Release (beta) 2021 - SFTP failure (Synology)

I use Rider most of the time, but MonoDevelop 7.8.4 also works for me. Note that you’ll also need NuGet to retrieve the external dependencies. If NuGet is installed, I believe MonoDevelop will handle the retrieval of packages automatically for you.

This sounds very much like a Visual Studio build on Windows. Does this mean I need to specially build Duplicati? I’d prefer to just attach a debugger and have it stop at the System.NotImplementedException.
dnSpy on Windows can do this. My initial problem with monodevelop is that I can’t get the soft debugger connection. I export MONODEVELOP_SDB_TEST=1, start monodevelop. Still no Run → Run with → Custom Command Mono Soft Debugger, and Attach to Process looks like gdb and native code debug…

This monodevelop download was actually 7.8.4 even though the download page said latest is…

@drwtsn32 – any luck reproducing this? If so, what sort of Linux debug environment do you have there?

I was able to reproduce with Mint 20.1/mono and Bitvise on Windows, as well. I tried a couple other SFTP servers I have but couldn’t trigger the issue.

Unlike your testing, I was able to get past the “method or operation is not implemented” error during connection test by deleting the ECDSA/nistp384 key in Bitvise and restarting the service. It was then left with an RSA 3072 key, which worked fine when I tested the connection.

Duplicati on Windows doesn’t have a problem with the ECDSA/nistp384 key so I agree it seems to be an issue with mono.

According to this issue, mono doesn’t support ECDSA keys:

Looks like that’s where the ‘not implemented’ exception originates.

I have used monodevelop in the past and it worked well, but I don’t have it on my Mint machine right now. I normally develop using Visual Studio 2019.

Probably because I didn’t try that delete, just the one for curve25519-sha256. I didn’t try further deletes.

After my first delete, the last SSH looked like:

        Key Exchange (method:ecdh-sha2-nistp256)
            Message Code: Elliptic Curve Diffie-Hellman Key Exchange Reply (31)
            KEX host key (type: ecdsa-sha2-nistp384)
            ECDH server's ephemeral public key length: 65
            ECDH server's ephemeral public key (Q_S): 043394d292b51e4b6ed9f359ebd4a248801e93c1657212b16ef05c1d600e4ee2554599df…
            KEX H signature length: 131
            KEX H signature: 0000001365636473612d736861322d6e6973747033383400000068000000304122ebec79…

I’m not a cryptographer, but your mono finding sounds plausible, and very unfortunate if it’s the cause…

I think that’s still possible, but debugging this way can in general be much more difficult. The releases are built in release mode where the compiler can optimized the code in a way where what you see in the source code doesn’t quite reflect what is being run. As such, you might find that you won’t be able to set a breakpoint on certain lines, methods can get inlined, etc.

Nice find @drwtsn32! Looks like with my setup I’m getting a ed25519 host key.

Limit what algorithms or ciphers are used #730 might be a way out, if it can trim things down on mono.

Maybe it’s possible to configure the SSH.NET client to not advertise support for ecdsa host keys when running under mono?

Look above your post.

Ah that makes sense… I wasn’t sure why I had a different result.

I don’t normally use Bitvise and after install it only had those two keys. ECDSA and the RSA one.

I didn’t see that post, but I had a tab open with that issue!

@drwtsn32, is it easy for you to try this patch (with your ecdsa key added back) to see if this approach might work?

diff --git a/Duplicati/Library/Backend/SSHv2/SSHv2Backend.cs b/Duplicati/Library/Backend/SSHv2/SSHv2Backend.cs
index 61241914d..92c6508b7 100644
--- a/Duplicati/Library/Backend/SSHv2/SSHv2Backend.cs
+++ b/Duplicati/Library/Backend/SSHv2/SSHv2Backend.cs
@@ -328,6 +328,7 @@ namespace Duplicati.Library.Backend
             if (m_keepaliveinterval.Ticks != 0)
                 con.KeepAliveInterval = m_keepaliveinterval;
+            con.ConnectionInfo.HostKeyAlgorithms.Remove("ecdsa-sha2-nistp384");
             m_con = con;
1 Like

Yes I’ll give it a try tonight and let you know!

BTW, here are where the host key strings are defined:

Also, there is an issue with how SSH.NET implements this, where the order in which the keys are enumerated is not guaranteed. I bumped it in December, but it hasn’t gotten much attention.

1 Like

2020.0.0 names the new key exchange (where mine was dying) and host key algorithms, but the file you cite also shows them, and its blame view shows when they were added. Knowing more about the mono omission might be helpful. Or is anything “elliptic” broken? That seems like a major gap in the algorithms.

The SSH.NET folks know the area far better than we do. Would it be worth trying to work with them, even using the existing open unsolved mystery issue perhaps. Oh. I see we’ve already started on that path. :grinning:

Can’t connect (SCP, SSH) in Xamarin Android #807


Edwards-Curve Digital Signature Algorithm (EdDSA)
says ed25519 uses an Edwards curve, but that seems a variety of elliptic curve, so I’m looking for where
the gap in mono ends, so as to limit the amount of cutting (and probably security loss) that must be done.

1 Like

Here’s the candidate NotImplementedException, which looks specific to ecdsa:

EDIT: This might not be the exact line. See below for a possibly more accurate explanation.

Yep, this worked in my test.

I was able to reproduce the problem without Bitvise on Windows by simply reconfiguring the sshd service on my Mint machine to have RSA + ECDSA keys. Tested before your fix and had the ‘not implemented’ exception. After the fix, no exception and Duplicati showed me the RSA key fingerprint.

So yeah I think this is a good fix when Duplicati is running on mono.

1 Like

Thanks @drwtsn32 for testing. We should come up with something a little more robust in the actual code to defend against future changes to mono, but I think it would be pretty simple. I think in .NET 5, the responsibility is pushed to the operating system so future compatibility may be even more platform-dependent once we make that transition.

1 Like

Looking into this some more, I believe this might explain what we’ve discovered. This pull request added support for elliptic curve algorithms in SSH.NET. For ECDSA, it relies on the System.Security.Cryptography.ECDsaCng class

which is not implemented in Mono

For ED25519, SSH.NET provides its own implementation (from Choas.NaCl).

Here’s a draft of a potential fix. Testing is needed.