Problem solved - updated to latest 11.19 and everything works now.
I have problem with the latest version of CentOS (v7.4.1708 (Core).
I have DOpus 11.15 x64 installed
I can't connect with SFTP to newly built server. (I never had problems with connecting to other SFTP servers)
-- versions of SSL + SSH
OpenSSL 1.0.2k-fips 26 Jan 2017
[root@localhost html]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
I can transfer files with WinSCP v5.7.3
I can transfer files with MobaXterm
When I trying connect with Dopus, I see:
-- linux /var/log/secure logs:
Oct 17 11:00:22 localhost sshd: error: kex protocol error: type 30 seq 1 [preauth]
Oct 17 11:00:22 localhost sshd: error: Received disconnect from 10.0.201.223 port 62270:2: Server protocol violation: unexpected SSH2_MSG_UNIMPLEMENTED packet [preauth]
Oct 17 11:00:22 localhost sshd: Disconnected from 10.0.201.223 port 62270 [preauth]
-- Dopus ftp logs:
Opening Connection 10.0.1.183:22
Server version: SSH-2.0-OpenSSH_7.4
Using SSH protocol version 2
We claim version: SSH-2.0-PuTTY_Directory_Opus
Server supports delayed compression; will try this later
Doing Diffie-Hellman group exchange
Disconnected: Server protocol violation: unexpected SSH2_MSG_UNIMPLEMENTED packet
SSH: Fatal: Disconnected: Server protocol violation: unexpected SSH2_MSG_UNIMPLEMENTED packet
As I see, this can be a problem due to old method of identification used by DOpus.
I found this article about this (2 years ago)
... and this point to the updates on the OpenSSL:
- ssh(1), sshd(8): deprecate legacy SSH2_MSG_KEX_DH_GEX_REQUEST_OLD
message and do not try to use it against some 3rd-party SSH
implementations that use it (older PuTTY, WinSCP).
There are workaround on putty to use other auth methods but I don;t found this on DOpus config.
The fix was the following: In PuTTY, go to “Connection → SSH → Kex”. There, select “Diffie-Hellman group exchange” and move it to the bottom of the list, so it is not used. The connection should start working as normal again.
= How to connect with Opus via SFTP and use other authentication method (without changes of server side by allowing old removed methods)?