I've started working on an SFTP implementation. I get as far as the object creation but when I try to invoke ftpconnect, ftpsendfile or ftpsendfileex I get similar errors:
Error: 1426 LineNo: 193 Message: OLE error code 0x80131509: Unknown COM status code. Procedure: ftpconnect Details: 80131509: Unknown COM status code StackLevel: 5 LineContents: loSftpClient = loSftp.Connect(lcServer, INT(this.nFtpPort),lcUsername,lcPassword)
Error: 1429 LineNo: 268 Message: OLE IDispatch exception code 0 from wwDotNetBridge: Could not load file or assembly 'Renci.SshNet, Version=2016.0.0.0, Culture=neutral, PublicKeyToken=1cee9f8bde3db106' or one of its dependencies. The system cannot find the file specified... Procedure: ftpsendfileex Details: OLE IDispatch exception code 0 from wwDotNetBridge: Could not load file or assembly 'Renci.SshNet, Version=2016.0.0.0, Culture=neutral, PublicKeyToken=1cee9f8bde3db106' or one of its dependencies. The system cannot find the file specified.. StackLevel: 5 LineContents: llResult = this.oSFtp.UploadFile(FULLPATH(lcLocalTargetFile),lcFtpSourceFile)
Error: 1429 LineNo: 140 Message: OLE IDispatch exception code 0 from wwDotNetBridge: Could not load file or assembly 'Renci.SshNet, Version=2016.0.0.0, Culture=neutral, PublicKeyToken=1cee9f8bde3db106' or one of its dependencies. The system cannot find the file specified... Procedure: ftpsendfile Details: OLE IDispatch exception code 0 from wwDotNetBridge: Could not load file or assembly 'Renci.SshNet, Version=2016.0.0.0, Culture=neutral, PublicKeyToken=1cee9f8bde3db106' or one of its dependencies. The system cannot find the file specified.. StackLevel: 5 LineContents: llResult = this.oSFtp.UploadFileSimple(FULLPATH(lcSource),lcTarget, lcFtpServer, INT(this.nFtpPort), lcUsername, lcPassword)
As best I can tell, the renci.sshnet.dll is in the VFP path and unblocked. GetDotnetVersion() returns the following:
.NET Version: 4.0.30319.42000 file:///C:/RFC/WWDOTNETBRIDGE.DLL
Having said all that, I'm not convinced I have the proper server address from the 3rd party dev I'm working with but if the address was bad, wouldn't I get some other error message?
It sounds like the assembly is not loaded. Make sure it's in the path. Step through the code and look for where LoadAssembly is called in wwSFTP and check to see what there resulting error if any is. If same error check what FULLPATH() says for the DLL.
+++ Rick ---
Doing a little more sleuthing on this by using a command line sftp client as well as a GUI FTP client. It appears the underlying issue is I am getting back a response asking me to confirm I want to continue to connect. From that dialog I was able to get the actual IP address of the SFTP service and pop that into WS-FTP. WS-FTP then shows me this dialog:
I'm going to accept the public key and then try using wwSFTP again to connect to the same site.
I tried stepping through this and looked for the LoadAssembly call but it never comes. I get right up to the line below and as soon as I step into it an exception occurs and I'm in my catch block.
llResult = this.oSFtp.UploadFileSimple(FULLPATH(lcSource),lcTarget,; lcFtpServer,; INT(this.nFtpPort),; lcUsername, lcPassword)
Hmmm... yes you're right - the dependency is linked directly into wwDotnetBridge.dll now that I think about it. So it'll be there as long as the DLL is accessible to FoxPro via FoxPro path and unblocked (or installed).
+++ Rick ---
I didn't have the Renci DLL in the folder where the wwdotnetbridge lives, although it is in my VFP path. I copied it into the same folder, reset my environment and now I'm getting a bit farther along. I did have to completely restart my dev environment as it would not load the renci dll after the initial framework load.
Next comment.
When the ftpConnect method is called with an empty password,
loSftpClient = loSftp.Connect(lcServer, INT(this.nFtpPort),lcUsername,lcPassword)
I am getting this error:
String reference not set to an instance of a String. Parameter name: s"
lcPassword is being set to a null earlier in the method.
