Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

Crabece

Re: gsskex integrity failure in script mode

Crabece wrote:

Crabece wrote:

I got the same error as the previous Guest using Script connection and I'm not able to solve it after some research.
Here is the command.bat what I tried :

option batch on
option confirm off
open sftp://User@dns.name.of.the.server:22 -hostkey="ssh-dss 1024 11:22:33:44:63:03:ae:b3:3c:bf:c7:14:d0:67:be:6c" -privatekey="C:\PathoftheKey\Key.ppk" cd /RemoteServerpath/
option transfer binary
get FileName.XML C:\PathWhereTheFileWillbePut\File.XML
close
exit

=> This is OK. But I have the famous : 2012-10-09 13:42:36.183 gsskex integrity failure in the log.


So I tried the following :

option batch on
option confirm off
open sftp://User@dns.name.of.the.server:22 -hostkey="ssh-dss 1024 11:22:33:44:63:03:ae:b3:3c:bf:c7:14:d0:67:be:6c" -privatekey="C:\PathoftheKey\Key.ppk" -rawsettings="KEX=dh-gex-sha1,gssapi-gex,gssapi-group14,gssapi-group1,dh-group14-sha1,dh-group1-sha1,WARN" cd /RemoteServerpath/
option transfer binary
get FileName.XML C:\PathWhereTheFileWillbePut\File.XML
close
exit

=> This does not work... I exits the console without leaving any message in the .log file.

I found the -rawsettings option by generating a new seesion and checking the .ini file which gave me the following:
[Sessions\User@dns.name.of.the.server]
HostName=dns.name.of.the.server
KEX=dh-gex-sha1,gssapi-gex,gssapi-group14,gssapi-group1,dh-group14-sha1,dh-group1-sha1,WARN
UserName=User
PublicKeyFile=C:\PathoftheKey\Key.ppk

Any clues anyone?
NB: I changed the files and server names/path but the script has been tested and works well except for the gsskex integrity failure for this specific server



I can provide you the full connection log of the gsskex integrity failure (with the script that has NOT -rawsettings parameter).

I saw it seems to be using the "Diffie-Hellman group exchange" algorithm for key exchange, so I might be wrong about the source of the issue...

Here is the full log:

Crabece wrote:


. 2012-10-09 13:42:35.667 --------------------------------------------------------------------------
. 2012-10-09 13:42:35.667 WinSCP Version 4.1.9 (Build 416) (OS 5.1.2600 Service Pack 3)
. 2012-10-09 13:42:35.667 Login time: Tuesday, October 09, 2012 1:42:35 PM
. 2012-10-09 13:42:35.667 --------------------------------------------------------------------------
. 2012-10-09 13:42:35.667 Session name: User@dns.name.of.the.server
. 2012-10-09 13:42:35.667 Host name: dns.name.of.the.server (Port: 22)
. 2012-10-09 13:42:35.667 User name: User (Password: No, Key file: Yes)
. 2012-10-09 13:42:35.667 Tunnel: No
. 2012-10-09 13:42:35.667 Transfer Protocol: SFTP
. 2012-10-09 13:42:35.667 Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. 2012-10-09 13:42:35.667 Proxy: none
. 2012-10-09 13:42:35.667 SSH protocol version: 2; Compression: No
. 2012-10-09 13:42:35.667 Bypass authentication: No
. 2012-10-09 13:42:35.667 Try agent: Yes; Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No
. 2012-10-09 13:42:35.667 Ciphers: aes,blowfish,3des,WARN,arcfour,des; Ssh2DES: No
. 2012-10-09 13:42:35.667 SSH Bugs: -,-,-,-,-,-,-,-
. 2012-10-09 13:42:35.667 SFTP Bugs: -,-
. 2012-10-09 13:42:35.667 Return code variable: Autodetect; Lookup user groups: Yes
. 2012-10-09 13:42:35.667 Shell: default, EOL: 0
. 2012-10-09 13:42:35.667 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. 2012-10-09 13:42:35.667 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No
. 2012-10-09 13:42:35.667 Local directory: default, Remote directory: home, Update: No, Cache: Yes
. 2012-10-09 13:42:35.667 Cache directory changes: Yes, Permanent: Yes
. 2012-10-09 13:42:35.667 DST mode: 1
. 2012-10-09 13:42:35.667 --------------------------------------------------------------------------
. 2012-10-09 13:42:35.667 Looking up host "dns.name.of.the.server"
. 2012-10-09 13:42:35.667 Connecting to IP.Address.Of.Server port 22
. 2012-10-09 13:42:35.808 Server version: SSH-2.0-WRQReflectionforSecureIT_7.2.1 Build 736
. 2012-10-09 13:42:35.808 We claim version: SSH-2.0-WinSCP_release_4.1.9
. 2012-10-09 13:42:35.808 SSPI: acquired credentials for: MyADUserName@AD.Domain.Name
. 2012-10-09 13:42:35.808 Constructed service principal name 'host/dns.name.of.the.server'
. 2012-10-09 13:42:35.808 Enabling GSSKEX for this target
. 2012-10-09 13:42:35.808 Using SSH protocol version 2
. 2012-10-09 13:42:35.808 Doing Diffie-Hellman group exchange
. 2012-10-09 13:42:36.058 Doing Diffie-Hellman key exchange with hash SHA-1
. 2012-10-09 13:42:36.105 SSPI: acquired credentials for: MyADUserName@AD.Domain.Name
. 2012-10-09 13:42:36.105 Constructed service principal name 'host/dns.name.of.the.server'
. 2012-10-09 13:42:36.183 VerifySignature: The message or signature supplied for verification has been altered

. 2012-10-09 13:42:36.183 gsskex integrity failure



Any help?


FYI I updated my WinSCP Version to 5.1.0 and this solved the problem.
I Hope this helps
Crabece

Re: gsskex integrity failure in script mode

Crabece wrote:

I got the same error as the previous Guest using Script connection and I'm not able to solve it after some research.
Here is the command.bat what I tried :

option batch on
option confirm off
open sftp://User@dns.name.of.the.server:22 -hostkey="ssh-dss 1024 11:22:33:44:63:03:ae:b3:3c:bf:c7:14:d0:67:be:6c" -privatekey="C:\PathoftheKey\Key.ppk" cd /RemoteServerpath/
option transfer binary
get FileName.XML C:\PathWhereTheFileWillbePut\File.XML
close
exit

=> This is OK. But I have the famous : 2012-10-09 13:42:36.183 gsskex integrity failure in the log.


So I tried the following :

option batch on
option confirm off
open sftp://User@dns.name.of.the.server:22 -hostkey="ssh-dss 1024 11:22:33:44:63:03:ae:b3:3c:bf:c7:14:d0:67:be:6c" -privatekey="C:\PathoftheKey\Key.ppk" -rawsettings="KEX=dh-gex-sha1,gssapi-gex,gssapi-group14,gssapi-group1,dh-group14-sha1,dh-group1-sha1,WARN" cd /RemoteServerpath/
option transfer binary
get FileName.XML C:\PathWhereTheFileWillbePut\File.XML
close
exit

=> This does not work... I exits the console without leaving any message in the .log file.

I found the -rawsettings option by generating a new seesion and checking the .ini file which gave me the following:
[Sessions\User@dns.name.of.the.server]
HostName=dns.name.of.the.server
KEX=dh-gex-sha1,gssapi-gex,gssapi-group14,gssapi-group1,dh-group14-sha1,dh-group1-sha1,WARN
UserName=User
PublicKeyFile=C:\PathoftheKey\Key.ppk

Any clues anyone?
NB: I changed the files and server names/path but the script has been tested and works well except for the gsskex integrity failure for this specific server



I can provide you the full connection log of the gsskex integrity failure (with the script that has NOT -rawsettings parameter).

I saw it seems to be using the "Diffie-Hellman group exchange" algorithm for key exchange, so I might be wrong about the source of the issue...

Here is the full log:

Crabece wrote:


. 2012-10-09 13:42:35.667 --------------------------------------------------------------------------
. 2012-10-09 13:42:35.667 WinSCP Version 4.1.9 (Build 416) (OS 5.1.2600 Service Pack 3)
. 2012-10-09 13:42:35.667 Login time: Tuesday, October 09, 2012 1:42:35 PM
. 2012-10-09 13:42:35.667 --------------------------------------------------------------------------
. 2012-10-09 13:42:35.667 Session name: User@dns.name.of.the.server
. 2012-10-09 13:42:35.667 Host name: dns.name.of.the.server (Port: 22)
. 2012-10-09 13:42:35.667 User name: User (Password: No, Key file: Yes)
. 2012-10-09 13:42:35.667 Tunnel: No
. 2012-10-09 13:42:35.667 Transfer Protocol: SFTP
. 2012-10-09 13:42:35.667 Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. 2012-10-09 13:42:35.667 Proxy: none
. 2012-10-09 13:42:35.667 SSH protocol version: 2; Compression: No
. 2012-10-09 13:42:35.667 Bypass authentication: No
. 2012-10-09 13:42:35.667 Try agent: Yes; Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No
. 2012-10-09 13:42:35.667 Ciphers: aes,blowfish,3des,WARN,arcfour,des; Ssh2DES: No
. 2012-10-09 13:42:35.667 SSH Bugs: -,-,-,-,-,-,-,-
. 2012-10-09 13:42:35.667 SFTP Bugs: -,-
. 2012-10-09 13:42:35.667 Return code variable: Autodetect; Lookup user groups: Yes
. 2012-10-09 13:42:35.667 Shell: default, EOL: 0
. 2012-10-09 13:42:35.667 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. 2012-10-09 13:42:35.667 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No
. 2012-10-09 13:42:35.667 Local directory: default, Remote directory: home, Update: No, Cache: Yes
. 2012-10-09 13:42:35.667 Cache directory changes: Yes, Permanent: Yes
. 2012-10-09 13:42:35.667 DST mode: 1
. 2012-10-09 13:42:35.667 --------------------------------------------------------------------------
. 2012-10-09 13:42:35.667 Looking up host "dns.name.of.the.server"
. 2012-10-09 13:42:35.667 Connecting to IP.Address.Of.Server port 22
. 2012-10-09 13:42:35.808 Server version: SSH-2.0-WRQReflectionforSecureIT_7.2.1 Build 736
. 2012-10-09 13:42:35.808 We claim version: SSH-2.0-WinSCP_release_4.1.9
. 2012-10-09 13:42:35.808 SSPI: acquired credentials for: MyADUserName@AD.Domain.Name
. 2012-10-09 13:42:35.808 Constructed service principal name 'host/dns.name.of.the.server'
. 2012-10-09 13:42:35.808 Enabling GSSKEX for this target
. 2012-10-09 13:42:35.808 Using SSH protocol version 2
. 2012-10-09 13:42:35.808 Doing Diffie-Hellman group exchange
. 2012-10-09 13:42:36.058 Doing Diffie-Hellman key exchange with hash SHA-1
. 2012-10-09 13:42:36.105 SSPI: acquired credentials for: MyADUserName@AD.Domain.Name
. 2012-10-09 13:42:36.105 Constructed service principal name 'host/dns.name.of.the.server'
. 2012-10-09 13:42:36.183 VerifySignature: The message or signature supplied for verification has been altered

. 2012-10-09 13:42:36.183 gsskex integrity failure



Any help?
Crabece

gsskex integrity failure in script mode

I got the same error as the previous Guest using Script connection and I'm not able to solve it after some research.
Here is the command.bat what I tried :

option batch on
option confirm off
open sftp://User@dns.name.of.the.server:22 -hostkey="ssh-dss 1024 11:22:33:44:63:03:ae:b3:3c:bf:c7:14:d0:67:be:6c" -privatekey="C:\PathoftheKey\Key.ppk" cd /RemoteServerpath/
option transfer binary
get FileName.XML C:\PathWhereTheFileWillbePut\File.XML
close
exit

=> This is OK. But I have the famous : 2012-10-09 13:42:36.183 gsskex integrity failure in the log.


So I tried the following :

option batch on
option confirm off
open sftp://User@dns.name.of.the.server:22 -hostkey="ssh-dss 1024 11:22:33:44:63:03:ae:b3:3c:bf:c7:14:d0:67:be:6c" -privatekey="C:\PathoftheKey\Key.ppk" -rawsettings="KEX=dh-gex-sha1,gssapi-gex,gssapi-group14,gssapi-group1,dh-group14-sha1,dh-group1-sha1,WARN" cd /RemoteServerpath/
option transfer binary
get FileName.XML C:\PathWhereTheFileWillbePut\File.XML
close
exit

=> This does not work... I exits the console without leaving any message in the .log file.

I found the -rawsettings option by generating a new seesion and checking the .ini file which gave me the following:
[Sessions\User@dns.name.of.the.server]
HostName=dns.name.of.the.server
KEX=dh-gex-sha1,gssapi-gex,gssapi-group14,gssapi-group1,dh-group14-sha1,dh-group1-sha1,WARN
UserName=User
PublicKeyFile=C:\PathoftheKey\Key.ppk

Any clues anyone?
NB: I changed the files and server names/path but the script has been tested and works well except for the gsskex integrity failure for this specific server
nonnb

Re: Intermittent error "gsskex integrity failure"

Hi - might be something to do with DNS checking?
martin

I get the same error and your fix solves the problem in GUI mode. How do I fix it when i script a connection?

Please read FAQ. If that does not help, come back.
Guest

I get the same error and your fix solves the problem in GUI mode. How do I fix it when i script a connection?

Thanks
buddyfriend

this still works, thank you for posting this info N/T

thanks
martin

It looks like i've found a workaround for this. Edit the session and go to "Key Exchange" and move the "Diffie-Hellman group xxxx" lines to the top. This seems to fix the problem.

Thanks for sharing this.
Guest

Hi again,

It looks like i've found a workaround for this. Edit the session and go to "Key Exchange" and move the "Diffie-Hellman group xxxx" lines to the top. This seems to fix the problem.

Cheers,
Ed
Guest

Re: Intermittent error "gsskex integrity failure"

martin wrote:

What version of WinSCP are you using?


4.1.5 (Build 410)
martin

Re: Intermittent error "gsskex integrity failure"

What version of WinSCP are you using?
EpaL

Intermittent error "gsskex integrity failure"

Hi,

I have just recently build a new Sun T5220 server with Solaris 10 running SSH-2.0-Sun_SSH_1.1. Unfortunately i'm receiving these strange errors when trying to connect with WinSCP using SFTP:

"gsskex integrity failure"

The errors don't always occur - sometimes it works fine.

Is there a log file or some other diagnostic I can send over that might help isolate the cause?

Many thanks in advance.