0

I created a key with PuttyGen as shown below (and saved private and public key files):

enter image description here

I then used that key in CoreFTP setup: enter image description here I stopped/restarted CoreFTP.

I am able to Telnet to port 22 from the client machine.

I used the private key on the Advanced: SSH/Authentication "Private Key File" in WinSCP.

When I try to connect, WinSCP says "Server's host key is invalid". CoreFTP only shows two lines: 

connected
disconnected()

Also, I can't get any log file to be created from CoreFTP, even though I turned all logging on and gave it a file name.

In WinSCP, I also did a Tools/Cleanup and checked "Cahed host keys" and "Temporary Folders". I did a fresh install FileZilla client, and gives same erorr "Server's host key is invalid". So this indicates problem is on the server, not the client.

Was reading this post, but I cannot find any place in CoreFTP to specify a host private/public key pair. It does have a place for a certificate though.

I found this, which may be the source of the issue, but not sure how to correct it: enter image description here It was self-genereated with SHA and 2048 bits.

Client logs: 

WinSCP
. 2019-05-22 09:34:56.009 Looking up host "x.x.x.x" for SSH connection
. 2019-05-22 09:34:56.009 Connecting to x.x.x.x port 22
. 2019-05-22 09:34:56.013 We claim version: SSH-2.0-WinSCP_release_5.15.1
. 2019-05-22 09:34:56.026 Server version: SSH-2.0-CoreFTP-0.3.3
. 2019-05-22 09:34:56.026 Using SSH protocol version 2
. 2019-05-22 09:34:56.030 Doing Diffie-Hellman group exchange
. 2019-05-22 09:34:56.033 Doing Diffie-Hellman key exchange with hash SHA-256
. 2019-05-22 09:34:56.724 Server's host key is invalid
* 2019-05-22 09:34:56.770 (EFatal) Server's host key is invalid

