Exception: cryptographic algorithm is not supported

Apr 18, 2011 at 1:25 AM

I got an exception when connecting:

"The specified cryptographic algorithm is not supported on this platform."

In Session.cs file, line 595, within "internal void WaitHandle(WaitHandle waitHandle)" method.

Does it mean that my server's encryption method has not been supported by SSH.NET library yet?

Coz, if I use SharpSSH library, it works well.

Thank you.

This is my codes:

private void button1_Click(object sender, RoutedEventArgs e)
{
	var result = string.Empty;

	using (var client = new SshClient(_hostName, _userName, _password))
	{
		client.Connect();
		var cmd = client.RunCommand("ls");
		result = cmd.Result;
		client.Disconnect();
	}

	textBox1.Text = result;
}
Apr 18, 2011 at 2:05 AM

This is log from WinSCP, hope it useful:

. 2011-04-18 11:52:25.312 --------------------------------------------------------------------------
. 2011-04-18 11:52:25.406 Looking up host "001.test.com"
. 2011-04-18 11:52:25.578 Connecting to 1.111.11.11 port 22
. 2011-04-18 11:52:25.656 Waiting for the server to continue with the initialisation
. 2011-04-18 11:52:25.656 Detected network event
. 2011-04-18 11:52:25.765 Detected network event
. 2011-04-18 11:52:25.765 Server version: SSH-2.0-OpenSSH_5.0
. 2011-04-18 11:52:25.765 We believe remote version has SSH-2 ignore bug
. 2011-04-18 11:52:25.765 Using SSH protocol version 2
. 2011-04-18 11:52:25.765 We claim version: SSH-2.0-WinSCP_release_4.2.9
. 2011-04-18 11:52:25.765 Waiting for the server to continue with the initialisation
. 2011-04-18 11:52:25.765 Detected network event
. 2011-04-18 11:52:25.765 Doing Diffie-Hellman group exchange
. 2011-04-18 11:52:25.765 Waiting for the server to continue with the initialisation
. 2011-04-18 11:52:26.000 Detected network event
. 2011-04-18 11:52:26.140 Doing Diffie-Hellman key exchange with hash SHA-1
. 2011-04-18 11:52:26.203 Waiting for the server to continue with the initialisation
. 2011-04-18 11:52:26.265 Detected network event
. 2011-04-18 11:52:26.390 Host key fingerprint is:
. 2011-04-18 11:52:26.421 ssh-rsa 1024 00:48:50:c1:92:6a:a9:35:df:ac:3c:7e:ec:73:2c:6a
. 2011-04-18 11:52:26.437 Initialised AES-256 SDCTR client->server encryption
. 2011-04-18 11:52:26.437 Initialised HMAC-SHA1 client->server MAC algorithm
. 2011-04-18 11:52:26.437 Initialised AES-256 SDCTR server->client encryption
. 2011-04-18 11:52:26.437 Initialised HMAC-SHA1 server->client MAC algorithm
. 2011-04-18 11:52:26.437 Waiting for the server to continue with the initialisation
. 2011-04-18 11:52:26.593 Detected network event
! 2011-04-18 11:52:26.593 Using username "myname".
. 2011-04-18 11:52:26.593 Waiting for the server to continue with the initialisation
. 2011-04-18 11:52:26.640 Detected network event
. 2011-04-18 11:52:26.718 Waiting for the server to continue with the initialisation
. 2011-04-18 11:52:26.718 Detected network event
. 2011-04-18 11:52:26.718 Keyboard-interactive authentication refused
. 2011-04-18 11:52:26.718 Prompt (6, SSH password, , &Password: )
. 2011-04-18 11:52:26.718 Using stored password.
. 2011-04-18 11:52:26.718 Sent password
. 2011-04-18 11:52:26.718 Waiting for the server to continue with the initialisation
. 2011-04-18 11:52:27.062 Detected network event
. 2011-04-18 11:52:27.156 Access granted
. 2011-04-18 11:52:27.156 Waiting for the server to continue with the initialisation
. 2011-04-18 11:52:27.156 Detected network event
. 2011-04-18 11:52:27.156 Opened channel for session
. 2011-04-18 11:52:27.156 Waiting for the server to continue with the initialisation
. 2011-04-18 11:52:27.187 Detected network event
. 2011-04-18 11:52:27.187 Started a shell/command
. 2011-04-18 11:52:27.187 --------------------------------------------------------------------------

Coordinator
Apr 18, 2011 at 2:35 AM

Hi,

 

What version do yo use?

Is it 7537 ?

Since it loks like your server chooses AES-256 SDCTR as encryption which my client does not support.

The reason SharpSSH is probably working is becuase it defaults to different encryption.

