End of IO Stream Read

FTP client for Android handsets.

End of IO Stream Read

Postby SpaceBison » Tue Mar 15, 2016 7:15 pm

I'm having a problem establishing a SCP connection to my PC. I can't seem to authorize by password. AndFTP gives me the following message:

Code: Select all
Session.connect: java.io.IOException: End of IO Stream Read


sshd logs on LogLevel VERBOSE are rather platonic:

Code: Select all
sshd[13961]: Connection from 192.168.10.139 port 33726 on 192.168.10.102 port 22
sshd[13961]: fatal: mm_answer_moduli: bad parameters: 2048 2048 1024


The logs on LogLevel DEBUG3 look like this:

Code: Select all
sshd[13995]: debug3: fd 5 is not O_NONBLOCK
sshd[13995]: debug1: Forked child 14020.
sshd[13995]: debug3: send_rexec_state: entering fd = 8 config len 427
sshd[13995]: debug3: ssh_msg_send: type 0
sshd[13995]: debug3: send_rexec_state: done
sshd[14020]: debug3: oom_adjust_restore
sshd[14020]: debug1: Set /proc/self/oom_score_adj to 0
sshd[14020]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
sshd[14020]: debug1: inetd sockets after dupping: 3, 3
sshd[14020]: Connection from 192.168.10.139 port 40760 on 192.168.10.102 port 22
sshd[14020]: debug1: Client protocol version 2.0; client software version JSCH-0.1.51
sshd[14020]: debug1: no match: JSCH-0.1.51
sshd[14020]: debug1: Enabling compatibility mode for protocol 2.0
sshd[14020]: debug1: Local version string SSH-2.0-OpenSSH_7.2
sshd[14020]: debug2: fd 3 setting O_NONBLOCK
sshd[14020]: debug3: ssh_sandbox_init: preparing seccomp filter sandbox
sshd[14020]: debug2: Network child is on pid 14021
sshd[14020]: debug3: preauth child monitor started
sshd[14020]: debug3: privsep user:group 99:99 [preauth]
sshd[14020]: debug1: permanently_set_uid: 99/99 [preauth]
sshd[14020]: debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
sshd[14020]: debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
sshd[14020]: debug3: list_hostkey_types: ssh-dss key not permitted by HostkeyAlgorithms [preauth]
sshd[14020]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256 [preauth]
sshd[14020]: debug3: send packet: type 20 [preauth]
sshd[14020]: debug1: SSH2_MSG_KEXINIT sent [preauth]


Using the "Legacy SSH" option does not help. I'm running the current version of AndFTP and OpenSSH_7.2p2, OpenSSL 1.0.2g. Both devices are on the same subnet.
SpaceBison
 
Posts: 4
Joined: Tue Mar 15, 2016 6:56 pm

Re: End of IO Stream Read

Postby support » Wed Apr 06, 2016 6:08 pm

Does it work with another client? (WinSCP under desktop)?
support
 
Posts: 1010
Joined: Sun Apr 20, 2008 4:40 pm

Re: End of IO Stream Read

Postby SpaceBison » Sun Apr 10, 2016 10:34 am

I tried connecting from a PC with both OpenSSH and WinSCP and encountered no problems. The thing is, AndFTP worked with my server before and I didn't change its configuration. I thing it might have something to do with a recent update of the app.
SpaceBison
 
Posts: 4
Joined: Tue Mar 15, 2016 6:56 pm

Re: End of IO Stream Read

Postby SpaceBison » Thu Apr 14, 2016 7:32 pm

It works with both WinSCP and OpenSSH clients and it used to work with an earlier version of AndFTP.
SpaceBison
 
Posts: 4
Joined: Tue Mar 15, 2016 6:56 pm

Re: End of IO Stream Read

Postby support » Sun Apr 24, 2016 10:52 am

Do you have any security app installed? Such as Avast Mobile Security?
If so, could you try to disable it temporary to see if it works?

We didn't modify anything at network layer in AndFTP so there is no reason it worked before and it fails now.
support
 
Posts: 1010
Joined: Sun Apr 20, 2008 4:40 pm

Re: End of IO Stream Read

Postby SpaceBison » Sun Apr 24, 2016 12:50 pm

I managed to work around the problem - switching from SCP to SFTP caused AndFTP to start connecting to my server.
SpaceBison
 
Posts: 4
Joined: Tue Mar 15, 2016 6:56 pm

Re: End of IO Stream Read

Postby decula » Sun Jun 19, 2016 11:17 pm

This is being caused by sshd being configured to remove support for the diffie-hellman-group1-sha1 as a KEX algorithym. This is a security issue with SHA1 making it easier for MITM attacks.

references:
http://stackoverflow.com/questions/3728 ... tream-read
https://blog.gdssecurity.com/labs/2015/ ... -tool.html
https://weakdh.org/sysadmin.html

a quick fix is to edit sshd_config on the server and add/modify the KEX algos to add the missing sha1 back, similar to (last comma separated entry):

KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

**** THIS IS A SECURITY HOLE **** but works
decula
 
Posts: 1
Joined: Sun Jun 19, 2016 11:07 pm


Return to AndFTP



Sitemap | Privacy Statement | Java and all Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc.
in the U.S. and other countries. All other company and/or product names are the property of their respective owners.