Hi all,

We have two smartphones, a Samsung S10 and a Samsung A53. On both phones
I installed a SSH server. ón my pc (Windows 10 Pro) I have an FTP
client, CuteFTP 9.3. With this client I can make a connection with the
A53 phone, after starting up the SSH server. Very easy!
However, with the S10 phone it won't work. The same SSH server, a
different user name and password. If I try to make a connection, there
is an error. This shows up in the client on the pc:

STATUS:> [04/02/2024 13:45:21] Getting listing ""...
STATUS:> [04/02/2024 13:45:21] Connecting to SFTP server...
192.168.1.160:2222 (ip = 192.168.1.160)...
ERROR:> [04/02/2024 13:45:22] Disconnect: key exchange failed.
ERROR:> [04/02/2024 13:45:22] Check security settings; make sure
that the username and password are correct, and that the chosen
encryption algorithms are supported by server.
STATUS:> [04/02/2024 13:45:22] Can't connect to 192.168.1.160:2222.
STATUS:> [04/02/2024 13:45:22] SFTP connection closed.

The user name and password is OK, no problem there. The chosen
encryption algorithms are the same on both phones, as the configuration
of the SSH servers on the phone is the same, apart from the user names
and passwords. But they are correct.

What may be wrong?

Many thanks in advance for your help.

With regards,
Fokke Nauta

Fokke Nauta <usenet@solfon.nl> wrote:

> We have two smartphones, a Samsung S10 and a Samsung A53. On both phones
> I installed a SSH server. ón my pc (Windows 10 Pro) I have an FTP
> client, CuteFTP 9.3. With this client I can make a connection with the
> A53 phone, after starting up the SSH server. Very easy!
> However, with the S10 phone it won't work. The same SSH server, a
> different user name and password. If I try to make a connection, there
> is an error. This shows up in the client on the pc:
>
> STATUS:> [04/02/2024 13:45:21] Getting listing ""...
> STATUS:> [04/02/2024 13:45:21] Connecting to SFTP server...
> 192.168.1.160:2222 (ip = 192.168.1.160)...
> ERROR:> [04/02/2024 13:45:22] Disconnect: key exchange failed.
> ERROR:> [04/02/2024 13:45:22] Check security settings; make sure
> that the username and password are correct, and that the chosen
> encryption algorithms are supported by server.
> STATUS:> [04/02/2024 13:45:22] Can't connect to 192.168.1.160:2222.
> STATUS:> [04/02/2024 13:45:22] SFTP connection closed.
>
> The user name and password is OK, no problem there. The chosen
> encryption algorithms are the same on both phones, as the configuration
> of the SSH servers on the phone is the same, apart from the user names
> and passwords. But they are correct.

Since the error says "key", perhaps the error is not about supported
ciphers, but about a certificate. To do sFTP, wouldn't the SSH server
need to have a certificate? Did you check Security -> Encryption &
Credentials to make sure the SSH install on your S10 phone added a
certificate (and compare to the A53 phone)?

https://smallstep.com/blog/use-ssh-certificates/

On 2/4/2024 8:04 AM, Fokke Nauta wrote:
> Hi all,
>
> We have two smartphones, a Samsung S10 and a Samsung A53. On both phones I installed a SSH server. ón my pc (Windows 10 Pro) I have an FTP client, CuteFTP 9.3. With this client I can make a connection with the A53 phone, after starting up the SSH server. Very easy!
> However, with the S10 phone it won't work. The same SSH server, a different user name and password. If I try to make a connection, there is an error. This shows up in the client on the pc:
>
> STATUS:>      [04/02/2024 13:45:21] Getting listing ""...
> STATUS:>      [04/02/2024 13:45:21] Connecting to SFTP server... 192.168.1.160:2222 (ip = 192.168.1.160)...
> ERROR:>       [04/02/2024 13:45:22] Disconnect: key exchange failed.
> ERROR:>       [04/02/2024 13:45:22] Check security settings; make sure that the username and password are correct, and that the chosen encryption algorithms are supported by server.
> STATUS:>      [04/02/2024 13:45:22] Can't connect to 192.168.1.160:2222.
> STATUS:>      [04/02/2024 13:45:22] SFTP connection closed.
>
> The user name and password is OK, no problem there. The chosen encryption algorithms are the same on both phones, as the configuration of the SSH servers on the phone is the same, apart from the user names and passwords. But they are correct.
>
> What may be wrong?
>
> Many thanks in advance for your help.
>
> With regards,
> Fokke Nauta

https://winscp.net/eng/index.php

One of the problems with your log, is it isn't detailed enough.

