Key Exchange Negotiation Failed

[DeshSa01]

Hi Folks,

I am using the latest NuGet package - 2023.0.1 in a .NET 6 console app. Below is the stack trace.

Code:

               var password = _encryptionManager.Decrypt(sftpSetting.EncryptedUserPassword);
                ConnectionInfo connectionInfo;
                var methods = new List<AuthenticationMethod>
                {
                    new PasswordAuthenticationMethod(sftpSetting.Username,password)
                };
                connectionInfo = new ConnectionInfo(sftpSetting.HostName, sftpSetting.Port, sftpSetting.Username, methods.ToArray());

                using (var sftpClient = new Renci.SshNet.SftpClient(connectionInfo))
                {
                    sftpClient.HostKeyReceived += (sender, e) =>
                    {
                        e.CanTrust = GetHostFingerPrint(sftpSetting).Equals(e.FingerPrintSHA256);
                    };
                    sftpClient.Connect();
                    sftpClient.UploadFile(fileStream, remotePath);
                    sftpClient.Disconnect();
                } 

Stack Trace:

Renci.SshNet.Common.SshConnectionException
HResult=0x80131500
Message=Key exchange negotiation failed.
Source=Renci.SshNet
StackTrace:
at Renci.SshNet.Security.KeyExchange.Finish()
at Renci.SshNet.Security.KeyExchangeECDH.Finish()
at Renci.SshNet.Session.MessageListener()
--- End of stack trace from previous location ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Renci.SshNet.Session.WaitOnHandle(WaitHandle waitHandle, TimeSpan timeout)
at Renci.SshNet.Session.Connect()
at Renci.SshNet.BaseClient.CreateAndConnectSession()
at Renci.SshNet.BaseClient.Connect()

Is there anything I can do to workaround this issue? Thank you!

EDIT:
To add to the scenario, I have no issues connecting and uploading using a WinSCP client with the same configuration used above.

[WojciechNagorski]

Could you describe what server you are connecting to and what version. What type of device is this?

Can you connect to your server using the command line command with option -vv.
For example: ssh -vv user@address

Check whether the log does not contain sensitive information and paste it here.

[DeshSa01]

Hi @WojciechNagorski,
I am connecting from a windows machine to a SFTP server on the AWS cloud.
Below is the SSH log:

OpenSSH_for_Windows_8.6p1, LibreSSL 3.4.3
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug2: resolving "x.x.x.x" port 22
debug1: Connecting to x.x.x.x [1.1.1.1] port 22.
debug1: Connection established.
debug1: identity file C:\\Users\\user1/.ssh/id_rsa type -1
debug1: identity file C:\\Users\\user1/.ssh/id_rsa-cert type -1
debug1: identity file C:\\Users\\user1/.ssh/id_dsa type -1
debug1: identity file C:\\Users\\user1/.ssh/id_dsa-cert type -1
debug1: identity file C:\\Users\\user1/.ssh/id_ecdsa type -1
debug1: identity file C:\\Users\\user1/.ssh/id_ecdsa-cert type -1
debug1: identity file C:\\Users\\user1/.ssh/id_ecdsa_sk type -1
debug1: identity file C:\\Users\\user1/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file C:\\Users\\user1/.ssh/id_ed25519 type 3
debug1: identity file C:\\Users\\user1/.ssh/id_ed25519-cert type -1
debug1: identity file C:\\Users\\user1/.ssh/id_ed25519_sk type -1
debug1: identity file C:\\Users\\user1/.ssh/id_ed25519_sk-cert type -1
debug1: identity file C:\\Users\\user1/.ssh/id_xmss type -1
debug1: identity file C:\\Users\\user1/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.6
debug1: Remote protocol version 2.0, remote software version AWS_SFTP_1.1
debug1: compat_banner: no match: AWS_SFTP_1.1
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to sftp.x.x.x:22 as 'user1'
debug1: load_hostkeys: fopen C:\\Users\\user1/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512
debug2: MACs stoc: umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-rsa SHA256:xxxxxx
debug1: load_hostkeys: fopen C:\\Users\\user1/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'sftp.fpf.rbxd.ds' is known and matches the RSA host key.
debug1: Found key in C:\\Users\\user1/.ssh/known_hosts:5
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: C:\\Users\\user1/.ssh/id_rsa
debug1: Will attempt key: C:\\Users\\user1/.ssh/id_dsa
debug1: Will attempt key: C:\\Users\\user1/.ssh/id_ecdsa
debug1: Will attempt key: C:\\Users\\user1/.ssh/id_ecdsa_sk
debug1: Will attempt key: C:\\Users\\user1/.ssh/id_ed25519 ED25519 SHA256:OrZQ4XTOvvMa8J/HvEzqoElStKwg1cRaNZVJYq+lQUE
debug1: Will attempt key: C:\\Users\\user1/.ssh/id_ed25519_sk
debug1: Will attempt key: C:\\Users\\user1/.ssh/id_xmss
debug2: pubkey_prepare: done
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: password
debug1: Next authentication method: password

[Rob-Hague]

The error could indicate that e.CanTrust is being set to false in HostKeyReceived. Perhaps you could set a breakpoint there and check if that's the case?

[DeshSa01]

@Rob-Hague Yes, I did try that. It seems that there isn't an issue with the HostKey validation and e.CanTrust is indeed set to true before going back to .Connect() call.

I should have also mentioned in the main post, but the same SFTP configuration work with a winscp client, so we know that the config isn't an issue.

[Rob-Hague]

OK, unfortunately it's not easy from this point in. It sounds like the signature validation could be failing. You might be able to confirm that with a debug build and stepping through KeyExchange.ValidateExchangeHash(byte[], byte[]).

Alternatively if the server is internet-facing and you were willing to share the IP address/hostname, someone else could try that if they have time (it is failing before authentication happens so it does not require login details)