 

Please try to use release version, which doesnot include support for new encryption algorithms and see if it works.

 

Thanks,

Oleg

Apr 18, 2011 at 3:42 AM

Hi mate,

I just tried both released one (6787) and the latest one (7537).

And got same result as my post above.

Seems that I need to wait for you implementation of AES-256 SDCTR. :D

Thanks.

Coordinator
Apr 18, 2011 at 1:44 PM

Hi,

 

I checked SharpSSH library and they dont use any AES-256 SDCTR specific encryption at all.

From what I tried to look, AES-256 SDCTR, looks like it should work as regular AES-256 CTR.

Also, the error message that it gives you ""The specified cryptographic algorithm is not supported on this platform." is not coming from my library so I suspect it coming from somewhere else.

 

If its possible and not a security risk, I can try to log on into that server, and see where it fails and what it does, and hopefully to fix it quickly, if its something in my library that I can do.

 

Thanks,

Oleg

Apr 18, 2011 at 11:53 PM

Sorry mate, the server is in my corporate network that cannot be accessed outside.

Or if you need, I can try to provide you any information for debugging?

Thanks, awesome library.

Apr 19, 2011 at 7:57 AM

Hello,

I get exactly the same error as jncodex except mine is stated in french (my system is in french).

System.PlatformNotSupportedException {"L'algorithme de chiffrement spécifié n'est pas pris en charge sur cette plateforme."}

My boss refused to give you access to our server, but I managed to reproduce the problem on virtual machines with Debian 5 and Ubuntu 10.04 or 10.10 with standard install (apt-get install openssh).

Hope this helps, thank you very much.

 

JMN

 

Coordinator
Apr 19, 2011 at 7:30 PM

jncodex,

 

No problem, I understand the security concerns. What I actually would like to know, if possible, what encryption/decryption protocols does your server support and in what order. Do get this information you can either run sshd in debug mode and then it will tell you that, or using the client to set a breakpoint in Session.cs file, line 1122 and see what type does it create and let me know if you can get this far. Also, can you provide me with the line of code where it throws you this exception, since this is not something that I do, so it mus be a system.

 

jmnicolas,

Also, can you let me know line of code where you get this exception?

I also use Ubuntu 10.10 and it works fine.

Can you tell what OS you using to run this code? As recently somebody reported to me that library failed in Windows XP.

 

As an example, this is what I would look at to determine what cyphers are supported by sshd when sshd running in debug mode:

ebug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

To get this output I run this : sudo /usr/sbin/sshd -d -d -d -p 2222 and then connected to port 2222 from other shell.

 

Thanks,

Oleg

 

 

 

Apr 20, 2011 at 7:35 AM

Hi,

I do not have permission to run "sudo /usr/sbin/sshd -d -d -d -p 2222" command from shell. I can only run some common commands.

And I just set the breakpoint at line 1122, but the Exception thown out befor reach this line.

        internal void WaitHandle(WaitHandle waitHandle)
        {
            var waitHandles = new WaitHandle[]
                {
                    this._exceptionWaitHandle,
                    waitHandle,
                };

            var index = EventWaitHandle.WaitAny(waitHandles);

            if (index < 1)
            {
                throw this._exception; ////////////////////////////////////////////// (Throw here~)
            }
            else if (index > 1)
            {
                this.SendDisconnect(DisconnectReasons.ByApplication, "Operation timeout");

                throw new SshOperationTimeoutException("Session operation has timed out");
            }
        }
I'm using Windows XP and Visual C# 2010 Express (with Symantec Firewall/Antivirus installed). Do you think it is the reason for that? I'll try to find a Windows 7 to test soon.
Apr 20, 2011 at 7:43 AM

My configuration : Windows XP pro SP3 with Visual Studio 2010 pro.

I made a test with my personnal machine with Windows 7 and it works fine.

So I guess the culprit is Windows XP. I will make further tests if needed (I'm root on the linux server).

Coordinator
Apr 20, 2011 at 12:58 PM

Thanks for updates,

 

So it looks like Windows XP causing the problems.

Unfortunatly I dont have any development XP machine here to test it myself.

 

So I guess I will have to add a requirement that it doesnt support Windows XP then :(:(.

Thanks,

Oleg

Apr 20, 2011 at 2:00 PM

It's a pity that you can't make it compatible with Windows XP, but I understand you can't support all architectures.

I'm still considering using this library as my C# code will run on a Windows Server 2008, but that would have been nice to be able to debug it on my XP machine.

Many thanks for your work and your fast answers.

Apr 20, 2011 at 8:37 PM

As you know I have the same problem. I think this is the problem http://stackoverflow.com/questions/3683277/aes-encryption-and-c . Once again thank for this great libary.

Coordinator
Apr 20, 2011 at 8:43 PM

Just got an idea.

