i compile install nginx 1.4.4 and openssl 1.0.1h,after install i generate .pem and .key file and put them under conf directory,when i want to start it shows something was wrong.
nginx$ sbin/nginx
nginx: [emerg] PEM_read_bio_X509("/home/work/nginx/conf/33iq.crt") failed (SSL:)
it only can see PEM_read_bio_X509 failed but no ssl error info,how to find out what is wrong with it?
openssl x509 -in /home/work/nginx/conf/33iq.crt -inform PEM -text -noout
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 9271295828916739212 (0x80aa426f5a249c8c)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=UN, ST=CD, L=sodaf, O=ser, OU=fas, CN=ea/emailAddress=abc#baidu.com
Validity
Not Before: Jul 14 10:12:12 2014 GMT
Not After : Jul 14 10:12:12 2015 GMT
Subject: C=UN, ST=CD, L=sodaf, O=ser, OU=fas, CN=ea/emailAddress=abc#163.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
...
eb:ce:5a:36:ae:ca:e8:26:2d
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
...
76:68
Related
I'm having issues with ssl certificate verification. When I am trying to send logs to the server to nginx, I get an error message that says:
Feb 14 21:38:53 username td-agent-bit[31178]: [2022/02/14 21:38:53] [error] [tls] /tmp/fluent-bit-1.8.12/src/tls/mbedtls.c:380 X509 - Certificate verification failed, e.g. CRL, CA or signature check
Feb 14 21:38:53 username td-agent-bit[31178]: [2022/02/14 21:38:53] [error] [output:http:http.0] no upstream connections available to 127.0.0.1:443
Feb 14 21:38:53 username td-agent-bit[31178]: [2022/02/14 21:38:53] [ warn] [engine] failed to flush chunk '31025-1644867441.221825565.flb', retry in 32 seconds: task_id=20, input=storage_backlog.6 > out
put=http.0 (out_id=0)
Feb 14 21:38:53 username td-agent-bit[31178]: [2022/02/14 21:38:53] [ info] [output:http:http.0] 127.0.0.1:443, HTTP status=200
Feb 14 21:38:53 username td-agent-bit[31178]: {"status":200}
Feb 14 21:38:54 username td-agent-bit[31178]: [2022/02/14 21:38:54] [error] [tls] /tmp/fluent-bit-1.8.12/src/tls/mbedtls.c:380 X509 - Certificate verification failed, e.g. CRL, CA or signature check
Feb 14 21:38:54 username td-agent-bit[31178]: [2022/02/14 21:38:54] [error] [output:http:http.0] no upstream connections available to 127.0.0.1:443
Feb 14 21:38:54 username td-agent-bit[31178]: [2022/02/14 21:38:54] [ warn] [engine] failed to flush chunk '31025-1644867401.174594241.flb', retry in 37 seconds: task_id=12, input=storage_backlog.6 > out
put=http.0 (out_id=0)
Feb 14 21:38:54 username td-agent-bit[31178]: [2022/02/14 21:38:54] [error] [tls] /tmp/fluent-bit-1.8.12/src/tls/mbedtls.c:380 X509 - Certificate verification failed, e.g. CRL, CA or signature check
Feb 14 21:38:54 username td-agent-bit[31178]: [2022/02/14 21:38:54] [error] [output:http:http.0] no upstream connections available to 127.0.0.1:443
Feb 14 21:38:54 username td-agent-bit[31178]: [2022/02/14 21:38:54] [ warn] [engine] failed to flush chunk '31025-1644867416.136883568.flb', retry in 12 seconds: task_id=15, input=storage_backlog.6 > out
put=http.0 (out_id=0)
Feb 14 21:38:54 username td-agent-bit[31178]: [2022/02/14 21:38:54] [error] [tls] /tmp/fluent-bit-1.8.12/src/tls/mbedtls.c:380 X509 - Certificate verification failed, e.g. CRL, CA or signature check
Feb 14 21:38:54 username td-agent-bit[31178]: [2022/02/14 21:38:54] [error] [output:http:http.0] no upstream connections available to 127.0.0.1:443
Feb 14 21:38:54 username td-agent-bit[31178]: [2022/02/14 21:38:54] [ warn] [engine] failed to flush chunk '31025-1644867481.167299560.flb', retry in 10 seconds: task_id=28, input=storage_backlog.6 > out
put=http.0 (out_id=0)
Feb 14 21:38:54 username td-agent-bit[31178]: [2022/02/14 21:38:54] [ info] [output:http:http.0] 127.0.0.1:443, HTTP status=200
Feb 14 21:38:54 username td-agent-bit[31178]: {"status":200}
Feb 14 21:38:55 username td-agent-bit[31178]: [2022/02/14 21:38:55] [error] [tls] /tmp/fluent-bit-1.8.12/src/tls/mbedtls.c:380 X509 - Certificate verification failed, e.g. CRL, CA or signature check
Feb 14 21:38:55 username td-agent-bit[31178]: [2022/02/14 21:38:55] [error] [output:http:http.0] no upstream connections available to 127.0.0.1:443
Feb 14 21:38:55 username td-agent-bit[31178]: [2022/02/14 21:38:55] [ warn] [engine] failed to flush chunk '31178-1644867522.155353155.flb', retry in 19 seconds: task_id=3, input=tail.2 > output=http.0 (
out_id=0)
Feb 14 21:38:55 username td-agent-bit[31178]: [2022/02/14 21:38:55] [ info] [output:http:http.0] 127.0.0.1:443, HTTP status=200
Feb 14 21:38:55 username td-agent-bit[31178]: {"status":200}
CRL, CA or signature verification failed, for some reason. Verification passes only after certain number of attempts.
How to fix it?
td-agent-bit.conf:
[SERVICE]