IF ISNULLOREMPTY(lcUserName)
lcUsername = this.cUsername
ENDIF
IF ISNULLOREMPTY(lcPassword)
lcPassword = this.cPassword
ENDIF
IF ISNULLOREMPTY(lcUserName)
lcUsername = null
ENDIF
IF ISNULLOREMPTY(lcPassword)
lcPassword = null
ENDIF
I changed the code to set user name and password to a single space and now I am getting this response:
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
So incremental progress continues to be made.
Based on my external connection attempts, I am assuming the timeout is occurring because the SFTP service is waiting on some response related to accepting the SSH key. How can I associate an SSH key with the wwSFTP instance/connection?
It's not supported at the moment - only username and password works.
However, I just added a quick fix to allow using keyfiles. You can download an update from:
You'll need wwdotnetbridge.dll and wwsftp.prg from the archive.
Once you've updated those set the cPrivateKeyFile property to the phyiscal file location. If this property is set it supercedes the password and is used instead of it. I do believe you still need a username though.
FWIW, I just quickly added this on my way out the door, but I believe that should work. Give it a try.
+++ Rick ---
Awesome, Rick! I've been casting about looking for other ways to get this done because the key file stuff didn't seem to be exposed. I will try this out and let you know how it goes.
Did you see my earlier comment about passing nulls? It didn't seem to like that.
Since I can't see under the hood here, what's the intention of the cPrivateKeyFile property? Is it going to be handled as a filetostr()?
OK. Here's the first result with the property set to the fully qualified path to the file.
Error: 1098
LineNo: 210
Message: Unable to load SFTP client. Key 'ENCRYPTED' is not supported.
Procedure: ftpconnect
Details:
StackLevel: 5
LineContents: ERROR "Unable to load SFTP client. " + this.oSftp.ErrorMessage
BTW I still had to put my change back for setting the password property to a single space as opposed to a null.
Any more thoughts, Rick?
Some more feedback for you. The client has given me a set of credentials so I can bypass, at least initially, the use of the SSH key. When I try ftpsendfile, I get back this error message:
Object reference not set to an instance of an object.
If I use ftpsendfileex, I get a message saying client not connected.
The private key file is accessed by the libary and sent to the server as a certificate. I don't know how it does that - that's part of SSH.NET which handles the interaction. You provide the key file and it loads the key as a binary and then the SSH protocol navigates the encryption.
I'm not sure about the error - I don't have a good way of testing this since I don't have a server I can connect to with a private key file. I'm still on Vacation for a couple more days so it'll take me some time to get back to this...
+++ Rick ---
Sorry, Rick! I didn't realize you're on holiday.
The "Key 'ENCRYPTED' is not supported" seems to be the current stumbling block. In the meantime, the client has created a user/password combo for me to use and after getting my IT team to open up a custom port, I can use the wwSFTP library successfully. I would still like to get it working with the SSH keys so when you have some time upon your return, let me know.
Thanks again and enjoy the rest of your holiday.
Another comment for when you return from holiday. The ftpConnect method in wwFTP returns an integer value but the same method in wwSFTP returns a logical. A foolish consistency being the hobgoblin of little minds like mine, I feel compelled to point this out. 😃
That sounds like you're not passing a valid private key to the server. I believe that's a server response. I don't have a way to actually test this as I don't have an SSH server that works with a private key to test with.
+++ Rick ---
Ok so had another look at this and made some more modifications. A few things:
- Added
cPrivateKeyFilePasswordproperty to deal with passwords on key files - KeyFiles need to be OpenSSL private key files
- Changed behavior so both password and keyfile are supported
Updated documentation with an example:
And I've updated the experimental download:
With this updated code I can now use the Rebex sample server with a private key file (it works both with UID/Password and with uid/password/privatekeyfile).
Let me know how that works.
+++ Rick ---
Nice vacation...
I will try this out and let you know how it goes.
BTW is it OpenSSL or OpenSSH?
I'm hitting an error on this line:
loSftp.PrivateKeyFile = this.cPrivateKeyFile
`Error: 1426
LineNo: 203
Message: OLE error code 0x80020006: Unknown name.
