Cumulus Support

When i tried to use SFTP on cumulus i was getting the following errors.

2022-05-18 15:59:53.675 Realtime[0]: Start cycle
2022-05-18 15:59:53.686 Realtime[0]: Creating realtime.txt
2022-05-18 15:59:53.693 Realtime[0]: Processing realtime file - realtimegauges.txt
2022-05-18 15:59:54.214 RealtimeReconnect: Realtime ftp attempting disconnect
2022-05-18 15:59:54.215 RealtimeReconnect: Realtime ftp disconnected
2022-05-18 15:59:54.215 RealtimeReconnect: Realtime ftp attempting to reconnect
2022-05-18 15:59:54.215 RealtimeReconnect: Error reconnecting ftp server - Object reference not set to an instance of an object.
2022-05-18 15:59:54.215 RealtimeReconnect: Realtime ftp attempting to reinitialise the connection
2022-05-18 15:59:54.220 Realtime[0]: End cycle
2022-05-18 15:59:54.223 RealtimeSSHLogin: Attempting realtime SFTP connect to host 212.159.122.28 on port 22
2022-05-18 15:59:54.259 RealtimeSSHLogin: Connecting using password authentication
2022-05-18 15:59:54.522 RealtimeSSHLogin: Error connecting SFTP - An established connection was aborted by the server.

Any ideas please?

Does your host offer SFTP? If yes, does your host offer SFTP with password authentication (as opposed to other forms of Auth such as certificates)?

Hi,
Just another point.
If your answers are yes to freddies questions above, check what your host states as the port for SFTP, by default it is 22 in CumulusMX.
However it maybe 21 or other.
Kind Regards,

Yes it supports SFTP and its port 22 but still doesn't work??

i use winscp from my windows machine from outside my network and it works just not on cumulus.

password authentication should work over SFTP but it doesn't in cumulus?

Anyone who tried this?

richard_newberry wrote: ↑Thu 19 May 2022 10:40 am password authentication should work over SFTP but it doesn't in cumulus?

Looks like it did, but you were immediately booted out: Perhaps your host has some sort of connection limit?

When something like this happens I'd try using an FTP client to test and get it working first, that way you know the correct options.

Stuart

When using ftp via ssh outside the network and when i input the username and password i can access the cumulus files and when cumulus trys to upload it timed out errors.

richard_newberry wrote: ↑Thu 19 May 2022 1:37 pm When using ftp via ssh outside the network and when i input the username and password i can access the cumulus files and when cumulus trys to upload it timed out errors.

That's like comparing oranges and bananas, never mind apples. If you SFTP from outside your network to your Pi, you are initiating the connection. When Cumulus SFTPs to your remote site, Cumulus is initiating the connection. Your error suggests that connections to the remote site using username/password are not permitted, or that there is a limit to the number of connections allowed - both concurrent and in a period of time.

I will have a look at the concurrent connection in /etc/ssh/sshd_config

moving to active ftp works.

richard_newberry wrote: ↑Sat 21 May 2022 10:11 pm I will have a look at the concurrent connection in /etc/ssh/sshd_config

Wait .... are you actually hosting the server? The file /etc/ssh/sshd_config is the SSH server config file, not the client.

richard_newberry wrote: ↑Sat 21 May 2022 11:39 pm moving to active ftp works.

I thought you said in another post that passive works? I may be mistaken but I thought that was what I read.

Passive did work but stopped when i moved firewalls to pfsense so active works now. More secure firewall.

Yes i host the server.

So in summary, I think...

FTPS now works in Active mode? (used to work passive but not after a firewall change)
SFTP still fails.

I've had a look at the SFTP, and I *think* the issue is to do with the key exchange protocol...

The old version of SSH.Net I am having to use does not implement the newer Ecliptic Curve Diffie-Hellman protocols, only the older plain Diffie-Hellman, and I don't think your server will accept the old protocols.

The encryption and and mac algorithms have plenty of methods in common. But the server just sends a TCP reset after acknowledging the client key exchange initialisation message.