Unable to connect using username/password and aes256-ctr encryption

[Ger202020]

Hi, I'm connecting to a host using username and password and I get back "Permission denied (password)" error message.

Some facts

• The credentials are ok. The same credentials work ok on using Rebex/WinSCP/FileZilla/OpenSSH Windows etc..
• Looking at the winSCP log the host does allow and use aes256-ctr to connect
• The credentials work ok on a previous version of ssh.net, namely v2016.1.0 but do not work on 2020.0.0 and beyond. I tried each version. Presumably v2016.1.0 does not have aes256-ctr
• I have other credentials for the same host that do work using ssh.net latest version and using aes256-ctr so the issue only occurs with some usernames/passwords. The host provider insists that all accounts are configured the same.
• The credentials work ok using the latest version ssh.net if I remove aes256-ctr using the following code

var sftp = new SftpClient(connectionInfo.Host, connectionInfo.Port, connectionInfo.Username, connectionInfo.Password);
sftp.ConnectionInfo.Encryptions.Remove("aes256-ctr");
sftp.Connect();

I have downloaded the source code and managed to get traces info from SSH.NET and WinSCP log. Which I've added below.

Appreciate any help with this issue,
Gerard

This is the successful username/password trace (a set of credentials with the same host that do work using SSH.NET)

Server version '2.0' on 'Authorized'.
[] Received message 'KeyExchangeInitMessage' from server: 'SSH_MSG_KEXINIT'.
[] Sending message 'KeyExchangeInitMessage' to server: 'SSH_MSG_KEXINIT'.
[] Sending message 'KeyExchangeEcdhInitMessage' to server: 'SSH_MSG_KEX_ECDH_INIT'.
[] Received message 'KeyExchangeEcdhReplyMessage' from server: 'SSH_MSG_KEX_ECDH_REPLY'.
[] Sending message 'NewKeysMessage' to server: 'SSH_MSG_NEWKEYS'.
[] Received message 'NewKeysMessage' from server: 'SSH_MSG_NEWKEYS'.
[303BE8CF3853F0E9CE341D063FEE0373DA7A5F66515D72196E1931A67B7C5D2A] Creating server cipher (Name:aes256-ctr,Key:A79DC8206CF919B9E8EB681B563850D6742533287468D56C99C6C4DCC3BF3E0E,IV:C5865FE27D7805356E47FE19518B8B93423B029118C5D51EDA88F659C997FFD7)
[303BE8CF3853F0E9CE341D063FEE0373DA7A5F66515D72196E1931A67B7C5D2A] Sending message 'ServiceRequestMessage' to server: 'SSH_MSG_SERVICE_REQUEST'.
[303BE8CF3853F0E9CE341D063FEE0373DA7A5F66515D72196E1931A67B7C5D2A] Received message 'ServiceAcceptMessage' from server: 'SSH_MSG_SERVICE_ACCEPT'.
[303BE8CF3853F0E9CE341D063FEE0373DA7A5F66515D72196E1931A67B7C5D2A] Sending message 'RequestMessageNone' to server: 'SSH_MSG_USERAUTH_REQUEST'.
[303BE8CF3853F0E9CE341D063FEE0373DA7A5F66515D72196E1931A67B7C5D2A] Received message 'FailureMessage' from server: 'SSH_MSG_USERAUTH_FAILURE'.
[303BE8CF3853F0E9CE341D063FEE0373DA7A5F66515D72196E1931A67B7C5D2A] Sending message 'RequestMessagePassword' to server: 'SSH_MSG_USERAUTH_REQUEST'.
[303BE8CF3853F0E9CE341D063FEE0373DA7A5F66515D72196E1931A67B7C5D2A] Received message 'SuccessMessage' from server: 'SSH_MSG_USERAUTH_SUCCESS'.
[303BE8CF3853F0E9CE341D063FEE0373DA7A5F66515D72196E1931A67B7C5D2A] Sending message 'ChannelOpenMessage' to server: 'SSH_MSG_CHANNEL_OPEN'.
[303BE8CF3853F0E9CE341D063FEE0373DA7A5F66515D72196E1931A67B7C5D2A] Received message 'ChannelOpenConfirmationMessage' from server: 'SSH_MSG_CHANNEL_OPEN_CONFIRMATION : #0'.

This is the unsuccessful one

Server version '2.0' on 'Authorized'.
[] Received message 'KeyExchangeInitMessage' from server: 'SSH_MSG_KEXINIT'.
[] Sending message 'KeyExchangeInitMessage' to server: 'SSH_MSG_KEXINIT'.
[] Sending message 'KeyExchangeEcdhInitMessage' to server: 'SSH_MSG_KEX_ECDH_INIT'.
[] Received message 'KeyExchangeEcdhReplyMessage' from server: 'SSH_MSG_KEX_ECDH_REPLY'.
[] Sending message 'NewKeysMessage' to server: 'SSH_MSG_NEWKEYS'.
[] Received message 'NewKeysMessage' from server: 'SSH_MSG_NEWKEYS'.
[53F6F504625D743B0828D92DAA009DD28B0C5DE57043435BEA66FFEDB1ABB5A7] Creating server cipher (Name:aes256-ctr,Key:5E2C775FFCB309C5EDA5E81F872BA61C8C409BB7D83EC71F13581048E05A0E72,IV:08F80234DEF079B571FAD7F377AF1CF532D605D8999F1448D2E1E46DB697B77C)
[53F6F504625D743B0828D92DAA009DD28B0C5DE57043435BEA66FFEDB1ABB5A7] Sending message 'ServiceRequestMessage' to server: 'SSH_MSG_SERVICE_REQUEST'.
[53F6F504625D743B0828D92DAA009DD28B0C5DE57043435BEA66FFEDB1ABB5A7] Received message 'ServiceAcceptMessage' from server: 'SSH_MSG_SERVICE_ACCEPT'.
[53F6F504625D743B0828D92DAA009DD28B0C5DE57043435BEA66FFEDB1ABB5A7] Sending message 'RequestMessageNone' to server: 'SSH_MSG_USERAUTH_REQUEST'.
[53F6F504625D743B0828D92DAA009DD28B0C5DE57043435BEA66FFEDB1ABB5A7] Received message 'FailureMessage' from server: 'SSH_MSG_USERAUTH_FAILURE'.
[53F6F504625D743B0828D92DAA009DD28B0C5DE57043435BEA66FFEDB1ABB5A7] Sending message 'RequestMessagePassword' to server: 'SSH_MSG_USERAUTH_REQUEST'.
[53F6F504625D743B0828D92DAA009DD28B0C5DE57043435BEA66FFEDB1ABB5A7] Received message 'FailureMessage' from server: 'SSH_MSG_USERAUTH_FAILURE'.
[53F6F504625D743B0828D92DAA009DD28B0C5DE57043435BEA66FFEDB1ABB5A7] Disposing session.
[53F6F504625D743B0828D92DAA009DD28B0C5DE57043435BEA66FFEDB1ABB5A7] Disconnecting session.
[53F6F504625D743B0828D92DAA009DD28B0C5DE57043435BEA66FFEDB1ABB5A7] Shutting down socket.
[53F6F504625D743B0828D92DAA009DD28B0C5DE57043435BEA66FFEDB1ABB5A7] Disposing socket.
[53F6F504625D743B0828D92DAA009DD28B0C5DE57043435BEA66FFEDB1ABB5A7] Disposed socket.

