Page 1 of 1

SFTP with Cerberus FTP

Posted: Tue Jun 18, 2013 10:26 am
by abccba
I am having issue with either RSA or DSA keys negotiation. I created pub and priv key on CerberusFTP server using Puttygen and copied privite key to the client computer. Associated public key with user ID on CerberusFTP. Tried use Filezilla and Winscp (imported privite keyor used Pageant with private RSA or DSA key) and can not connect. I am getting the following error: (CerberusFTP still in evaluation mode):

On the CerberusFTP side:

2013/06/18 09:07:08 [246] Incoming connection request on SSH interface 178 at
2013/06/18 09:07:08 [246] SSH FTP connection request accepted from
2013/06/18 09:07:08 [246] Client Identification: SSH-2.0-PuTTY_Local:_Jun_10_2013_20:52:54
2013/06/18 09:07:08 [246] Algorithm negotiation complete: Proceeding with key exchange
2013/06/18 09:07:08 [246] Kex: 'diffie-hellman-group-exchange-sha256' Host Key: 'ssh-rsa' C2S : 'aes256-cbc, hmac-sha1, none' S2C : 'aes256-cbc, hmac-sha1, none'
2013/06/18 09:07:08 [246] Unable to generate DH key: error:0507306F:Diffie-Hellman routines:DH_generate_key:non fips method
2013/06/18 09:07:08 [246] Unable to compute key for Kex reply
2013/06/18 09:07:08 [246] The client closed the connection
2013/06/18 09:07:08 [246] Connection terminated

On Filezilla client:

Status: Connecting to xxxxx...
Response: fzSftp started
Command: keyfile "C:\temp1\use1dsaconv.ppk"
Command: open "user1@xxxxx" 22
Error: Server sent disconnect message
Error: type 3 (key exchange failed):
Error: Could not connect to server

Client is on internal LAN for now. Only one interface - SFTP - is enabled.

Thank you.

Re: SFTP with Cerberus FTP

Posted: Tue Jun 18, 2013 9:44 pm
by Serin
It looks like you've enabled FIPS 140-2 mode. You will need to restart the underlying Cerberus FTP Server Windows Service after changing to FIPS mode.

Reboot the PC, or restart the Cerberus Windows Service (the actual service). That should resolve the error.

If you don't have a specific requirement for FIPS, I recommend disabling that mode.