Unable to compute key for Kex reply

Questions dealing with specific FTP clients and Cerberus FTP Server.
Post Reply
russds
New User
Posts: 5
Joined: Thu Mar 27, 2014 11:53 am

Unable to compute key for Kex reply

Post by russds » Thu Mar 27, 2014 12:04 pm

Hello, I've setup the Cerberus software, with basically all the defaults, and the server appears to be running fine. When I try to connect using either filezilla or winscp, i get this message on the server log:

Winscp:

Code: Select all


2014/03/27 08:37:54	 [20]	 Client Identification: SSH-2.0-WinSCP_release_5.5.1
2014/03/27 08:37:54 [20] Algorithm negotiation complete: Proceeding with key exchange
2014/03/27 08:37:54 [20] Kex: 'diffie-hellman-group-exchange-sha256' Host Key: 'ssh-rsa' C2S : 'aes256-ctr, hmac-sha2-256, none' S2C : 'aes256-ctr, hmac-sha2-256, none'
2014/03/27 08:37:55 [20] Unable to generate DH key: error:0507306F:Diffie-Hellman routines:DH_generate_key:non fips method
2014/03/27 08:37:55 [20] Unable to compute key for Kex reply
2014/03/27 08:37:55 [20] The client closed the connection
Filezilla:

Code: Select all


2014/03/27 08:59:28	 [24]	 Client Identification: SSH-2.0-PuTTY_Local:_Feb_11_2014_20:29:07
2014/03/27 08:59:28 [24] Algorithm negotiation complete: Proceeding with key exchange
2014/03/27 08:59:28 [24] Kex: 'diffie-hellman-group-exchange-sha256' Host Key: 'ssh-rsa' C2S : 'aes256-ctr, hmac-sha2-256, none' S2C : 'aes256-ctr, hmac-sha2-256, none'
2014/03/27 08:59:28 [24] Unable to generate DH key: error:0507306F:Diffie-Hellman routines:DH_generate_key:non fips method
2014/03/27 08:59:28 [24] Unable to compute key for Kex reply
2014/03/27 08:59:28 [24] The client closed the connection
I'm not too familiar with security settings, keys, certificates, and what not, but it appears both Clients are trying to use 'diffie-hellman-group-exchange-sha256' which Cerberus is rejecting? Is this assesment correct, and if so, does anyone know how to change the settings (server or client) so that I use another type of key exchange?

Thanks!

russds
New User
Posts: 5
Joined: Thu Mar 27, 2014 11:53 am

Re: Unable to compute key for Kex reply

Post by russds » Thu Mar 27, 2014 12:59 pm

Well, I'm not sure why or how, but restarting the server (the whole machine) seemed to do the trick. Now it's working fine.

User avatar
Serin
Site Administrator
Posts: 1785
Joined: Sat Jan 01, 2005 6:57 pm
Location: United States
Contact:

Re: Unable to compute key for Kex reply

Post by Serin » Mon Mar 31, 2014 11:33 am

Hello,

Yes, there is an issue with SSH SFTP connections after the first time you enable FIPS 140-2 that usually requires a service restart. You shouldn't have the issue again.

Post Reply