This tool has "Debug level 2", which may show a bit more information
about what OpenSSL is doing during TLS handshake. But since there is
no visual proof on this web page, I really doubt there will be
"meat" in this log either. It seems to report a few details
about crypto, but not everything. The error message is more detailed (maybe).

https://winscp.net/forum/viewtopic.php?t=22968

Filezilla is another potential tool.

I would tell you to use ssllabs server test for this, but
I don't think their offering is for anything but https:
and is not for sftp: . And in any case, ssllabs output
would not tell you about "Diffie Hellman length".

https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange

The problem is likely to be coming from an OpenSSL library
used to handle secure connections. The application developer
could in fact be as dumb as a post, when writing code for this.
Error descriptions do not necessarily need to percolate up
the stack and be printed on the screen in an intelligible manner.
For example "Connection Error" is about as much work as a
lazy programmer is required to do. That's the beauty of using
OpenSSL lib and not knowing how it works.

If the developers were forced to write their own SSL/TLS code,
there would be a richer log at default level.

I've had this problem at work. Some dopey application would
report "error 5" and I would ask the software developer
sitting in cubicle city "why is this error so terse?". And
one of them explained there are two error levels, and adding
about five lines of code gets the "original" error. This is the
level of care and attention required of developers -- to do a
superior job, errors must be allowed to percolate up, complete
with all the text describing what is wrong. You can't just be
printing "error 5" and be heading off for a coffee and donut.
"Do the work", is what I tell them. During this interval, I
actually wrote my own code, to see how hard it was to get
the detailed error message. Even I could manage to do it :-)
(Hobby programmer)

There are hooks for it.

https://stackoverflow.com/questions/44585974/openssl-debug-information-when-using-the-library

Paul

On 04/02/2024 17:23, VanguardLH wrote:
> Fokke Nauta <usenet@solfon.nl> wrote:
>
>> We have two smartphones, a Samsung S10 and a Samsung A53. On both phones
>> I installed a SSH server. ón my pc (Windows 10 Pro) I have an FTP
>> client, CuteFTP 9.3. With this client I can make a connection with the
>> A53 phone, after starting up the SSH server. Very easy!
>> However, with the S10 phone it won't work. The same SSH server, a
>> different user name and password. If I try to make a connection, there
>> is an error. This shows up in the client on the pc:
>>
>> STATUS:> [04/02/2024 13:45:21] Getting listing ""...
>> STATUS:> [04/02/2024 13:45:21] Connecting to SFTP server...
>> 192.168.1.160:2222 (ip = 192.168.1.160)...
>> ERROR:> [04/02/2024 13:45:22] Disconnect: key exchange failed.
>> ERROR:> [04/02/2024 13:45:22] Check security settings; make sure
>> that the username and password are correct, and that the chosen
>> encryption algorithms are supported by server.
>> STATUS:> [04/02/2024 13:45:22] Can't connect to 192.168.1.160:2222.
>> STATUS:> [04/02/2024 13:45:22] SFTP connection closed.
>>
>> The user name and password is OK, no problem there. The chosen
>> encryption algorithms are the same on both phones, as the configuration
>> of the SSH servers on the phone is the same, apart from the user names
>> and passwords. But they are correct.
>
> Since the error says "key", perhaps the error is not about supported
> ciphers, but about a certificate. To do sFTP, wouldn't the SSH server
> need to have a certificate? Did you check Security -> Encryption &
> Credentials to make sure the SSH install on your S10 phone added a
> certificate (and compare to the A53 phone)?
>
> https://smallstep.com/blog/use-ssh-certificates/

Thanks.

On both phones I could not find a certificate for the SSH server.