Procedure: ftpconnect
Details: 80020006: Unknown name
StackLevel: 5
LineContents: loSftp.PrivateKeyFile = this.cPrivateKeyFile
`
Protected property?
Richard -
I believe that should be..
loSftp.cPrivateKeyFile
..with a leading 'c' character with 'PrivateKeyFile'
-- Mike McDonald
Software Design of Kentucky
Thanks for chiming in, Mike.
That was the first thing I thought of when I saw the code and had written up a response to that effect but I decided to test my theory first. If you put the loSFTP object in the watch window and expand it, you will see that very little is visible. I think Rick has to tweak the DLL to expose the underlying PrivateFile property or perhaps I've got the wrong version of the experimental DLL.
Did you update the files? You have to re-download.
The new DLL from 8/1 should have the PrivateKeyFile and PrivateKeyFilePassword properties in the DLL and the corresponding cPrivateKeyFile and cPrivateKeyFilePassword properties on the wwSFTP object.
Both files should be dated 8/1.
+++ Rick ---
I should have known better. Too many versions of the DLL. Testing with the right one now.
OK. Now I have to figure out how to get my private key file in the right format. The saga continues...
If it's a PutTyGen file (most likely) - use PutTyGen to convert the key to an OpenSSH key.
Yeah certificate security sucks - it's hard to understand and rarely well explained. In fact, I had to do a bunch of reading last night just to figure out how this is supposed to work. IAC, all you need is the ppk file in OpenSSH format from your server provider and the rest should just work.
I updated the docs some more with the reference for PutTyGen.
+++ Rick ---
So far I can't seem to get PutTyGen to convert the key to an unencrypted RSA format... < sigh >
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,7F26251164BD9CB3
That is an OpenSSH key right there...
Here's what the converted sample (local) Rebex server key looks like:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,CE5E0BE1E31A5583
Frk2Jd20Q1CK/bLyTf8gNGAqkky4Dmawp7qd1dQF0mkZllkkwkIBW3XjnjBsRbyd
wrYdH7/yJNIc599JOKXIu2NzN3A2kghsmacrDBeQjVOv7CZVTdDeFidTy95Rr1QL
AJWkvw6wB5+l3KmqsTSX3O6wz2bAjZUwtkuSsmJ5o82EOn0a6Suf+JbCUAzr4Li8
aqUxHO8On0Nah8lJpM6HCK3r5le0ARPUD9QEuKB/pA7bzEPvmLfqUXPhxPtaP/Hu
Vm8bmn3rErSltT5K8jgkIwZ+UTCrS4nCI1HgZC/zoVy5IuGYr86o8CTO+mYjgXoP
WlWdXgCmLhxvhxaO22SpOLIzRNLwB81eUjsqOum8kOvzhsCAmBLtKIGbFEPlWzCc
MKbLq1exivR+XPyElR+l82alFm+ey7Wg7l7Qx+uSYdKPtHJFPqF/FMKjBqRv4xD/
9usF9LcHBvHGLlisR9w7B+uBn5JE6CJUf2DZjtyJDk4UqdVw5BRNWU+ffgad9V3W
YEpBD0Of17575ecu9ql0VuP0YYmQzDRzP6ojTJcWTo6VfbrEF3rdiyqjmD5uTfRk
iuFv+wJTR6booNlM5uXCOjoWqoJblt+VRdkMVKMU/nB4ERAWf9AL0FtW48c3qUAQ
05Zz7bwxguWKCn0i80C08dk6ir2AEgUpyoBHxiEgjT5Jp85mHlfNzMvAHFVhiTMv
NDtSRYm1TsszZ1CQHF+1hl3ieSe33YX6Lj+Z+TB8NRvxNv+q+FL9dQSjdlOoCDlT
DzwZu+P8WwTTW7z0T9kxlgWRRO1roaAkHKsNStZgZG0xirEUvThni4eCQ4Z3oEUM
HlUFWPEKPGUido8ptzipjh3l9KeKtH5TVEDcxymj7FznF+jr0wyEtGw7G9kR/TZz
5vPdkKgwuA/pr1KJm/5lSGmJC3x+RoZVIToM5Znh6s9gMdQa+jraSQhQqS5ieVT4
