Opened 7 years ago
Closed 7 years ago
Last modified 5 years ago
#10958 closed Bug report (rejected)
SFTP stopped working in rev. 3.21.0
|Reported by:||Evandro||Owned by:|
|Component version:||Operating system type:|
|Operating system version:|
I have some servers using SFTP to access them.
After new update to Rev. 3.21.0 it stopped working.
The problem occurs on Login that don't even have a chance to type Password, then Timeout occurs.
It was necessary to downgrade to previous released revision.
Change History (21)
comment:1 by , 7 years ago
by , 7 years ago
comment:2 by , 7 years ago
|Status:||new → moreinfo|
Which SFTP server software (product and version) is the server running?
comment:3 by , 7 years ago
|Status:||moreinfo → new|
OpenSSH_6.2p2, OpenSSL 0.9.8j-fips 07 Jan 2009
comment:4 by , 7 years ago
Downgraded to 3.20.1, and I can connect to the sites, again.
comment:5 by , 7 years ago
|Priority:||high → blocker|
comment:6 by , 7 years ago
|Priority:||blocker → normal|
comment:7 by , 7 years ago
|Status:||new → moreinfo|
OpenSSH_6.2p2, OpenSSL 0.9.8j-fips 07 Jan 2009
That server is quite outdated. Both OpenSSH 6.2 and OpenSSL 0.9.8j contain several security vulnerabilities. Please update.
There's a good chance that the problem you are seeing is caused by a bug in this old OpenSSH version.
Do you still experience this issue with a more modern server?
comment:8 by , 7 years ago
comment:9 by , 7 years ago
|Status:||moreinfo → closed|
It's a bug in OpenSSH that has been fixed ages ago in OpenSSH 6.3p1.
In the version of OpenSSH you are using, support for the aes256-gcm@… cipher has been disabled, yet OpenSSH still includes it in its default cipher list.
comment:10 by , 7 years ago
for completeness (and google):
The workaround for the server (if you can't update) is adding a "Ciphers" line to /etc/ssh/sshd_config with the defaults (see man page) and omit all ciphers with @ symbol in it.
if you don't have control over the server config then your only workaround is downgrading filezilla and/or ask the server operator to fix the server.
comment:11 by , 7 years ago
Usually when software upgrade is done, it is recommended to be backward compatible software.
For the solution above, it is quite strange the recommendation to change the server, since this is under administrator properties and most of the cases it is impossible for clients to put a finger on it, even to reach the administrator for any chat.
Lets say who cares what software client we are using.
If the software client can not be backward compatible, it could die shortly due to "less" usage or specific servers revision.
It is sad such decision for client software with that high level to keep using older revision due to compatibility with legacy server as it is called so.
Anyway thanks for support.
comment:12 by , 7 years ago
FileZilla is fully compatible even with your old legacy server weren't it for a crippling bug in the server itself that breaks backwards compatibility.
Imagine you are asking your neighbor whether he speaks French, he reply's "Oui" only to then stare at you blankly if you henceforth speak to him in French.
There's really nothing I can do except to intentionally degrade performance for all users of FileZilla even if they are using a server proper. That would obviously be a bad idea.
comment:13 by , 7 years ago
FileZilla handles the "bug" in OpenSSH poorly. The user is shown "remote connection reset" and the initial impression is that there is a firewall issue.
I wish you would reconsider addressing this one of two ways.
- Add a fallback to allow connections with a different cipher if the initial cipher negotiation fails. This will allow Filezilla to continue working without modifying the server. Newer OpenSSH versions connect to "bad" OpenSSH servers without any workarounds. So when I can connect with SFTP through OpenSSH but not with Filezilla... who is the winner?
- Report a failure that the cipher negotiation failed and to upgrade the server or add a version check against OpenSSH 6.2 and older. However get ready for more reports. There are many SUSE Enterprise installations with this version and users that don't know how to upgrade.
comment:14 by , 7 years ago
The user is shown "remote connection reset"
That is what actually happens, the server just drops the connection like a hot potato.
Add a fallback to allow connections with a different cipher if the initial cipher negotiation fails.
Subject to fallback attacks. There is no multi-connection fallback protection in the SSH protocol. Just look at for example at RFC 7507 of the unrelated SSL/TLS protocol and the motivation behind this RFC.
Report a failure that the cipher negotiation failed
The cipher negotiation didn't fail, the server accepted the cipher.
comment:15 by , 7 years ago
I didn't mean fallback by adding a security vulnerability. Please don't be so quick to judge - or ignore other parts of my comment.
OpenSSH supports connections to its own "bad" 6.2 server in the latest version 7.3 client. I haven't taken the time to study the connection handshake to see what's going on, but the same method could be adopted into Filezilla.
comment:16 by , 7 years ago
I think it's far easier and also more productive (as it will also work with other clients) to convince your distribution to package a fixed version of OpenSSH that doesn't include unsupported ciphers in its key exchange message.
I had a look at the OpenSSH source when diagnosing this bug, writing a fix for this bug doesn't take more than 5 minutes.
comment:17 by , 7 years ago
After fetching the source code of OpenSSH 6.2p2, it just took me a mere 2 minutes to come up with this trivial patch:
diff -u openssh-6.2p2/myproposal.h openssh-6.2p2-fixed/myproposal.h --- openssh-6.2p2/myproposal.h 2013-01-09 06:12:19.000000000 +0100 +++ openssh-6.2p2-fixed/myproposal.h 2016-10-06 00:25:46.400011683 +0200 @@ -73,7 +73,9 @@ #define KEX_DEFAULT_ENCRYPT \ "aes128-ctr,aes192-ctr,aes256-ctr," \ "arcfour256,arcfour128," \ +#ifdef OPENSSL_HAVE_EVPGCM "firstname.lastname@example.org,email@example.com," \ +#endif "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ "aes192-cbc,aes256-cbc,arcfour,firstname.lastname@example.org" #ifdef HAVE_EVP_SHA256
comment:18 by , 7 years ago
This is not a severe bug in OpenSSL and other things (like scp from the command line) still work despite how the server is configured. FileZilla is the only tool I know of that doesn't work.
I understand you reluctance to make a change, but I would suggest re-thinking this one.
comment:19 by , 6 years ago
I agree with deezer.
SSH by command line, SCP, WINSCP, even old Filezilla works normally.
SSH server version you called "OLD" is the default for SUSE Enterprise 11 SP3.
I believe that, for the most of the clients, it is not possible to ask the network administrators to upgrade the SSH server version just because "new Filezilla version" is not working.
You, Filezilla developers, have been done a great job so far.
But you must accept that workaround is not a good one. You can't enforce that, it is not reasonable.
comment:20 by , 5 years ago
For SLES 11 SP3 mentioned above, it is now sufficient to just upgrade openssh to openssh-6.2p2-0.40.1 - which is available through the official update channel:
zypper ref zypper up openssh
Same problem. Co-worker experienced it, so I tested an SFTP site before upgrading (success), upgraded, and tried again (failure).