Fokke

On 04/02/2024 20:59, Paul wrote:
> On 2/4/2024 8:04 AM, Fokke Nauta wrote:
>> Hi all,
>>
>> We have two smartphones, a Samsung S10 and a Samsung A53. On both phones I installed a SSH server. ón my pc (Windows 10 Pro) I have an FTP client, CuteFTP 9.3. With this client I can make a connection with the A53 phone, after starting up the SSH server. Very easy!
>> However, with the S10 phone it won't work. The same SSH server, a different user name and password. If I try to make a connection, there is an error. This shows up in the client on the pc:
>>
>> STATUS:>      [04/02/2024 13:45:21] Getting listing ""...
>> STATUS:>      [04/02/2024 13:45:21] Connecting to SFTP server... 192.168.1.160:2222 (ip = 192.168.1.160)...
>> ERROR:>       [04/02/2024 13:45:22] Disconnect: key exchange failed.
>> ERROR:>       [04/02/2024 13:45:22] Check security settings; make sure that the username and password are correct, and that the chosen encryption algorithms are supported by server.
>> STATUS:>      [04/02/2024 13:45:22] Can't connect to 192.168.1.160:2222.
>> STATUS:>      [04/02/2024 13:45:22] SFTP connection closed.
>>
>> The user name and password is OK, no problem there. The chosen encryption algorithms are the same on both phones, as the configuration of the SSH servers on the phone is the same, apart from the user names and passwords. But they are correct.
>>
>> What may be wrong?
>>
>> Many thanks in advance for your help.
>>
>> With regards,
>> Fokke Nauta
>
> https://winscp.net/eng/index.php
>
> One of the problems with your log, is it isn't detailed enough.
>
> This tool has "Debug level 2", which may show a bit more information
> about what OpenSSL is doing during TLS handshake. But since there is
> no visual proof on this web page, I really doubt there will be
> "meat" in this log either. It seems to report a few details
> about crypto, but not everything. The error message is more detailed (maybe).
>
> https://winscp.net/forum/viewtopic.php?t=22968
>
> Filezilla is another potential tool.
>
> I would tell you to use ssllabs server test for this, but
> I don't think their offering is for anything but https:
> and is not for sftp: . And in any case, ssllabs output
> would not tell you about "Diffie Hellman length".
>
> https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
>
> The problem is likely to be coming from an OpenSSL library
> used to handle secure connections. The application developer
> could in fact be as dumb as a post, when writing code for this.
> Error descriptions do not necessarily need to percolate up
> the stack and be printed on the screen in an intelligible manner.
> For example "Connection Error" is about as much work as a
> lazy programmer is required to do. That's the beauty of using
> OpenSSL lib and not knowing how it works.
>
> If the developers were forced to write their own SSL/TLS code,
> there would be a richer log at default level.
>
> I've had this problem at work. Some dopey application would
> report "error 5" and I would ask the software developer
> sitting in cubicle city "why is this error so terse?". And
> one of them explained there are two error levels, and adding
> about five lines of code gets the "original" error. This is the
> level of care and attention required of developers -- to do a
> superior job, errors must be allowed to percolate up, complete
> with all the text describing what is wrong. You can't just be
> printing "error 5" and be heading off for a coffee and donut.
> "Do the work", is what I tell them. During this interval, I
> actually wrote my own code, to see how hard it was to get
> the detailed error message. Even I could manage to do it :-)
> (Hobby programmer)
>
> There are hooks for it.
>
> https://stackoverflow.com/questions/44585974/openssl-debug-information-when-using-the-library
>
> Paul

Thanks, Paul.
Thanks for the information.

I tried Filezilla, but that didn't work either.
On both phones the SSH server is configured in the same way. The only
differences are the user names and passwords. And I know these are correct.
So, what's actually wrong, I don't know.

