SFTP problem with the latest CentOS (7.3)

LITWINCZUK · October 17, 2017, 10:08am

Problem solved - updated to latest 11.19 and everything works now.

I have problem with the latest version of CentOS (v7.4.1708 (Core).

I have DOpus 11.15 x64 installed

I can't connect with SFTP to newly built server. (I never had problems with connecting to other SFTP servers)

-- versions of SSL + SSH

OpenSSL> version
OpenSSL 1.0.2k-fips 26 Jan 2017
[root@localhost html]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017

I can transfer files with WinSCP v5.7.3
I can transfer files with MobaXterm

When I trying connect with Dopus, I see:
-- linux /var/log/secure logs:

Oct 17 11:00:22 localhost sshd[4872]: error: kex protocol error: type 30 seq 1 [preauth]
Oct 17 11:00:22 localhost sshd[4872]: error: Received disconnect from 10.0.201.223 port 62270:2: Server protocol violation: unexpected SSH2_MSG_UNIMPLEMENTED packet [preauth]
Oct 17 11:00:22 localhost sshd[4872]: Disconnected from 10.0.201.223 port 62270 [preauth]

-- Dopus ftp logs:

Opening Connection 10.0.1.183:22
Server version: SSH-2.0-OpenSSH_7.4
Using SSH protocol version 2
We claim version: SSH-2.0-PuTTY_Directory_Opus
Server supports delayed compression; will try this later
Doing Diffie-Hellman group exchange
Disconnected: Server protocol violation: unexpected SSH2_MSG_UNIMPLEMENTED packet
SSH: Fatal: Disconnected: Server protocol violation: unexpected SSH2_MSG_UNIMPLEMENTED packet
Connection closed

As I see, this can be a problem due to old method of identification used by DOpus.
I found this article about this (2 years ago)
https://blog.nytsoi.net/2015/07/13/putty-kex-error
... and this point to the updates on the OpenSSL:
http://www.openssh.com/txt/release-6.9

Bugfixes

ssh(1), sshd(8): deprecate legacy SSH2_MSG_KEX_DH_GEX_REQUEST_OLD
message and do not try to use it against some 3rd-party SSH
implementations that use it (older PuTTY, WinSCP).

There are workaround on putty to use other auth methods but I don;t found this on DOpus config.

The fix was the following: In PuTTY, go to “Connection → SSH → Kex”. There, select “Diffie-Hellman group exchange” and move it to the bottom of the list, so it is not used. The connection should start working as normal again.

= How to connect with Opus via SFTP and use other authentication method (without changes of server side by allowing old removed methods)?

Jon · October 17, 2017, 10:34am

Opus 12 supports newer methods. There's no way to "enable" them in Opus 11.

LITWINCZUK · October 17, 2017, 11:35am

I have 11 only.

But- after upgrade to lastest version (11.15 -> 11.19) it's working now.

In that thread: SFTP no longer works for some servers
is writted:

Solved with the last 11.10.6 beta. Thanks

So I thought than in my 11.15 this must works. But - as I told, after update to 11.19 now I'm able to connect.
Problem solved.