Upgrade protection expired, no ssh configuration

Please post here if you have problems in using Wing FTP Server.
hyperion
Posts: 11
Joined: Tue Jun 03, 2014 8:18 am

Upgrade protection expired, no ssh configuration

Post by hyperion »

Hello,

after a long time without upgrade (the last was in February, with version 4.6.2), I upgraded WingFTP Server to version 4.7.3 this week-end, apparently without problem.

Today, some clients have phoned saying that they cannot send files via SFTP.

In the logs, I see the message "Failed to exchange the keys."

I try to connect via an SFTP client, and I see that the SSH key has changed.

I return to the interface, searching for the SSH parameters, where I define the private key, and I see nothing, it is only under the listeners that I see that the SSH listener still runs, or for individual accounts that use SSH key authentication I can see their public key.

I go to the License page, check the edition (Corporate), and after some time, a popup appears telling me that the Upgrade protection expired.

Question: Is it because the upgrade protection expired that I cannot see/edit the Global SSH configuration, or is it a 4.7.3 bug ?

----

PS: While no client was connected, I reinstalled version 4.6.2, and the SSH Key Manager reappeared.

And when I connected via SFTP, it returned the correct SSH key.

However, I do not have the message about the expired upgrade protection.
FTP
Site Admin
Posts: 2072
Joined: Tue Sep 29, 2009 6:09 am

Re: Upgrade protection expired, no ssh configuration

Post by FTP »

Please have a look on this KB article first: https://bbs.wftpserver.com/viewtopic.php?t=3547
hyperion
Posts: 11
Joined: Tue Jun 03, 2014 8:18 am

Re: Upgrade protection expired, no ssh configuration

Post by hyperion »

I read it, but I thought that it applied only to the default SSH host key, as installed with WingFTP.

We have for several years used SSH host keys, generated internally and whose fingerprint was sent to our clients who automate their nightly downloads/uploads via SFTP.

With the information implied by the KB, I would need to make an install on another server, connect via SFTP on it, write the fingerprint and communicate it to our tens of clients who automate their SFTP connection (and wait for about a month before everybody), or somehow find the way to replace the default SSH Key by one of our SSH Key.

And it means we cannot use different domains with different SSH Keys anymore (useful for testing with specific clients).

Can you restore the SSH Key Manager, or an equivalent, for version 4.7.x ?
FTP
Site Admin
Posts: 2072
Joined: Tue Sep 29, 2009 6:09 am

Re: Upgrade protection expired, no ssh configuration

Post by FTP »

We take your suggestions, bring the SSH Key Manager back in the new version 4.7.6, and we also provide a tool for converting the old PKCS#15 ssh key to the PEM format, if you created an SSH key with the older version of WingFTP, maybe you can execute the converter "p15conv" under WingFTP's folder.
bigcolwell
Posts: 4
Joined: Wed Feb 13, 2013 10:06 pm

Re: Upgrade protection expired, no ssh configuration

Post by bigcolwell »

I am in a similar situation, I have been having trouble upgrading to or beyond 4.7.0 without breaking my existing connections. Currently I am on 4.6.2 and have been using the built in SSH key for years. Most of my users are configured with password less SSH public key authentication. When I upgraded to 4.7.3 I received Failed to create the ssh channel on most of the connections so I rolled back to 4.6.2.
I just tried 4.7.6 which converts my old SSH key however connections are failing with: Failed to exchange the keys and one shows failed to create the ssh channel. so i rolled back and restore the old keys.

Is there a way to convert the key that doesn’t require the connecting party to accept the new fingerprint? My clients are mostly using automated scripts via open SSH and sftp commands.
Example Failed to exchange the keys 4.7.6:
[02] Mon, 03 Oct 2016 14:20:56 (0000005) Connected from IPREMOVED (local address IPREMOVED, port 22)
[02] Mon, 03 Oct 2016 14:20:57 (0000005) Failed to exchange the keys.
[02] Mon, 03 Oct 2016 14:20:57 (0000005) Closed session, disconnected from IPREMOVED

Example Failed to create the ssh channe 4.7.6l:
[01] Mon, 03 Oct 2016 14:21:54 (0000010) SSH authentication completed successfully. Client information: SSH-2.0-SharpSSH-1.1.1.13-JSCH-0.1.28
[02] Mon, 03 Oct 2016 14:21:54 (0000010) Closed session, disconnected from IPREMOVED The reason is: Failed to create the ssh channel.

If I need to coordinate with my clients that’s fine I can work that out, suppose if I am going through that trouble I should create a new SSH key pair and have them accept that?

Thanks

Chris
FTP
Site Admin
Posts: 2072
Joined: Tue Sep 29, 2009 6:09 am

Re: Upgrade protection expired, no ssh configuration

Post by FTP »

So did you selected the converted ssh key under the domain settings?
bigcolwell
Posts: 4
Joined: Wed Feb 13, 2013 10:06 pm

Re: Upgrade protection expired, no ssh configuration

Post by bigcolwell »

I did not, I thought it converted it automatically based on this post:
http://www.wftpserver.com/bbs/viewtopic.php?f=2&t=3257" rel="nofollow

"BTW, if you use the default ssh key "wftp_default_ssh.key" before, then WingFTP will convert it into PEM format automatically, but we highly recommend you generate a new ssh key, because it will be much more secure."

Where do I go to convert it once the upgrade done?

Thanks

Chris
FTP
Site Admin
Posts: 2072
Joined: Tue Sep 29, 2009 6:09 am

Re: Upgrade protection expired, no ssh configuration

Post by FTP »

Did you use the default SSH host key before? You just need to check the file "/wftp_default_ssh.key", check whether it is a plain text file, and you also need to check the option "Domain > Settings > General Settings > Miscellaneous > SSH Host Key".
bigcolwell
Posts: 4
Joined: Wed Feb 13, 2013 10:06 pm

Re: Upgrade protection expired, no ssh configuration

Post by bigcolwell »

Hello I used the default SSH key way back 2012 believe was my first install of the product, wftp_default_ssh.key.

I checked the key file its definitely not plain text. I backed up the key file prior to the upgrade and noticed the upgrade modified the key files as the dates changed. However I rolled back due to the connection troubles I mentioned earlier. When I rolled back because of that I put the backed up keyfiles back in place as well as the data directory.

Is there another way to convert the old default wftp_default_ssh.key?
FTP
Site Admin
Posts: 2072
Joined: Tue Sep 29, 2009 6:09 am

Re: Upgrade protection expired, no ssh configuration

Post by FTP »

If you use the latest version 4.7.6, it will convert the default ssh key automatically. Anyway, you can download the converted default ssh key here: http://www.wftpserver.com/bbsres/wftp_default_ssh.zip" rel="nofollow
Post Reply