Verify that connection to Cygwin SFTP Server is encrypted

0

1

I must ensure that my flow is encrypted. I am on a Windows machine and I have installed a SFTP server via Cygwin.. I am using WinSCP as client. And I am developing another client in C#. Everything works correctly but I am not sure that encryption is enabled.

In my sshd_config I don't have any list of ciphers as reported here (under Ciphers).

In my /etc/sshd_config file I have this

#Ciphers and keying
#RekeyLimit default none

Just this.. I don't have any cipher... This is the first reason why I think that encryption is not enabled.

Another reason is that in the client I am developing I see a property:

CurrentServerEncryption = NULL

So it looks like I don't have any encryption.

Can anyone tell my please how to edit my sshd_config to enable ciphers or how can I check if ciphers are enabled?

Ciccio

Posted 2014-11-06T15:26:56.460

Reputation: 131

Use WireShark. This will allow you to verify the traffic is encrypted. – Ramhound – 2014-11-06T15:31:22.583

I have to transfer a file... I do not know wireshark.. How can I understand if is encrypted? Do you have a link for a guide? – Ciccio – 2014-11-06T15:36:09.020

Answers

1

  • The block in the sshd_config, you refer to, is all commented-out (the starting #). So the defaults apply. The default for the Ciphers does not include the none cipher, so the server does not allow unencrypted connections. Note that the standard build of OpenSSH does not even allow you to enable the none encryption. You would have to recompile OpenSSH.
    See How can I disable encryption on openssh?

  • WinSCP does not allow the none cipher either.
    See https://winscp.net/eng/docs/ui_login_ssh
    So if you can connect with WinSCP, the connection is encrypted.

  • In WinSCP log, you can see the negotiated cipher:

    . 2014-11-06 16:41:26.328 Initialised AES-256 SDCTR client->server encryption
. 2014-11-06 16:41:26.328 Initialised HMAC-SHA-256 client->server MAC algorithm
. 2014-11-06 16:41:26.328 Initialised AES-256 SDCTR server->client encryption
. 2014-11-06 16:41:26.328 Initialised HMAC-SHA-256 server->client MAC algorithm

  • Regarding the CurrentServerEncryption: I assume you refer to SSH.NET Session.ConnectionInfo.CurrentServerEncryption, right?
    Are you reading the value AFTER you have connected to the server? Also note that even, if the connection is unencrypted, the value should read "none", not NULL. The NULL likely indicates the cipher has not been selected yet (connection is not opened).

Martin Prikryl

Posted 2014-11-06T15:26:56.460

Reputation: 13 764

Asked: 2014-11-06T15:26:56.460

Viewed: 755 times

Active: 2017-02-27T18:31:25.847