pLSzo5RAobgs+w63suXrNEtF+E85x5b7GqESbd06a2kIa82ZgjHwdSP28BWHIp++
SjeHplZl430yV+Nq8nInqweJX8fwPPdfWJeH+yv/PRxpS6lb0awmg2qP5wsWuEyC
K403iGO4Lzg13vGzFXlIQhbRhrtagfPs/XKxYz2VS+4YLmoO5o5QJfJPI/RSBpX/
2Db4iCz5qA+ndDCOXZLOtt5lWQp8Sk6TKDyFyaudABxBpyXxDLXRMpPOPlNBP3Y9
P2nZotxJbzfNQrT+swTA/f/Zdnkrs24IC2tW2co4UDncszzGmxx8+uJwhIBTxVqi
cuSNWWrGfZ16h0gKKF2i0rFGD2C9hTcNEA0dg+AJnWHRPoqEhKItuB+rpvfCDJbG
MsCd2Lq7vPORHH30mBqFsVkq+A+nk0PtIAG3bIf1TbK7OnwhFRYPYRVA3fZCDBfx
+viGjcpJurSYao47FOF6Sl5zy7zzqZiiVy94pnoaZ7PjIuB4T4jhee4i3b31irTc
SOsra9s6y0aQUahnu/JOg/vlL0CtEVrQcqCqRq3acCQ01+txIme/AADl32AOp3B6
nMXRLc5zZLjTtcj1nvVGC6XTFrXHRewNKnapBSkOjXU2jU1eAdgpqA==
-----END RSA PRIVATE KEY-----
and that key works with the sample.
Most likely you need to experiment whether you need to send both password and private key or one or the other. In the sample code I use I have to send both password and private key file for it to work.
If they allow you to connect with password only most likely the key file requirement was removed.
+++ Rick ---
I do have one that looks like that. When I use that one, and I also submit the keyfile password, I get this error:
Invalid data type, INTEGER(02) is expected.
If I leave out the keyfile password I get this:
Private key is encrypted but passphrase is empty.
There is no user password for this particular account.
Sounds like your private key file needs a password. Set the cPrivateKeyFilePassword.
+++ Rick ---
That was the first use case I reported in my last comment. Setting the keyfile password results in that integer expected response.
Not sure. This is the FoxUnit test code I use for testing this:
************************************************************************
* UploadFileSimple
****************************************
*** Function:
*** Assume:
*** Pass:
*** Return:
************************************************************************
FUNCTION UploadFileWithPrivateKey()
loFtp = CREATEOBJECT("wwSftp")
loFtp.cFtpServer ="127.0.0.1"
loFtp.nFtpPort = 23
loFtp.cUsername = "tester"
loFtp.cPassword = "password"
loFtp.cPrivateKeyFile = "c:\utl\server-private-key-rsa_OPENSSL.ppk"
loFtp.cPrivateKeyFilePassword = "my-super-secure-password"
DELETE FILE "SENDFILETEST.ZZZ"
IF NOT FILE("SENDFILETEST.ZZZ")
lcBlob = ""
FOR i = 1 TO 255
lcBlob = lcBlob + CHR(i)
ENDFOR
lcBigBlob = REPLICATE(lcBlob,256)
FOR i = 1 TO 101
STRTOFILE(lcBigBlob,"SENDFILETEST.ZZZ",1)
ENDFOR
ENDIF
lcSourceFile = FULLPATH(".\SENDFILETEST.ZZZ") && "C:\installs\Distribution CD\Demos\wconnect.exe"
lcTargetFile = "SendFileTest_Fox_Simple.zzz"
BINDEVENT(loFtp,"OnFtpBufferUpdate",this,"BufferUpdate")
loFtp.FtpConnect()
lnResult = loFtp.FtpSendFileEx(lcSourceFile,lcTargetFile)
loFtp.FtpClose()
this.AssertTrue(lnResult == 0,loFtp.cErrorMsg)
ENDFUNC
* UploadFileWithPrivateKeyFile
using the Rebex test server (ie. you can try this yourself). The example is using the default configuration except for creating the OpenSSH ppk file.