# Flush
# =====
# set an interval of seconds before to flush records to a destination
flush 5
# Daemon
# ======
# instruct Fluent Bit to run in foreground or background mode.
daemon Off
# Log_Level
# =========
# Set the verbosity level of the service, values can be:
#
# - error
# - warning
# - info
# - debug
# - trace
#
# by default 'info' is set, that means it includes 'error' and 'warning'.
log_level info
# Parsers File
# ============
# specify an optional 'Parsers' configuration file
parsers_file parsers.conf
# Plugins File
# ============
# specify an optional 'Plugins' configuration file to load external plugins.
plugins_file plugins.conf
# HTTP Server
# ===========
# Enable/Disable the built-in HTTP Server for metrics
http_server Off
http_listen 0.0.0.0
http_port 2020
# Storage
# =======
# Fluent Bit can use memory and filesystem buffering based mechanisms
#
# - https://docs.fluentbit.io/manual/administration/buffering-and-storage
#
# storage metrics
# ---------------
# publish storage pipeline metrics in '/api/v1/storage'. The metrics are
# exported only if the 'http_server' option is enabled.
#
# storage.metrics on
# storage.path
# ------------
# absolute file system path to store filesystem data buffers (chunks).
#
storage.path /tmp/fluent-bit-storage/
# storage.sync
# ------------
# configure the synchronization mode used to store the data into the
# filesystem. It can take the values normal or full.
#
storage.sync normal
# storage.checksum
# ----------------
# enable the data integrity check when writing and reading data from the
# filesystem. The storage layer uses the CRC32 algorithm.
#
storage.checksum off
# storage.backlog.mem_limit
# -------------------------
# if storage.path is set, Fluent Bit will look for data chunks that were
# not delivered and are still in the storage layer, these are called
# backlog data. This option configure a hint of maximum value of memory
# to use when processing these records.
#
storage.backlog.mem_limit 2M
[INPUT]
name tail
tag log.development.production
path /home/username/production.log
Buffer_Max_Size 2mb
Refresh_interval 5
Offset_Key offset
Path_Key path
storage.type filesystem
DB /tmp/production.db
DB.sync normal
DB.locking false
DB.journal_mode wal
# Read interval (sec) Default: 1
#interval_sec 1
[INPUT]
name tail
tag log.development.nginx
path /home/username/nginx.log
Buffer_Max_Size 2mb
Refresh_interval 5
Offset_Key offset
Path_Key path
storage.type filesystem
DB /tmp/nginx.db
DB.sync normal
DB.locking false
DB.journal_mode wal
# Read interval (sec) Default: 1
#interval_sec 1
[INPUT]
name tail
tag log.development.apache
path /home/username/apache.log
Buffer_Max_Size 2mb
Refresh_interval 5
Offset_Key offset
Path_Key path
storage.type filesystem
DB /tmp/apache.db
DB.sync normal
DB.locking false
DB.journal_mode wal
