@dkocher commented

Looks related to this issue: (http://forums.sun.com/thread.jspa?threadID=5393136). What is the selected cipher if you connect using

ssh -v

@dkocher commented

Supported ciphers by Cyberduck are (top has first priority, selection is depending on the match from the advertised ciphers from the server.

aes256-ctr
aes192-ctr
aes128-ctr
blowfish-ctr
aes256-cbc
aes192-cbc
aes128-cbc
blowfish-cbc
3des-ctr
3des-cbc

c86e7da commented

it looks like our cipher is aes128-cbc

excerpt:

debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

I wonder why it would seemingly stop after Cyberduck tries aes256-ctr?

Do you need more info from the ssh -v transcript?

Thank you..
Laura

ed284e3 commented

I have a similar problem connecting to a SunOS 5.10 server using sftp (Cyberduck Version 3.2.1 (4923)).
Is it possible to edit the cipher-priority-list in Cyberduck? The system wide open_ssh Ciphers list seems to be ignored by Cyberduck.

Grüsse aus dem Frankenland in Schweiz

             Wolfram

@dkocher commented

Replying to [comment:5 wschulze@…]:

I have a similar problem connecting to a SunOS 5.10 server using sftp (Cyberduck Version 3.2.1 (4923)).
Is it possible to edit the cipher-priority-list in Cyberduck? The system wide open_ssh Ciphers list seems to be ignored by Cyberduck.

Grüsse aus dem Frankenland in Schweiz

             Wolfram

No wen don't read the preferred priorities from the OpenSSH configuration.

@dkocher commented

Replying to [comment:5 wschulze@…]:

I have a similar problem connecting to a SunOS 5.10 server

I would need a public reachable server to replicate this issue. I suppose I need no account to debug the key negotation failure.

Cipher_aes128 commented

Same exact problem where I cannot connect to a server using SFTP since some change in Cyberduck some months ago. In my case, the cipher is different. Just now finding this support page as the lack of SFTP support prevents my use.

debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '75.126.144.70' is known and matches the RSA host key.

@dkocher commented

Replying to [comment:8 Cipher_aes128]:

Same exact problem where I cannot connect to a server using SFTP since some change in Cyberduck some months ago. In my case, the cipher is different. Just now finding this support page as the lack of SFTP support prevents my use.

debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '75.126.144.70' is known and matches the RSA host key.

Please post the output of ssh -vv that includes key negogiation debug information and/or give me a test account on the server.

@dkocher commented

Please reopen if you can supply the information above.