SFTP Server Validation Issue

Question

I'm evaluating the EDTftp/PRO package, mainly for the SFTP capabilities, and have run into an issue with ServerValidation.

In the below code, when I change the ServerValidation type to none, and comment out the knownhosts property, I can connect and upload to the server. When I have the ServerValidation set to Auto or AutoNoName, with the known_hosts file, I get the exception below. The known_hosts file has an entry for the machine, and it works when I ssh through cygwin. Any thoughts would be outstanding.

Thanks

Code

_sftp.ServerAddress = "machine";
_sftp.ServerPort = 22;
_sftp.UserName = "user";
_sftp.Password = "passphrase";
_sftp.Protocol = EnterpriseDT.Net.Ftp.FileTransferProtocol.SFTP;
_sftp.ServerValidation = EnterpriseDT.Net.Ftp.SecureFTPServerValidationType.AutomaticNoNameCheck;
_sftp.KnownHosts.KnownHostsFile = @"C:\cygwin\home\junodaa\.ssh\known_hosts";
_sftp.ClientPrivateKeyFile = @"C:\cygwin\home\junodaa\.ssh\id_dsa";
_sftp.AuthenticationMethod = EnterpriseDT.Net.Ssh.AuthenticationType.PublicKey;
_sftp.Timeout = 1500;

Exception

{"Authentication failure" }
[EnterpriseDT.Net.Ftp.Ssh.SFTPException]: {EnterpriseDT.Net.Ftp.Ssh.SFTPException}
System.Object: {EnterpriseDT.Net.Ftp.Ssh.SFTPException}
_className: null
_COMPlusExceptionCode: -532459699
_exceptionMethod: <undefined value>
_exceptionMethodString: null
_helpURL: null
_HResult: -2146232832
_innerException: { }
_message: "Authentication failure"
_remoteStackIndex: 0
_remoteStackTraceString: null
_source: null
_stackTrace: {System.Array}
_stackTraceString: null
_xcode: -532459699
_xptrs: 0
HelpLink: null
HResult: -2146232832
InnerException: { }
Message: "Authentication failure"
Source: "edtFTPnetPRO"
StackTrace: " at EnterpriseDT.Net.Ftp.Ssh.SSHFTPClient.Connect()\r\n at EnterpriseDT.Net.Ftp.SecureFTPConnection.Connect()\r\n at SFTPTest.Form1.Form1_Load(Object sender, EventArgs e) in c:\\projects\\eb\\prototypes\\sftptest\\form1.cs:line 109"
TargetSite: {System.Reflection.RuntimeMethodInfo}

Answer 1

It all looks sensible. Does the log file reveal anything useful? Could you post a snippet that looks relevant?

Answer 2

Which log are you speaking of? The server log does not show anything out of the ordinary that I can see. Does the component offer escalated logging that I haven't seen yet?

Thanks

It all looks sensible. Does the log file reveal anything useful? Could you post a snippet that looks relevant?

Answer 3

Yes, in the help you'll find a howto topic on logging.

Does the component offer escalated logging that I haven't seen yet?

Answer 4

A quick question while you are generating a log file - you are absolutely sure that AuthenticationMethod = EnterpriseDT.Net.Ssh.AuthenticationType.PublicKey is working with server validation set to none?

Answer 5

A quick question while you are generating a log file - you are absolutely sure that AuthenticationMethod = EnterpriseDT.Net.Ssh.AuthenticationType.PublicKey is working with server validation set to none?

Yes I am quite sure. Here is the output of the log, only changing the SecureFTPServerValidationType and knownhostsfile lines. I also pasted the begining of the link from known_hosts. I know that's working because from a cygwin prompt I am able to type ssh icebook -l user and I do not get asked to save a rsa footprint, nor do I get challenged for anything except the private passphrase.

icebook,172.20.241.90 ssh-rsa AAA
_sftp.ServerAddress = "icebook"

INFO [EnterpriseDT.Net.Ftp.Ssh.KnownHostsManager] 27 Sep 2006 07:57:06.046 : Reading known hosts file 'C:\cygwin\home\junodaa\.ssh\known_hosts'
INFO [EnterpriseDT.Net.Ftp.Ssh.KnownHostsManager] 27 Sep 2006 07:57:06.203 : Successfully read known hosts file 'C:\cygwin\home\junodaa\.ssh\known_hosts'
INFO [LicenseProperties] 27 Sep 2006 07:57:06.218 : Licence expiry date: 10/28/2006
INFO [LicenseProperties] 27 Sep 2006 07:57:06.218 : Trial license
INFO [LicenseProperties] 27 Sep 2006 07:57:06.218 : Licence expiry date: 10/28/2006
INFO [LicenseProperties] 27 Sep 2006 07:57:06.218 : Trial license
ERROR [EnterpriseDT.Net.Ftp.Ssh.SSHFTPClient] 27 Sep 2006 07:57:07.609 : No stored public key matches supplied public key


INFO [LicenseProperties] 27 Sep 2006 08:03:37.546 : Licence expiry date: 10/28/2006
INFO [LicenseProperties] 27 Sep 2006 08:03:37.546 : Trial license
INFO [LicenseProperties] 27 Sep 2006 08:03:37.546 : Licence expiry date: 10/28/2006
INFO [LicenseProperties] 27 Sep 2006 08:03:37.546 : Trial license
INFO [EnterpriseDT.Net.Ftp.Ssh.SSHFTPClient] 27 Sep 2006 08:03:38.062 : Waiting for SSH channel to be opened

Answer 6

Hmm, the other possibility is that the server is sending you a DSA public key, which won't match an RSA key. Your command line client may be configured to request RSA public keys only from the server.

In the client set RSA public keys only by doing this:

ftpConnection.PreferredHostKeyAlgorithms = SSHPublicKeyAlgorithm.RSA;

You could also add the server's DSA key to the known_hosts file so that no matter what key type is returned it should get validated.

I will make a note to add more information to the debug about the type of public key returned by the server.

Answer 7

That was it, the line forcing RSA handled it perfectly. Thank you very much.

Answer 8

The newest version (purchased) seems to decide this on it's own. Thanks alot for the timely new feature!