# Read interval (sec) Default: 1
#interval_sec 1
[INPUT]
name tail
tag log.development.syslog
path /home/username/syslog.log
Buffer_Max_Size 2mb
Refresh_interval 5
Offset_Key offset
Path_Key path
storage.type filesystem
DB /tmp/syslog.db
DB.sync normal
DB.locking false
DB.journal_mode wal
# Read interval (sec) Default: 1
#interval_sec 1
[INPUT]
name tail
tag log.development.postgres
path /home/username/postgres.log
Buffer_Max_Size 2mb
Refresh_interval 5
Offset_Key offset
Path_Key path
storage.type filesystem
DB /tmp/postgres.db
DB.sync normal
DB.locking false
DB.journal_mode wal
# Read interval (sec) Default: 1
#interval_sec 1
[INPUT]
name tail
tag log.development.zabbix
path /home/username/zabbix.log
Buffer_Max_Size 2mb
Refresh_interval 5
Offset_Key offset
Path_Key path
storage.type filesystem
DB /tmp/zabbix.db
DB.sync normal
DB.locking false
DB.journal_mode wal
# Read interval (sec) Default: 1
#interval_sec 1
[OUTPUT]
Name http
Match *
Host 127.0.0.1
Port 443
http_User fluentbit
http_Passwd fluentbit
tls on
tls.verify on
tls.debug 4
tls.ca_file /home/username/cert/ca_1/CA.pem
tls.crt_file /home/username/cert/ca_1/signed_certificates/server.crt
tls.key_file /home/username/cert/ca_1/signed_certificates/server.key
Format json
Header_tag header_tag_is_here
Header Location localhost
Retry_Limit no_limits
nginx.conf:
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl on;
ssl_certificate /home/username/cert/ca_1/signed_certificates/server.crt;
ssl_certificate_key /home/username/cert/ca_1/signed_certificates/server.key;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
server_name _;
location / {
proxy_pass http://localhost:3000/;
}
}
I have this new client which only can talk TLSv1.2 which communicate with a old service which can only talk TLSv1. It is about to be upgraded. It is an internal system without access to internet.
To solve the problem I have placed a Nginx proxy in between.
client =TLS1.2=> Nginx =TLSv1=> oldservice
Even with proxy_ssl_verify=off I get this error:
==> /var/log/nginx/ngx-error.log <==
2021/09/15 14:48:26 [error] 13231#0: *3 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 10.140.164.9, server: ngx.example.org, request: "GET /net/EXT/microservice.svc HTTP/1.1", upstream: "https://172.23.149.10:443/EXT/microservice.svc", host: "ngx.example.org"
If I on ngx.example.org run curl -v https://endp.example.org/EXT/microservice.svc I get this message:
* NSS error -8016 (SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED)
* The certificate was signed using a signature algorithm that is disabled because it is not secure.
* Closing connection 0
curl: (60) The certificate was signed using a signature algorithm that is disabled because it is not secure.
If I run curl --insecure it is working and this is the behavior I want Nginx to do.
My Nginx configuration:
server {
listen 80;
listen 443 ssl;
server_name ngx.example.org;
access_log /var/log/nginx/ngx-access.log;
error_log /var/log/nginx/ngx-error.log;
root /var/www/nginx/ngx;
ssl_protocols TLSv1.2;
ssl_certificate /etc/pki/nginx/private/ngx.example.org.crt;
ssl_certificate_key /etc/pki/nginx/private/ngx.example.org.key;
ssl_verify_client off;
proxy_ssl_server_name on;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#proxy_ssl_ciphers PSK-3DES-EDE-CBC-SHA;
location /net/ {
proxy_ssl_name endp.example.org;
proxy_ssl_server_name on;
proxy_ssl_verify off;
proxy_ssl_trusted_certificate /etc/pki/ca-trust/source/anchors/wsgw.root.ca.pem;
proxy_set_header Host endp.example.org;
proxy_set_header X_FORWARDED_PROTO https;
proxy_pass https://endp.example.org/;
}
}
Edit:
Here is the output from openssl without -tlsv1:
openssl s_client -connect endp.example.org:443
139801673865104:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1631880896
Timeout : 300 (sec)
Verify return code: 0 (ok)
Here is the output from openssl with -tlsv1:
openssl s_client -connect endp.example.org:443 -tls1
depth=0 CN = endp.example.org
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = endp.example.org
verify return:1
CONNECTED(00000003)
---
Certificate chain
0 s:/CN=endp.example.org
i:/CN=endp.example.org
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICIzCCAYygAwIBAgIQZs9VZsp/iZRC2rL+oYTf0DANBgkqhkiG9w0BAQQFADAc
...lines deleted
OS+ih0tnXEzJKqtSC52Z+zAIFWdEipA=
-----END CERTIFICATE-----
subject=/CN=endp.example.org
issuer=/CN=endp.example.org
---
No client certificate CA names sent
---
SSL handshake has read 694 bytes and written 363 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID: A01E00002B40C49CA7D7CD8EE73A9FB8DF44BF155300CDFCC98712657F697F88
Session-ID-ctx:
Master-Key: A90284275AA0067A47836A269592213E419F5286E0D30EA38F1094B50536F67913FCE7BA5D43025D1AC7FBDCA769FBE4
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1631862396
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
Content of certificate:
$ openssl x509 -in endp.example.org.crt -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
66:cf:55:66:ca:7f:89:94:42:da:b2:fe:a1:84:df:d0
Signature Algorithm: md5WithRSAEncryption
Issuer: CN=endp.example.org
Validity
Not Before: Nov 9 11:08:50 2010 GMT
Not After : Dec 30 23:00:00 2030 GMT
Subject: CN=endp.example.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:eb:ea:04:f0:53:87:26:b5:19:13:c6:a5:7b:27:
75:7e:f5:9a:84:74:59:d3:ec:0d:40:42:78:a4:c6:
1b:42:b2:50:19:3e:90:7b:20:73:f4:71:b8:3b:c3:
b3:dd:84:94:78:64:64:ac:5c:dc:a3:e4:8c:36:10:
32:ec:12:90:89:6c:e9:44:0e:fb:2e:84:0f:df:16:
c2:ae:b8:2c:d6:d0:73:b3:cf:4b:f8:56:91:e6:30:
c1:15:34:9f:70:6d:e1:e9:33:de:d6:9b:4d:2e:c8:
03:7b:eb:ed:6b:9c:8e:0b:80:a2:ef:29:5f:18:4e:
bf:e3:9a:81:e3:57:ae:c5:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication
2.5.29.1:
0D....M..w....T..."...0.1.0...U....endp.example.org..f.Uf....B.......
Signature Algorithm: md5WithRSAEncryption
83:a7:c9:cf:a5:d3:91:78:65:d0:43:24:84:c5:77:62:be:ba:
52:db:7f:c6:ca:59:40:50:91:5f:48:fe:77:4a:94:26:36:23:
3a:82:6b:54:46:c1:a4:0d:bd:8f:96:bc:04:c8:54:f7:74:94:
83:3a:9e:71:61:8c:d4:a0:77:be:fc:50:e8:3f:12:a3:00:01:
9d:d6:06:a0:77:c2:84:24:96:03:c1:6a:05:57:bb:5e:d0:47:
e5:ff:a9:6c:a1:e1:cc:a4:d0:4b:b0:9d:1b:0b:d4:39:2f:a2:
87:4b:67:5c:4c:c9:2a:ab:52:0b:9d:99:fb:30:08:15:67:44:
8a:90
Not a solution but a work-around: Use Apache
ServerName ngx.example.org:443
SSLEngine on
SSLProxyEngine on
SSLProxyVerifyDepth 0
SSLProtocol TLSv1.2
SSLProxyProtocol TLSv1
SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
SSLCertificateFile /etc/pki/nginx/private/ngx.example.org.crt
SSLCertificateKeyFile /etc/pki/nginx/private/ngx.example.org.key
DocumentRoot /var/www/httpd/ngx
CustomLog /var/log/httpd/ngx/access.log combined
ErrorLog /var/log/httpd/ngx/error.log
ProxyPass "/net/" "https://endp.example.org/"
I have a WebSocket which works good over WebSocket protocol, but I can not switch to WebSocketSecure protocol, It doesn't generate any errors on server side, client says error:141970DF:SSL routines:tls_construct_cke_psk_preamble:psk identity not found. The certificate was generated by certbot and is used of for https web site on same domain.
Server code:
QSslConfiguration conf = server.sslConfiguration();
QFile * privkey =
new QFile{"/etc/letsencrypt/live/example.com/privkey.pem"};
privkey->open(QFile::ReadOnly);
conf.setCaCertificates(QSslCertificate::fromPath(
"/etc/letsencrypt/live/example.com/fullchain.pem"));
conf.setPrivateKey(QSslKey(privkey));
conf.setProtocol(QSsl::TlsV1_0);
server.setSslConfiguration(conf);
if (server.listen(QHostAddress::Any, 54045)) {
connect(
&server, &QWebSocketServer::newConnection, this,
&Server::onNewConnection);
connect(&server, &QWebSocketServer::closed, this, &Server::closed);
qDebug() << "server started";
}
The client code:
import QtQuick 2.13
import QtWebSockets 1.13
WebSocket {
active: true
url: "wss://example.com:54045"
}
Output of openSSL:
$ openssl s_client -connect example.com:54045
CONNECTED(00000003)
140623606740288:error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading:ssl/record/rec_layer_s3.c:302:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 325 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
I am configuring opendkim+postfix. It is working OK and sent messages are correctly signed but the incomming messages are all marked as dkim=fail reason="signature verification failed"
How con I debug this problem?
Return-Path: <sender#gmail.com>
Delivered-To: recipient#mydomain.com
Received: from localhost (mailserver [127.0.0.1])
by mydomain.com (Postfix) with SMTP id 4DDF93F966
for <recipient#mydomain.com>; Tue, 24 Oct 2017 13:56:43 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.11.0 mydomain.com 4DDF93F966
Authentication-Results: mydomain.com;
dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=#gmail.com header.b="jmdDmXQb"
Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=209.85.215.43; helo=mail-lf0-f43.google.com; envelope-from=sender#gmail.com; receiver=recipient#mydomain.com
DMARC-Filter: OpenDMARC Filter v1.3.2 mydomain.com 2DBE03F963
Authentication-Results: mail.mydomain.com; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: mail.mydomain.com; spf=pass smtp.mailfrom=sender#gmail.com
The syslog reports this which looks OK
Oct 24 14:08:39 mailz opendkim[3325]: 4A29F3F938: [209.85.215.45] [209.85.215.45] not internal
Oct 24 14:08:39 mailz opendkim[3325]: 4A29F3F938: not authenticated
Oct 24 14:08:39 mailz opendkim[3325]: 4A29F3F938: DKIM verification successful
But later it adds:
Oct 24 14:08:43 mailzener postfix/cleanup[3194]: 6CC243F95E: message-id=<CAMXuvOM+jKLkE=0FrQ+cSqFesmPQujpHoVsfH9G_URg9uYtm1g#mail.gmail.com>
Oct 24 14:08:43 mailzener opendkim[3325]: 6CC243F95E: no signing table match for 'sender#gmail.com'
Oct 24 14:08:43 mailzener opendkim[3325]: 6CC243F95E: bad signature data
My opendkim configuration file is this:
AutoRestart Yes
AutoRestartRate 10/1h
LogWhy Yes
Syslog Yes
SyslogSuccess Yes
Mode sv
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
#InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
SignatureAlgorithm rsa-sha256
Socket inet:8891#localhost
PidFile /var/run/opendkim/opendkim.pid
UMask 022
UserID opendkim:opendkim
TemporaryDirectory /var/tmp
OversignHeaders From
LogWhy Yes
X-Header yes
MilterDebug 9
ResolverTracing Yes
As you can see from the Queue ID 4A29F3F938 vs 6CC243F95E, these are two different mails.
4A29F3F938 is incoming and is verifying OK. 6CC243F95E is outgoing, and I guess opendkim tries to sign the mail. You need to elaborate on your processing of the mail in the lines inbetween :)
I am trying to connect to an SFTP but am getting the following error from Chilkat in the function sftp.Connect(hostname, port)...
DllDate: Dec 22 2010
UnlockPrefix: *
Username:
Component: .NET 2.0
SftpVersion: 0
hostname: ...
port: 22
ConnectTimeoutMs: 50000
calling ConnectSocket2
This is an IPV4 numeric address...
Connect using IPV4.
ipAddress: ...*
socketHandle: 0x804
ai_addrlen: 16
ai_addr: 0200 0016 4B7F 64D8 0000 0000 0000 0000
myIP_3: **.***.***.***
myPort_3: *****
connect successful.
Established TCP/IP connection with SSH server
clientIdentifier: SSH-2.0-PuTTY_Local:_May_11_2009_17:22:38
initialDataFromSshServer: SSH-2.0-0.0
serverVersion: SSH-2.0-0.0
KeyExchangeAlgs:
algorithm: diffie-hellman-group1-sha1
algorithm: diffie-hellman-group-exchange-sha1
algorithm: diffie-hellman-group14-sha1
HostKeyAlgs:
algorithm: ssh-dss
EncCS:
algorithm: aes256-cbc
algorithm: aes192-cbc
algorithm: aes128-cbc
algorithm: twofish-cbc
algorithm: blowfish-cbc
algorithm: 3des-cbc
algorithm: arcfour
EncSC:
algorithm: aes256-cbc
algorithm: aes192-cbc
algorithm: aes128-cbc
algorithm: twofish-cbc
algorithm: blowfish-cbc
algorithm: 3des-cbc
algorithm: arcfour
MacCS:
algorithm: hmac-sha1
algorithm: hmac-sha1-96
algorithm: hmac-md5
algorithm: hmac-md5-96
MacSC:
algorithm: hmac-sha1
algorithm: hmac-sha1-96
algorithm: hmac-md5
algorithm: hmac-md5-96
CompCS:
algorithm: zlib
algorithm: none
CompSC:
algorithm: zlib
algorithm: none
Encryption: 256-bit AES
Encryption: 256-bit AES
MAC: HMAC-SHA1
MAC: HMAC-SHA1
Compression: none
Compression: none
Key Exchange: DH Group Exchange SHA1
Host Key Algorithm: DSS
numBits: 160
pbits: 2048
Using GEX Group.
Sending KEX_DH_GEX_REQUEST...
pbits: 2048
Unexpected message received. Expected KEX_DH_GEX_GROUP.
msgType: 1
Failed.
I am primarily using the 4 functions to connect to SFTP
sftp.UnlockComponent(ChilkatKey);
sftp.Connect(hostname, port);
sftp.AuthenticatePw(username, password);
sftp.InitializeSftp();
What am I missing ?
Thanks for your help.
correct order should be like as yours:
sftp.UnlockComponent(ChilkatKey);
sftp.Connect(hostname, port);
sftp.AuthenticatePw(username, password);
sftp.InitializeSftp();
but after those guys, u need to call OpenDir and ReadDir(if you need to get files count on remote folder) methods like;
string handler = sftp.OpenDir("remote_path");
SFtpDir compassDir = sftp.ReadDir(handler);
to just download a file you don't need to call ReadDir but OpenDir must be called.
After the populating compassDir object you can get file count by;
int fileAmount = compassDir.NumFilesAndDirs
or you can download files by name like;
sftp.DownloadFileByName("local_path","Remote_path_with_file_name");
Sorry for the typo error.