm.

Microsoft has a list of supported algorithms https://docs.microsoft.com/en-au/azure/storage/blobs/secure-file-transfer-protocol-supp...

Is it possible to find out if versions later than 1.9.0.253 support some of these algorithms, and/or will coming versions support more of them?

Thanks!

Connecting to Microsoft Azure blob

by wodSupport, Wednesday, August 03, 2022, 09:14 (603 days ago) @ dfb

Hi.

If you're using NET 4+, you should be able to connect using ecdh-sha2-nistp256 or ecdh-sha2-nistp384 key exchanges. Otherwise we would need to add support to match exact ones supported by azure.

Regards,
Jasmine

Connecting to Microsoft Azure blob

by dfb, Thursday, August 04, 2022, 03:07 (602 days ago) @ wodSupport

Thanks Jasmine.

Confirming we are using .Net Framework 4.8

We have been able to run a network trace when trying to connect, if this helps.

Error returned: WeOnlyDo.Exceptions.FtpDLX.ProtocolException: Could not negotiate key exchange algorithm.

(Spaces added after commas to avoid "word too long" errors)

SSH Protocol
    SSH Version 2
        Packet Length: 684
        Padding Length: 7
        Key Exchange
            Message Code: Key Exchange Init (20)
            Algorithms
                Cookie: a951aaef8388f72ad4dfc0a1148ebd0b
                kex_algorithms length: 145
                kex_algorithms string: ecdh-sha2-nistp384, ecdh-sha2-nistp256, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group-exchange-sha256, ext-info-s
                server_host_key_algorithms length: 65
                server_host_key_algorithms string: rsa-sha2-256, rsa-sha2-512, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384
                encryption_algorithms_client_to_server length: 111
                encryption_algorithms_client_to_server string: aes128-gcm@openssh.com, aes256-gcm@openssh.com, aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr
                encryption_algorithms_server_to_client length: 111
                encryption_algorithms_server_to_client string: aes128-gcm@openssh.com, aes256-gcm@openssh.com, aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr
                mac_algorithms_client_to_server length: 87
                mac_algorithms_client_to_server string: hmac-sha2-256, hmac-sha2-512, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com
                mac_algorithms_server_to_client length: 87
                mac_algorithms_server_to_client string: hmac-sha2-256, hmac-sha2-512, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com
                compression_algorithms_client_to_server length: 4
                compression_algorithms_client_to_server string: none
                compression_algorithms_server_to_client length: 4
                compression_algorithms_server_to_client string: none
                languages_client_to_server length: 0
                languages_client_to_server string: [Empty]
                languages_server_to_client length: 0
                languages_server_to_client string: [Empty]
                First KEX Packet Follows: 0
                Reserved: 00000000
            Padding String: 25c2630451e8de

Many thanks.

Hi.

If you're using NET 4+, you should be able to connect using ecdh-sha2-nistp256 or ecdh-sha2-nistp384 key exchanges. Otherwise we would need to add support to match exact ones supported by azure.

Regards,
Jasmine

Connecting to Microsoft Azure blob

by wodSupport, Thursday, August 04, 2022, 09:24 (602 days ago) @ dfb

Hi.

We made an update, please download wodFtpDLX.NET again (or request update if you have valid updates subscription) and try it now.

Regards,
Jasmine

Connecting to Microsoft Azure blob

by dfb, Tuesday, August 09, 2022, 09:28 (597 days ago) @ wodSupport

Thanks Jasmine!

We're testing that new version, and it seems to work with the Azure blob SFTP connection - but I notice some existing code that was working with private key authentication to another server is no longer working.

It fails when trying to connect, with this error:

System.NullReferenceException: Object reference not set to an instance of an object.

Was there any behaviour change between versions 1.9.0.253 and 1.9.2.260 ?

Thanks

Connecting to Microsoft Azure blob

by wodSupport, Tuesday, August 09, 2022, 09:45 (597 days ago) @ dfb

Hi.

I don't think so. Is it something we could duplicate by ourselves? Can you share your code as separate sample?

Jasmine

Connecting to Microsoft Azure blob

by dfb, Wednesday, August 10, 2022, 07:14 (596 days ago) @ wodSupport

Thanks Jasmine. Some test VB code below. As shown using key file, it fails at the connect. It works if modified to authenticate with a password.

[code]
Try
Using ftps As New WeOnlyDo.Client.FtpDLX
ftps.Hostname = hostname
ftps.ListParams = ""
ftps.LicenseKey = licenceKey
ftps.TransferMode = TransferModes.Binary
ftps.Blocking = True
ftps.Passive = False

ftps.Protocol = Protocols.SFTP

ftps.Authentication = Authentications.Certificate
ftps.PrivateKey = IO.File.ReadAllText(privateKeyFile)

ftps.Login = login
ftps.Connect()

ftps.ListDir("\")
For Each ftpDirItem As DirItem In ftps.DirItems
Console.WriteLine(ftpDirItem.FullLine)
Next

ftps.Disconnect()
End Using
Catch ex As Exception
Console.WriteLine(ex.ToString)
End Try
[code]

Hi.

I don't think so. Is it something we could duplicate by ourselves? Can you share your code as separate sample?

Jasmine

Connecting to Microsoft Azure blob

by wodSupport, Wednesday, August 10, 2022, 23:15 (596 days ago) @ dfb

Thank you! I believe we were able to duplicate and fix the issue, so please request update to obtain latest wodFtpDLX.NET (or download DEMO if you don't have valid update subscription) and try it now. Make sure Version property returns 1.9.2.261

Note that most probably your key was invalid, and didn't contain private part of the key, but now you will receive more descriptive error and it will not just crash.

Let me know if it's ok now!

Regards,
Jasmine

Connecting to Microsoft Azure blob

by dfb, Thursday, August 11, 2022, 02:59 (595 days ago) @ wodSupport

Thank you Jasmine!

I have tried with 1.9.2.261 and am now getting "Authentication with the server failed."

However, reverting to the old wodFtpDLX.NET version (1.9.0.253) it connects successfully - using the same test code and the same key file.

Any ideas what else we can try?

Connecting to Microsoft Azure blob

by wodSupport, Thursday, August 11, 2022, 23:20 (595 days ago) @ dfb

Hi.

Yes, you seem to be right, there was code change in later versions that could cause problems with the key authentication. It is now fixed, please request update and try it out, it should be working ok now.

Regards,
Jasmine

Connecting to Microsoft Azure blob

by dfb, Tuesday, August 16, 2022, 02:08 (591 days ago) @ wodSupport

Many thanks Jasmine.

We'll continue to test, but so far this looks like it's working well for us.

Thanks again!