Opened 5 years ago
Closed 5 years ago
#12074 closed Bug report (rejected)
Inability to connect to ProFTPD via keyboard-interactive auth starting with FileZilla 3.46.1
Reported by: | jprostko | Owned by: | |
---|---|---|---|
Priority: | high | Component: | FileZilla Client |
Keywords: | keyboard-interactive, putty | Cc: | |
Component version: | Operating system type: | ||
Operating system version: |
Description
Hello,
Connecting to ProFTPD with FileZilla (all platforms), we have run into a connection error that only affects keyboard-interactive authentication. Doing a git bisect
on the PuTTY sources (which are utilized by FileZilla), we found that the problematic commit exists between PuTTY 0.70 and 0.71, and is precisely due to PuTTY commit 20a9bd5642ac66ae1190069989d33c5fcefe5672 ( https://git.tartarus.org/?p=simon/putty.git;a=commit;h=20a9bd5642ac66ae1190069989d33c5fcefe5672 ) from July 9, 2018. We have tried various PuTTY versions after the problematic commit, including head, and still have the problem connecting to ProFTPD. We have also tried upgrading ProFTPD to 1.3.7rc1, 1.3.7rc2, and the latest head, and the problem still persists when connecting to it with anything higher than FileZilla 3.46.0 or PuTTY 0.70 (testing done with psftp).
The error message that is returned is the following (this output is from psftp, but the same error comes through with Filezilla 3.46.1 and higher):
Keyboard-interactive authentication prompts from server: | Password: End of keyboard-interactive prompts from server Access denied FATAL ERROR: Remote side sent disconnect message type 11 (by application): "Unsupported protocol sequence"
For now, we have informed those accessing our systems to do one of the following workarounds:
1.) Roll back to FileZilla 3.46.0 or older (or PuTTY 0.70 or older if utilizing psftp)
2.) Use public key authentication via Pagent or saved key file within FileZilla
3.) Ensure PuTTY is installed, and uncheck the checkbox for 'Attempt "keyboard-interactive" auth (SSH-2)' under SSH->Auth so the connection falls back to password auth. Make sure to save this change to the Default Settings connection profile within PuTTY.
4.) Use a different SFTP client that is not affected in this way.
In summary:
A change in PuTTY at commit 20a9bd5642 resulted in an inability to connect to ProFTPD that wasn't previously present. Since FileZilla relies on the PuTTY libraries and those were recently upgraded for FileZilla version 3.64.1, this problem has now presented itself. It isn't clear (to me) if this is a bug in PuTTY itself or ProFTPD, but I thought I would start with filing a bug here to get started, since FileZilla is used heavily by those accessing our systems, and this problem will become quite problematic as more and more people upgrade their FileZilla clients.
(Also, I saw bug #12066, but have not been able to reproduce that issue on my end. I suspect that issue has to do with pulling in PuTTY changes, but may not be due to the exact commit mentioned in this ticket.)
Thank you for your assistance.
If needed, we have a test environment we can provide to the FileZilla team for troubleshooting/testing purposes.
It's a bug in your server's SFTP implementation, your server does not ignore the SSH_MSG_IGNORE message as it is supposed to do as per RFC 4253.
See also https://forum.filezilla-project.org/viewtopic.php?t=51875 for a similar report.
Please report this bug to your SFTP server vendor.