SmartFTP
2019-05-22T14:28:47Z Resolving host name "x.x.x.x"
2019-05-22T14:28:47Z Connecting to x.x.x.x Port: 22
2019-05-22T14:28:47Z Connected to x.x.x.x.
2019-05-22T14:28:47Z SSH protocol version reply. Client Id: SSH-2.0-SmartFTP
2019-05-22T14:28:47Z SSH-2.0-CoreFTP-0.3.3
2019-05-22T14:28:47Z Starting SSH session. Remote Id: "SSH-2.0-CoreFTP-0.3.3"
2019-05-22T14:28:47Z Server Algorithm Suite
Key Exchange: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256
Server Host Key: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-dss,ecdsa-sha2-nistp521
Client to Server Encryption: aes128-ctr,aes192-ctr,aes256-ctr
Server to Client Encryption: aes128-ctr,aes192-ctr,aes256-ctr
Client to Server HMAC: hmac-sha2-256,hmac-sha2-512,hmac-sha2-384,hmac-sha1
Server to Client HMAC: hmac-sha2-256,hmac-sha2-512,hmac-sha2-384,hmac-sha1
Client to Server Compression: none,none
Server to Client Compression: none,none
2019-05-22T14:28:47Z Selected Algorithm Suite
Key Exchange: diffie-hellman-group-exchange-sha256
Server Host Key: ecdsa-sha2-nistp521
Client to Server Encryption: aes128-ctr
Server to Client Encryption: aes128-ctr
Client to Server HMAC: hmac-sha1
Server to Client HMAC: hmac-sha1
Client to Server Compression: none
Server to Client Compression: none
2019-05-22T14:28:47Z Client Algorithm Suite
Key Exchange: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp521,ecdh-sha2-nistp384,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,ext-info-c
Server Host Key: ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512,ssh-rsa,x509v3-ecdsa-sha2-nistp256,x509v3-ecdsa-sha2-nistp384,x509v3-ecdsa-sha2-nistp521,x509v3-rsa2048-sha256,x509v3-ssh-rsa
Client to Server Encryption: aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
Server to Client Encryption: aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
Client to Server HMAC: hmac-sha1,hmac-sha2-256,hmac-sha2-512
Server to Client HMAC: hmac-sha1,hmac-sha2-256,hmac-sha2-512
Client to Server Compression: zlib@openssh.com,none
Server to Client Compression: zlib@openssh.com,none
2019-05-22T14:28:47Z Key Exchange Algorithm: diffie-hellman-group-exchange-sha256
2019-05-22T14:28:47Z Invalid host key.
2019-05-22T14:28:47Z Exception. Error=0x80072745
NealWalters
  • 1,273
  • 7
  • 18
  • 39
  • Can you even start authentication (not complete authentication) to that server using any SSH client? -- Note that your problem has nothing to do with your private key - it's about server's key. What version of CoreFTP are you using? Do you have the latest one? What version of WinSCP and FileZilla? – Martin Prikryl May 22 '19 at 06:25
  • So far I've just tried the two clients, what other would you suggest? Everything was downloaded within the last month. WinSCP 5.15.1. Build 9407, FileZilla 3.42.1, and CoreFTP cannot find version, but .exe is dated 04/10/2019. So when it says "Server Hostkey is Invalid" - what does that mean? Does it mean it doesn't match a cached value? Does it mean a non-supported type of cert? How does it even know it's invalid? – NealWalters May 22 '19 at 14:05
  • Also posted in CoreFTP's forum, but no response yet. http://www.coreftp.com/forums/viewtopic.php?f=13&t=4024135&p=4043615&hilit=invalid#p4043615 Still in a trial before we buy it. – NealWalters May 22 '19 at 14:07
  • WinSCP doesn't have a server component, right? – NealWalters May 22 '19 at 14:10
  • Tried SmartFTP, it has click for more info, and says "The server has sent an invalid host key the client does not understand". Enable connection logging, and send log to support. Surely, I've just done something wrong on the server side that can easily be corrected. – NealWalters May 22 '19 at 14:25
  • Added WinSCP/SmartFTP logs to bottom of question above. – NealWalters May 22 '19 at 14:41
  • FileZilla and WinSCP share SSH implementation from PuTTY. So they tend to behave the same. But if even SmartFTP has the same problem, then it's most likely a server-side problem. – Martin Prikryl May 22 '19 at 17:19
  • I guess CoreFTP doesn't want our money. I tried CompleteFTP, and it worked within 5 minutes. – NealWalters May 22 '19 at 18:54

1 Answers1

-1

This a fail-safe mechanism built into SFTP and SSH to prevent man-in-the-middle attacks. You must verify and accept the server's certificate before the secure transfer can start.

If you are using the WinSCP command line utilities, you can use the /hostkey argument to specify the fingerprint of the CoreFTP server so it will automatically start the transfer without prompting.

Another option is to log in as the user who will be running the script, then establish a connection using the winscp command line. It should prompt you to accept the servers's key and keep this in user settings.

If you change servers, you will have to remember to re-trust, or update the client's settings of /hostkey.

JD Williams
  • 134
  • 3
  • I've seen the screen before asking to accept the certificate. But as I said, a clean installation of FileZilla is doing the same, and I tried to delete all cached items on WinSCP. I set up one userid/password, and I'm logging on with that in WinSCP and FileZilla; so not sure what you mean "log in as the user who will be running the script" (not sure what script you are referring to). I can look at command line options. But still not sure... – NealWalters May 21 '19 at 17:38
  • I tried winscp sftp://x.x.x.x /hostkey=C9:1A.etc... and it still says "Server's host key is invalid" – NealWalters May 21 '19 at 18:20
  • Still not working, any other ideas? – NealWalters May 21 '19 at 21:42
  • The OP's problem is not about verifying the host key. WinSCP/FileZilla are not even able to retrieve host key from the server. So this answer cannot help. – Martin Prikryl May 22 '19 at 06:26