If you using source code version, can you try this:

In file CipherAESCBC.cs to replace this line:

            this._algorithm = new System.Security.Cryptography.RijndaelManaged();

with this one:

this._algorithm = new Cryptography.Aes(keyBitsSize);

I think what happens is that Windows XP does not support this algorithm, so you can try to use custom implementation of it.

The only thing is its slower then Microsoft implementation, but if you going to deploy it to Windows 2008 server then you can put #define there and for debug mode use slow version and for production faster one.

Let me know if it works.

 

Thanks,

Oleg

Apr 21, 2011 at 12:34 AM

Confirmed.

  1. It doesn't work on Windows XP. Just tried on my Virtual Machine Win7, it works well.
  2. Then tried your idea ( this._algorithm = new Cryptography.Aes(keyBitsSize); ) on my XP, it doesn't work with same exception.

I then read the topic on the page (recommended by mladjenovic): http://stackoverflow.com/questions/3683277/aes-encryption-and-c .

That's should be the reason:


.NET doesn't have it's own crypto algorithms and uses Windows CryptoAPI (actually, RijndaelManaged was introduced to address this). And CryptoAPI in Windows XP until SP3 doesn't have AES implementation. – Eugene Mayevski 'EldoS Corp Sep 10 '10 at 9:49

@John: stuff that is in the framework is not always supported on all platforms. The classes will be there but calling the constructor or the Create method will throw an exception. For example the elliptic curve classes in System.Security.Cryptography are not supported in any version of XP, only on Windows Vista and higher. – GregS Sep 10 '10 at 12:23

 

Apr 21, 2011 at 6:41 AM

Same result as jncodex with this._algorithm = new Cryptography.Aes(keyBitsSize)

Microsoft is not doint its work here ...

Coordinator
Apr 21, 2011 at 1:18 PM

jncodex,

 

What exact error do you get in this case, since jmnicolas is right, there is no Microsoft involvement in second case that I gave you.

 

Thanks,

Oleg

May 4, 2011 at 10:01 AM

Hi there I hope this thread is not dead. It seems that RijndaelManaged is not the problem because it's managed and doesn't use platforms crypto api ,but  SHA256CrypthoServiceProvider does. So if you replace it with SHA256.Create() and it works on XP.

May 4, 2011 at 1:32 PM

SHA256.Create() works like a charm for me on Windows XP, I'm going to test it on my 2008 Server.

Thank you mladjenovic, you make my debugging really easier :)

May 5, 2011 at 12:54 AM

wow~ It works now on Windows XP. Great!

In "KeyExchangeDiffieHellmanGroupExchangeSha256.cs" file, repaced "new SHA256CryptoServiceProvider()" with "SHA256.Create()".

Cool. Thanks mate.

Jul 8, 2011 at 3:26 AM

It would be nice if the library could either make the decision based on the platform (XP vs W7, say), or at least if we could somehow set this in code (either on the constructor or as an attribute) so that we could add the platform check ourselves and set the proper call depending on the OS.  This would allow us to decide what to use for each platform at runtime instead of hardcoding one or the other in code.  

Is this something you would consider adding?

Coordinator
Jul 8, 2011 at 1:56 PM

What I am doing right now, is reimplementing all code needed for security, which seems to be a problem in XP, so it will not be depended on MSFT, this way it should work with XP, Silverlight, WindowsPhone and probably other platforms.

My hope is to finish it within next couple weeks.

Hope it will help.

 

Thanks,

Oleg

Jul 28, 2011 at 8:31 PM

Thanks, it will be really helpful if we can use the normal implementation without worrying wether the program is running on XP (still out there in large numbers) or Vista/Windows 7. Looking forward to when this is available.

 

Coordinator
Jul 29, 2011 at 2:21 PM

Hi,

 

If you can, please download latest source code and see if it works for you on Windows XP without any modifications.

Since I implemented some encryption libraries now internally, I use those, instead of MSFT one, which I know used to be a problem.

 

Thanks,

Oleg

Jul 29, 2011 at 4:31 PM

Hi, I just tried the latest source code and indeed, it's working fine for me unmodified on my XP Pro.  I haven't tried it yet on W7, but I will and hopefully it will also work fine unmodified. Thank you for this and keep up with the excellent work.

Idel.

Jul 31, 2011 at 6:37 AM

LESEN SIE DIESE WEITER Wie zu kleiden oder tragen eine Schuluniform <a href="http://www.romancearound.com/"> Kleider </ a> Code Mit Pins ?ffentliches Recht Schule <a href = "http://www .romancearound.com/bridesmaid-dresses-c-197.html "> Brautjunferkleider </ a> Code: Stil kann Kleiderordnungen regeln?