SFTP with Cerberus FTP

Questions dealing with specific FTP clients and Cerberus FTP Server.
Post Reply
abccba
Posts: 1
Joined: Tue Jun 18, 2013 10:13 am

SFTP with Cerberus FTP

Post by abccba » Tue Jun 18, 2013 10:26 am

I am having issue with either RSA or DSA keys negotiation. I created pub and priv key on CerberusFTP server using Puttygen and copied privite key to the client computer. Associated public key with user ID on CerberusFTP. Tried use Filezilla and Winscp (imported privite keyor used Pageant with private RSA or DSA key) and can not connect. I am getting the following error: (CerberusFTP still in evaluation mode):

On the CerberusFTP side:

2013/06/18 09:07:08 [246] Incoming connection request on SSH interface 178 at xxx.xxx.xxx.xxx
2013/06/18 09:07:08 [246] SSH FTP connection request accepted from xxx.xxx.xxx.xxx
2013/06/18 09:07:08 [246] Client Identification: SSH-2.0-PuTTY_Local:_Jun_10_2013_20:52:54
2013/06/18 09:07:08 [246] Algorithm negotiation complete: Proceeding with key exchange
2013/06/18 09:07:08 [246] Kex: 'diffie-hellman-group-exchange-sha256' Host Key: 'ssh-rsa' C2S : 'aes256-cbc, hmac-sha1, none' S2C : 'aes256-cbc, hmac-sha1, none'
2013/06/18 09:07:08 [246] Unable to generate DH key: error:0507306F:Diffie-Hellman routines:DH_generate_key:non fips method
2013/06/18 09:07:08 [246] Unable to compute key for Kex reply
2013/06/18 09:07:08 [246] The client closed the connection
2013/06/18 09:07:08 [246] Connection terminated

On Filezilla client:

Status: Connecting to xxxxx...
Response: fzSftp started
Command: keyfile "C:\temp1\use1dsaconv.ppk"
Command: open "user1@xxxxx" 22
Error: Server sent disconnect message
Error: type 3 (key exchange failed):
Error: Could not connect to server

Client is on internal LAN for now. Only one interface - SFTP - is enabled.

Thank you.

User avatar
Serin
Site Administrator
Posts: 1785
Joined: Sat Jan 01, 2005 6:57 pm
Location: United States
Contact:

Re: SFTP with Cerberus FTP

Post by Serin » Tue Jun 18, 2013 9:44 pm

It looks like you've enabled FIPS 140-2 mode. You will need to restart the underlying Cerberus FTP Server Windows Service after changing to FIPS mode.

Reboot the PC, or restart the Cerberus Windows Service (the actual service). That should resolve the error.


If you don't have a specific requirement for FIPS, I recommend disabling that mode.

Post Reply