Error adding SSH storage account - There is no cipher supported by both: client and server

Hello!

I’m trying to add a SFTP storage account and I receive the following error when I try to save it :
There is no cipher supported by both: client and server

Here’s a excerpt of the console.log :

2018-12-10 17:27:16,594 [CL] [1] ERROR - SFTP error. Code: ERROR_SSH_UNSUPPORTED_CIPHER, Server: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.11
2018-12-10 17:27:16,602 [UI] [1] ERROR - Error on saving CloudBerryLab.Backup.Engine.Cloud.Connection.SFTPConnection account
CloudBerryLab.Client.SFTPClient.SshException
There is no cipher supported by both: client and server
   at aGR.a()
   at aGR.H()
   at aGR.A(aGr )
   at aGR.b()
   at aGq.A(agh )
   at agE.agF.MoveNext()
   at agE.A(ICancelable )
   at agE.Dj(String , SearchOption )
   at CloudBerryLab.Backup.Engine.Cloud.Connection.BaseConnection.GetAllBackupPaths(aCa root)
   at ek.A(BaseConnection , List`1& )
   at CloudBerryLab.Backup.Console.Dialogs.Account.EditStorageAccount.Apply(Boolean showErrorForAllPages)

My remote server is a Ubuntu Linux server with OpenSSH with the following configuration :

### Harden SSH
### https://infosec.mozilla.org/guidelines/openssh
# Supported HostKey algorithms by order of preference.
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key

KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256
Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
MACs [email protected],[email protected]

I’ve also tried to loosen it to the recommendations of Mozilla (see https://infosec.mozilla.org/guidelines/openssh) with the following configuration without success :

HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key

KexAlgorithms [email protected],ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]

So, would it be possible to configure or update the application to support modern and secure ciphers?

Thank you!

Hello again!

I will add some precision to my last post: If it’s not possible to configure it to support newer ciphers and that an update for supporting newer ciphers isn’t planned for now (it would be a good thing though), can someone from the CloudBerry team tell me which ones are currently supported?

Thanks!

[reply=“BenPi;2075”] We consider it as a legacy protocol and have stopped offering it to our customers

We recommend Minio - self-hosted S3-compatible storage server. Should work much better than SFTP.

Minio main website
Minio documentation page
Setup guide

As for the ciphers, this thread might help: https://forum.cloudberrylab.com/discussion/comment/247

In general, it all depends on the environment.

Okay, thanks for the information!