Why Filezilla in Ubuntu client could not connect to server anymore ?

dragonxi

Hi,

Filezilla messages:
could't agree key change algorithm
could not connect to server

Screen shot attached via email.

Filezilla from Ubuntu clients have
worked before this ok,
no Ubuntu no Filezilla updates.

How to proceed / get solved ?

Thanks in advance helping us!

peter

dragonxi We rolled out a security update on our SSH/SFTP configuration a couple of months ago to patch our servers against the Terrapin attack. This update removed some outdated/inferior key exchange algorithms (like, for example, Diffie-Hellman Group 1 SHA1).

If you're using an older version of FileZilla, it may offer some outdated key exchange methods, which are no longer supported on your Opalstack server.

Please update your FileZilla client to the latest version and try connecting again. If the problem persists, please contact our support team via email so we can assist you further without sharing user-specific details here in public.

dragonxi

peter

peter hi, which software
was involved in
the server when
the Filezilla client
failed to start sftp ?

OS ?
system software ?
algrithms ?
libraries ?
filezilla or similar server sftp software ?
and
which are their versions in the server ?

Thanks for the previous fast answer!

Thanks in advance for the server
software information
which helps us to
contemplate alternatives
to have a newer Filezilla client:
(1) new device ? smart phone ?
(2) new OS ? android ?

new traditional Ubuntu ?
new touch screen Ubuntu ?
(3) try to upgrade binary Filexilla client
(4) download and compile Filexilla client

How could we see the server upgrades
to be prepared for our edge device
hardware/software upgrades ?

In any case, well done the server
upgrade you made!

sean

dragonxi what changed were the SSL ciphers, key exchange algorithms, and message authentication codes accepted for SSH and SFTP. Both of these services work via the OpenSSH package on the server.

The OpenSSH package on the server is 7.4 (very old but fully patched via backports). The current aforementioned settings are:

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
MACs umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com

If you ensure that your operating system and SFTP software are all updated to their latest versions then these settings should not present any issues. If you're unable to update your own software and need us to modify these settings on your server then please email Opalstack support for assistance.

We're preparing a new status page that will make it easier for us to notify customers of changes like this in the future. Apologies for the inconvenience.