Connection reset when using jsch to connect to an sftp server hosted in azure

Question

. 。 Answers to this question are eligible for a +50 reputation bounty. TBO is looking for an : ：

I am experiencing the exact same issue with JSCH connecting to Azure SFTP server. I would greatly appreciate a solution which allows this to work, either via JSCH config changes or Azure config changes.

we are currently working with a cloud product that uses JSCH internally to connect to external sftp sources. Im investigating an connection reset exception that we are getting when trying to connect to azure sftp.

Using wireshark i determined that the problem occurs after we send the Client: Key Exchange Init. Establishing the same connection with filezilla we dont have this issue.

comparing the packages from jsch and filezilla i didn't see an obivious issue, but im not an expert on the ssh protocol. im gonna post both requests below if somebody could give me any pointers it would be greatly appreciated.

Request with JSCH (not working)

Request with Filezilla (working)

Response with Filezilla (working)

See below for the log output:

INFO: Connecting to ***** port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-AzureSSH_1.0.0
INFO: Local version string: SSH-2.0-JSCH-0.1.54
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO: CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO: SSH_MSG_KEXINIT sent
INFO: Disconnecting from **** port 22
com.jcraft.jsch.JSchException: Session.connect: java.net.SocketException: Connection reset

EDIT: following jameses suggestion i got the same result, connection closed but the client request only had the supported algos as payload. So i tried to replicate the FileZilla request by setting the jsch config regardless if jsch actually supports the algo, i just wanted to see if there is any respone.

But for some reason the connection still gets terminated

Modified jsch request

Answer 1

i wanted to post a quick update for anybody that is having the same issue, i opened a similiar question on the microsoft q&a site and looks like it's an issue on the azure side that they are working on fixing for GA Microsoft Q&A

Answer 2

(I want to put this in a comment, but it wont let me because I am new.)

It should be selecting a cipher that is common. What happens if you manually limit the ciphers to those supported by both Azure SFTP and JSCH?

session.setConfig("cipher.c2s","aes128-cbc,aes256-cbc,aes192-cbc");

Here is the Azure Host info I was able to pull from "sftp -vvv"

debug2: KEX algorithms: ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,ext-info-s
debug2: host key algorithms: rsa-sha2-256,rsa-sha2-512,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384
debug2: ciphers ctos: aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc