- This topic is empty.
June 18, 2013 at 2:26 pm #30365abccbaParticipant
I am having issue with either RSA or DSA keys negotiation. I created pub and priv key on CerberusFTP server using Puttygen and copied privite key to the client computer. Associated public key with user ID on CerberusFTP. Tried use Filezilla and Winscp (imported privite keyor used Pageant with private RSA or DSA key) and can not connect. I am getting the following error: (CerberusFTP still in evaluation mode):
On the CerberusFTP side:
2013/06/18 09:07:08  Incoming connection request on SSH interface 178 at xxx.xxx.xxx.xxx
2013/06/18 09:07:08  SSH FTP connection request accepted from xxx.xxx.xxx.xxx
2013/06/18 09:07:08  Client Identification: SSH-2.0-PuTTY_Local:_Jun_10_2013_20:52:54
2013/06/18 09:07:08  Algorithm negotiation complete: Proceeding with key exchange
2013/06/18 09:07:08  Kex: ‘diffie-hellman-group-exchange-sha256’ Host Key: ‘ssh-rsa’ C2S : ‘aes256-cbc, hmac-sha1, none’ S2C : ‘aes256-cbc, hmac-sha1, none’
2013/06/18 09:07:08  Unable to generate DH key: error:0507306F:Diffie-Hellman routines:DH_generate_key:non fips method
2013/06/18 09:07:08  Unable to compute key for Kex reply
2013/06/18 09:07:08  The client closed the connection
2013/06/18 09:07:08  Connection terminated
On Filezilla client:
Status: Connecting to xxxxx…
Response: fzSftp started
Command: keyfile “C:temp1use1dsaconv.ppk”
Command: open “user1@xxxxx” 22
Error: Server sent disconnect message
Error: type 3 (key exchange failed):
Error: Could not connect to server
Client is on internal LAN for now. Only one interface – SFTP – is enabled.
Thank you.June 19, 2013 at 1:44 am #36712imported_SerinParticipant
It looks like you’ve enabled FIPS 140-2 mode. You will need to restart the underlying Cerberus FTP Server Windows Service after changing to FIPS mode.
Reboot the PC, or restart the Cerberus Windows Service (the actual service). That should resolve the error.
If you don’t have a specific requirement for FIPS, I recommend disabling that mode.
- You must be logged in to reply to this topic.