• BenPi
    0
    Hello!

    I'm trying to add a SFTP storage account and I receive the following error when I try to save it :
    There is no cipher supported by both: client and server

    Here's a excerpt of the console.log :

    2018-12-10 17:27:16,594 [CL] [1] ERROR - SFTP error. Code: ERROR_SSH_UNSUPPORTED_CIPHER, Server: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.11
    2018-12-10 17:27:16,602 [UI] [1] ERROR - Error on saving CloudBerryLab.Backup.Engine.Cloud.Connection.SFTPConnection account
    CloudBerryLab.Client.SFTPClient.SshException
    There is no cipher supported by both: client and server
       at aGR.a()
       at aGR.H()
       at aGR.A(aGr )
       at aGR.b()
       at aGq.A(agh )
       at agE.agF.MoveNext()
       at agE.A(ICancelable )
       at agE.Dj(String , SearchOption )
       at CloudBerryLab.Backup.Engine.Cloud.Connection.BaseConnection.GetAllBackupPaths(aCa root)
       at ek.A(BaseConnection , List`1& )
       at CloudBerryLab.Backup.Console.Dialogs.Account.EditStorageAccount.Apply(Boolean showErrorForAllPages)
    

    My remote server is a Ubuntu Linux server with OpenSSH with the following configuration :

    ### Harden SSH
    ### https://infosec.mozilla.org/guidelines/openssh
    # Supported HostKey algorithms by order of preference.
    HostKey /etc/ssh/ssh_host_ed25519_key
    HostKey /etc/ssh/ssh_host_rsa_key
    
    KexAlgorithms ,diffie-hellman-group-exchange-sha256
    Ciphers ,,,aes256-ctr,aes192-ctr,aes128-ctr
    MACs ,
    

    I've also tried to loosen it to the recommendations of Mozilla (see https://infosec.mozilla.org/guidelines/openssh) with the following configuration without success :

    HostKey /etc/ssh/ssh_host_ed25519_key
    HostKey /etc/ssh/ssh_host_rsa_key
    HostKey /etc/ssh/ssh_host_ecdsa_key
    
    KexAlgorithms ,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
    Ciphers ,,,aes256-ctr,aes192-ctr,aes128-ctr
    MACs ,,,hmac-sha2-512,hmac-sha2-256,
    

    So, would it be possible to configure or update the application to support modern and secure ciphers?

    Thank you!

  • BenPi
    0
    Hello again!

    I will add some precision to my last post: If it's not possible to configure it to support newer ciphers and that an update for supporting newer ciphers isn't planned for now (it would be a good thing though), can someone from the CloudBerry team tell me which ones are currently supported?

    Thanks!
  • MattAccepted Answer
    91
    We consider it as a legacy protocol and have stopped offering it to our customers

    We recommend Minio - self-hosted S3-compatible storage server. Should work much better than SFTP.

    Minio main website
    Minio documentation page
    Setup guide

    As for the ciphers, this thread might help: https://forum.cloudberrylab.com/discussion/comment/247

    In general, it all depends on the environment.
  • BenPi
    0
    Okay, thanks for the information!
bold
italic
underline
strike
code
quote
ulist
image
url
mention
reveal
youtube
tweet
Add a Comment