I have no other way to test so beyond that I have no way to verify what you're seeing.
+++ Rick ---
Not quite apples to apples as the user account in my case does not have a password. So my use case is user only with keyfile and keyfile password.
I would be willing to send you my private key file and password and the connection details if that's an option.
Sure we can try that. Can you set up a self-contained PRG to run the example?
As for key file password you should just not set that if the value is empty. I don't get an error when I do that, but the connection fails because the key requires the password on my end.
+++ Rick ---
I think so. Will email you directly.
Took another look and while I can try to pass no private key password without errors and get a response back it also looks like the Rebex server doesn't do anything interesting with the private key - it doesn't seem to care what ppk I pass it always works, so it seems like it's completely ignoring the private key and just validating off the uid/pwd.
That leaves me in that place where I can't test effectively. The worst part is that I don't 100% understand what's required on the server or what the ppk sent should look like or where that's configured with this server.
Anyway, I can take a look with your server if you can get me some credentials and a known way to authenticate (admin should have SSH terminal commands that make it clear).
+++ Rick ---
My day job got in the way...
I've packaged everything up in the same folder and being a good dev, I tested first. Sadly, I get a timeout now instead of the invalid data type, which puzzles me greatly. Having said that, I am sending the whole thing your way in case your magic toolkit and experience can see something that I can't.
So I took a look and I can't connect to the server. Both password auth and key auth produce the same result so i think the issue doesn't have to do with authentication - it looks more like the client never reaches the server to communicate.
Make sure the domain and port for the SFTP server are correct.
The hang is about 20 seconds which means it's the default Windows TCP/IP timeout, and that usually means either there's a firewall issue or there's no remote server listening to SFTP requests on the server.
I tried connecting with just plain SSH and couldn't so there's something wrong with the server/port and SFTP server connection. It doesn't look there's an SSH connection at the other end.
Try running a manual SSH session with PutTy as described here:
https://www.uoguelph.ca/ccs/cwc/sftp-tunneling-over-ssh-putty
+++ Rick ---
Thanks for the details, Rick.
I have not been establishing a tunnel first, which I think is what you're recommending.
When I try a command line sftp test, I get this:
`psftp ge44aoxhawww6-master-7rqtwti--app@ssh.eu.platform.sh -i c:\winauct\dev\clients\xxxxxxxx\rfcopensshtest7.ppk
Unable to use key file "c:\winauct\dev\clients\xxxxxxxx\rfcopensshtest7.ppk" (OpenSSH SSH-2 private
key (new format))
Using username "ge44aoxhawww6-master-7rqtwti--app".
Fatal: Disconnected: No supported authentication methods available (server sent: publickey)
psftp ge44aoxhawww6-master-7rqtwti--app@ssh.eu.platform.sh -i c:\winauct\dev\clients
xxxxxxxx\rfcopensshtest8.ppk
Unable to use key file "c:\winauct\dev\clients\xxxxxxxx\rfcopensshtest8.ppk" (OpenSSH SSH-2 private
key (old PEM format))
Using username "ge44aoxhawww6-master-7rqtwti--app".
Fatal: Disconnected: No supported authentication methods available (server sent: publickey)`
However, when I use my full blown ftp client, I can connect:
`Finding Host ssh.eu.platform.sh ...
[2017.08.07 08:39:39.821] Connecting to 54.76.137.151:22
[2017.08.07 08:39:39.914] Connected to 54.76.137.151:22 in 0.093000 seconds, Waiting for Server Response
[2017.08.07 08:39:40.009] Server Welcome: SSH-2.0-Platform.sh
[2017.08.07 08:39:40.009] Client Version: SSH-2.0-WS_FTP-12.6-0
[2017.08.07 08:39:40.279] RSA Signature Verified
[2017.08.07 08:39:40.280] Session Keys Created
[2017.08.07 08:39:40.280] Ciphers Created
[2017.08.07 08:39:40.280] New Client->Server ciphers in place.
[2017.08.07 08:39:40.280] New Client->Server ciphers in place.