Fokke

On 2/5/2024 6:59 AM, Fokke Nauta wrote:
> On 04/02/2024 20:59, Paul wrote:
>> On 2/4/2024 8:04 AM, Fokke Nauta wrote:
>>> Hi all,
>>>
>>> We have two smartphones, a Samsung S10 and a Samsung A53. On both phones I installed a SSH server. ón my pc (Windows 10 Pro) I have an FTP client, CuteFTP 9.3. With this client I can make a connection with the A53 phone, after starting up the SSH server. Very easy!
>>> However, with the S10 phone it won't work. The same SSH server, a different user name and password. If I try to make a connection, there is an error. This shows up in the client on the pc:
>>>
>>> STATUS:>      [04/02/2024 13:45:21] Getting listing ""...
>>> STATUS:>      [04/02/2024 13:45:21] Connecting to SFTP server... 192.168.1.160:2222 (ip = 192.168.1.160)...
>>> ERROR:>       [04/02/2024 13:45:22] Disconnect: key exchange failed.
>>> ERROR:>       [04/02/2024 13:45:22] Check security settings; make sure that the username and password are correct, and that the chosen encryption algorithms are supported by server.
>>> STATUS:>      [04/02/2024 13:45:22] Can't connect to 192.168.1.160:2222.
>>> STATUS:>      [04/02/2024 13:45:22] SFTP connection closed.
>>>
>>> The user name and password is OK, no problem there. The chosen encryption algorithms are the same on both phones, as the configuration of the SSH servers on the phone is the same, apart from the user names and passwords. But they are correct.
>>>
>>> What may be wrong?
>>>
>>> Many thanks in advance for your help.
>>>
>>> With regards,
>>> Fokke Nauta
>>
>> https://winscp.net/eng/index.php
>>
>> One of the problems with your log, is it isn't detailed enough.
>>
>> This tool has "Debug level 2", which may show a bit more information
>> about what OpenSSL is doing during TLS handshake. But since there is
>> no visual proof on this web page, I really doubt there will be
>> "meat" in this log either. It seems to report a few details
>> about crypto, but not everything. The error message is more detailed (maybe).
>>
>> https://winscp.net/forum/viewtopic.php?t=22968
>>
>> Filezilla is another potential tool.
>>
>> I would tell you to use ssllabs server test for this, but
>> I don't think their offering is for anything but https:
>> and is not for sftp: . And in any case, ssllabs output
>> would not tell you about "Diffie Hellman length".
>>
>> https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
>>
>> The problem is likely to be coming from an OpenSSL library
>> used to handle secure connections. The application developer
>> could in fact be as dumb as a post, when writing code for this.
>> Error descriptions do not necessarily need to percolate up
>> the stack and be printed on the screen in an intelligible manner.
>> For example "Connection Error" is about as much work as a
>> lazy programmer is required to do. That's the beauty of using
>> OpenSSL lib and not knowing how it works.
>>
>> If the developers were forced to write their own SSL/TLS code,
>> there would be a richer log at default level.
>>
>> I've had this problem at work. Some dopey application would
>> report "error 5" and I would ask the software developer
>> sitting in cubicle city "why is this error so terse?". And
>> one of them explained there are two error levels, and adding
>> about five lines of code gets the "original" error. This is the
>> level of care and attention required of developers -- to do a
>> superior job, errors must be allowed to percolate up, complete
>> with all the text describing what is wrong. You can't just be
>> printing "error 5" and be heading off for a coffee and donut.
>> "Do the work", is what I tell them. During this interval, I
>> actually wrote my own code, to see how hard it was to get
>> the detailed error message. Even I could manage to do it :-)
>> (Hobby programmer)
>>
>> There are hooks for it.
>>
>> https://stackoverflow.com/questions/44585974/openssl-debug-information-when-using-the-library
>>
>>     Paul
>
>
> Thanks, Paul.
> Thanks for the information.
>
> I tried Filezilla, but that didn't work either.
> On both phones the SSH server is configured in the same way. The only differences are the user names and passwords. And I know these are correct.
> So, what's actually wrong, I don't know.
>
> Fokke

What you need to do, is find one of these tools,
where you have control of "Debug Level" setting.
The debug level determines how informative any
log file will be.

Paul

On Sun, 4 Feb 2024 14:04:17 +0100, Fokke Nauta <usenet@solfon.nl>
wrote:

>Hi all,
>
>We have two smartphones, a Samsung S10 and a Samsung A53. On both phones
>I installed a SSH server. ón my pc (Windows 10 Pro) I have an FTP
>client, CuteFTP 9.3. With this client I can make a connection with the
>A53 phone, after starting up the SSH server. Very easy!
>However, with the S10 phone it won't work. The same SSH server, a
>different user name and password. If I try to make a connection, there
>is an error. This shows up in the client on the pc:

I don't know anything about SSH in this context but when I want to
access the file structure on my (Samsung) phone I connect it to my PC
by cable and use Windows File Manager to copy files in both
directions. No passwords or usernames required.

On 05/02/2024 18:12, Peter Johnson wrote:
> On Sun, 4 Feb 2024 14:04:17 +0100, Fokke Nauta <usenet@solfon.nl>
> wrote:
>
>> Hi all,
>>
>> We have two smartphones, a Samsung S10 and a Samsung A53. On both phones
>> I installed a SSH server. ón my pc (Windows 10 Pro) I have an FTP
>> client, CuteFTP 9.3. With this client I can make a connection with the
>> A53 phone, after starting up the SSH server. Very easy!
>> However, with the S10 phone it won't work. The same SSH server, a
>> different user name and password. If I try to make a connection, there
>> is an error. This shows up in the client on the pc:
>
> I don't know anything about SSH in this context but when I want to
> access the file structure on my (Samsung) phone I connect it to my PC
> by cable and use Windows File Manager to copy files in both
> directions. No passwords or usernames required.

Yes, that's also possible and that is what we are doing now with the S10
phone. But using the wifi is easier.