[2017.08.07 08:39:40.280] Completed SSH Key Exchange. New Keys in place.
[2017.08.07 08:39:40.373] Trying authentication method: "publickey"
[2017.08.07 08:39:41.483] User Authenticated OK!
[2017.08.07 08:39:41.483] Completed SSH User Authentication.
[2017.08.07 08:39:41.672] Started subsystem "sftp" on channel 0760a2ce
[2017.08.07 08:39:41.765] SFTP Protocol Version 3 OK
[2017.08.07 08:39:41.765] Server supports SFTP Extension: posix-rename@openssh.com
[2017.08.07 08:39:41.765] 31
[2017.08.07 08:39:41.765] Server supports SFTP Extension: statvfs@openssh.com
[2017.08.07 08:39:41.765] 32
[2017.08.07 08:39:41.765] Server supports SFTP Extension: fstatvfs@openssh.com
[2017.08.07 08:39:41.765] 32
[2017.08.07 08:39:41.765] Server supports SFTP Extension: hardlink@openssh.com
[2017.08.07 08:39:41.765] 31
[2017.08.07 08:39:41.765] Server supports SFTP Extension: fsync@openssh.com
[2017.08.07 08:39:41.765] 31
[2017.08.07 08:39:41.884] sftp protocol initialized
[2017.08.07 08:39:41.884] Changing remote directory to "/app/project/web/modules/custom/xxxxxxxx_import/import"
[2017.08.07 08:39:42.072] Getting Dirlisting
2017.08.07 08:39:42.355] # transferred 1105 bytes in 0.188 seconds, 47.021 kbps ( 5877.660 Bps), transfer succeeded.
`
WS-FTP has its own key store so I wonder if I have some kind of key mis-match.
I found a switch for verbose logging and reran the command line client again. It reported the following:
psftp ge44aoxhawww6-master-7rqtwti--app@ssh.eu.platform.sh -P 22 -v
-i rfcopensshtest8.ppk
Connecting to 54.76.137.151 port 22
We claim version: SSH-2.0-PuTTY_Release_0.70
Server version: SSH-2.0-Platform.sh
Using SSH protocol version 2
Doing ECDH key exchange with curve Curve25519 and hash SHA-256
Host key fingerprint is:
ssh-rsa 2048 f7:ab:b3:53:17:2e:47:97:e3:31:be:76:97:db:77:00
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA-256 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA-256 server->client MAC algorithm
Reading key file "rfcopensshtest8.ppk"
Unable to use this key file (OpenSSH SSH-2 private key (old PEM format))
Unable to use key file "rfcopensshtest8.ppk" (OpenSSH SSH-2 private key (old PEM format))
Using username "ge44aoxhawww6-master-7rqtwti--app".
Disconnected: No supported authentication methods available (server sent: publickey)
Fatal: Disconnected: No supported authentication methods available (server sent: publickey)
I generated a new private key at 1024 bits instead of 2048 and can now connect with command line psftp. Here's the log:
psftp ge44aoxhawww6-master-7rqtwti--app@ssh.eu.platform.sh -P 22 -v
-i rfcopensshtest9.ppk -pw *********
Connecting to 54.76.137.79 port 22
We claim version: SSH-2.0-PuTTY_Release_0.70
Server version: SSH-2.0-Platform.sh
Using SSH protocol version 2
Doing ECDH key exchange with curve Curve25519 and hash SHA-256
Host key fingerprint is:
ssh-rsa 2048 f7:ab:b3:53:17:2e:47:97:e3:31:be:76:97:db:77:00
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA-256 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA-256 server->client MAC algorithm
Reading key file "rfcopensshtest9.ppk"
Using username "ge44aoxhawww6-master-7rqtwti--app".
Offered public key
Offer of public key accepted
Authenticating with public key "imported-openssh-key"
Sent public key signature
Access granted
Opening session as main channel
Opened main channel
Started a shell/command
Connected to ssh.eu.platform.sh
Remote working directory is /app
psftp> bye
Sent EOF message
Server sent command exit status 0
Disconnected: All channels closed
But when I try the same thing with the WW library I get an invalid keyfile message. I'm sending you an updated zip file with the new private key.