Fokke

On 05/02/2024 18:00, Paul wrote:
> On 2/5/2024 6:59 AM, Fokke Nauta wrote:
>> On 04/02/2024 20:59, Paul wrote:
>>> On 2/4/2024 8:04 AM, Fokke Nauta wrote:
>>>> Hi all,
>>>>
>>>> We have two smartphones, a Samsung S10 and a Samsung A53. On both phones I installed a SSH server. ón my pc (Windows 10 Pro) I have an FTP client, CuteFTP 9.3. With this client I can make a connection with the A53 phone, after starting up the SSH server. Very easy!
>>>> However, with the S10 phone it won't work. The same SSH server, a different user name and password. If I try to make a connection, there is an error. This shows up in the client on the pc:
>>>>
>>>> STATUS:>      [04/02/2024 13:45:21] Getting listing ""...
>>>> STATUS:>      [04/02/2024 13:45:21] Connecting to SFTP server... 192.168.1.160:2222 (ip = 192.168.1.160)...
>>>> ERROR:>       [04/02/2024 13:45:22] Disconnect: key exchange failed.
>>>> ERROR:>       [04/02/2024 13:45:22] Check security settings; make sure that the username and password are correct, and that the chosen encryption algorithms are supported by server.
>>>> STATUS:>      [04/02/2024 13:45:22] Can't connect to 192.168.1.160:2222.
>>>> STATUS:>      [04/02/2024 13:45:22] SFTP connection closed.
>>>>
>>>> The user name and password is OK, no problem there. The chosen encryption algorithms are the same on both phones, as the configuration of the SSH servers on the phone is the same, apart from the user names and passwords. But they are correct.
>>>>
>>>> What may be wrong?
>>>>
>>>> Many thanks in advance for your help.
>>>>
>>>> With regards,
>>>> Fokke Nauta
>>>
>>> https://winscp.net/eng/index.php
>>>
>>> One of the problems with your log, is it isn't detailed enough.
>>>
>>> This tool has "Debug level 2", which may show a bit more information
>>> about what OpenSSL is doing during TLS handshake. But since there is
>>> no visual proof on this web page, I really doubt there will be
>>> "meat" in this log either. It seems to report a few details
>>> about crypto, but not everything. The error message is more detailed (maybe).
>>>
>>> https://winscp.net/forum/viewtopic.php?t=22968
>>>
>>> Filezilla is another potential tool.
>>>
>>> I would tell you to use ssllabs server test for this, but
>>> I don't think their offering is for anything but https:
>>> and is not for sftp: . And in any case, ssllabs output
>>> would not tell you about "Diffie Hellman length".
>>>
>>> https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
>>>
>>> The problem is likely to be coming from an OpenSSL library
>>> used to handle secure connections. The application developer
>>> could in fact be as dumb as a post, when writing code for this.
>>> Error descriptions do not necessarily need to percolate up
>>> the stack and be printed on the screen in an intelligible manner.
>>> For example "Connection Error" is about as much work as a
>>> lazy programmer is required to do. That's the beauty of using
>>> OpenSSL lib and not knowing how it works.
>>>
>>> If the developers were forced to write their own SSL/TLS code,
>>> there would be a richer log at default level.
>>>
>>> I've had this problem at work. Some dopey application would
>>> report "error 5" and I would ask the software developer
>>> sitting in cubicle city "why is this error so terse?". And
>>> one of them explained there are two error levels, and adding
>>> about five lines of code gets the "original" error. This is the
>>> level of care and attention required of developers -- to do a
>>> superior job, errors must be allowed to percolate up, complete
>>> with all the text describing what is wrong. You can't just be
>>> printing "error 5" and be heading off for a coffee and donut.
>>> "Do the work", is what I tell them. During this interval, I
>>> actually wrote my own code, to see how hard it was to get
>>> the detailed error message. Even I could manage to do it :-)
>>> (Hobby programmer)
>>>
>>> There are hooks for it.
>>>
>>> https://stackoverflow.com/questions/44585974/openssl-debug-information-when-using-the-library
>>>
>>>     Paul
>>
>>
>> Thanks, Paul.
>> Thanks for the information.
>>
>> I tried Filezilla, but that didn't work either.
>> On both phones the SSH server is configured in the same way. The only differences are the user names and passwords. And I know these are correct.
>> So, what's actually wrong, I don't know.
>>
>> Fokke
>
> What you need to do, is find one of these tools,
> where you have control of "Debug Level" setting.
> The debug level determines how informative any
> log file will be.
>
> Paul

Thanks.

I'm gonna try.

Fokke