This is the WinSCP full trace of a successful connection

. 2023-10-23 14:17:54.343 --------------------------------------------------------------------------
. 2023-10-23 14:17:54.343 WinSCP Version 5.21.1 (Build 12643 2022-06-24) (OS 10.0.22621 - Windows 10 Enterprise)
. 2023-10-23 14:17:54.343 Configuration: HKCU\Software\Martin Prikryl\WinSCP 2
. 2023-10-23 14:17:54.343 Log level: Debug 2, Logging passwords
. 2023-10-23 14:17:54.343 Local account: GBELAPTOP\GBE
. 2023-10-23 14:17:54.343 Working directory: C:\Program Files (x86)\WinSCP
. 2023-10-23 14:17:54.343 Process ID: 27544
. 2023-10-23 14:17:54.343 Ancestor processes: explorer, ...
. 2023-10-23 14:17:54.343 Command-line: "C:\Program Files (x86)\WinSCP\WinSCP.exe"
. 2023-10-23 14:17:54.343 Time zone: Current: GMT+1, Standard: GMT+0 (GMT Standard Time), DST: GMT+1 (GMT Summer Time), DST Start: 26/03/2023, DST End: 29/10/2023
. 2023-10-23 14:17:54.343 Login time: 23 October 2023 14:17:54
. 2023-10-23 14:17:54.343 --------------------------------------------------------------------------
. 2023-10-23 14:17:54.343 Session name: xxx
. 2023-10-23 14:17:54.343 Host name: [xxx) (Port: 2222)
. 2023-10-23 14:17:54.343 User name: xxx (Password: xxx, Key file: No, Passphrase: No)
. 2023-10-23 14:17:54.343 Tunnel: No
. 2023-10-23 14:17:54.343 Transfer Protocol: SFTP (SCP)
. 2023-10-23 14:17:54.343 Ping type: Off, Ping interval: 30 sec; Timeout: 15 sec
. 2023-10-23 14:17:54.343 Disable Nagle: No
. 2023-10-23 14:17:54.343 Proxy: None
. 2023-10-23 14:17:54.343 Send buffer: 262144
. 2023-10-23 14:17:54.343 Compression: No
. 2023-10-23 14:17:54.343 Bypass authentication: No
. 2023-10-23 14:17:54.343 Try agent: Yes; Agent forwarding: No; KI: Yes; GSSAPI: Yes
. 2023-10-23 14:17:54.343 GSSAPI: KEX: No; Forwarding: No; Libs: gssapi32,sspi,custom; Custom:
. 2023-10-23 14:17:54.343 Ciphers: aes,chacha20,blowfish,3des,WARN,arcfour,des; Ssh2DES: No
. 2023-10-23 14:17:54.343 KEX: ecdh,dh-gex-sha1,dh-group14-sha1,rsa,WARN,dh-group1-sha1
. 2023-10-23 14:17:54.343 SSH Bugs: Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto
. 2023-10-23 14:17:54.343 Simple channel: Yes
. 2023-10-23 14:17:54.343 Return code variable: Autodetect; Lookup user groups: Auto
. 2023-10-23 14:17:54.343 Shell: default
. 2023-10-23 14:17:54.343 EOL: LF, UTF: Auto
. 2023-10-23 14:17:54.343 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes; Follow directory symlinks: No
. 2023-10-23 14:17:54.343 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No; Exit code 1 is error: No
. 2023-10-23 14:17:54.343 SFTP Bugs: Auto,Auto
. 2023-10-23 14:17:54.343 SFTP Server: default
. 2023-10-23 14:17:54.343 Local directory: C:\Users\GBE, Remote directory: /, Update: Yes, Cache: Yes
. 2023-10-23 14:17:54.343 Cache directory changes: Yes, Permanent: Yes
. 2023-10-23 14:17:54.343 Recycle bin: Delete to: No, Overwritten to: No, Bin path:
. 2023-10-23 14:17:54.343 DST mode: Unix
. 2023-10-23 14:17:54.343 --------------------------------------------------------------------------
. 2023-10-23 14:17:54.374 Looking up host "[xxx]" for SSH connection
. 2023-10-23 14:17:54.422 Connecting to 35.178.94.36 port 2222
. 2023-10-23 14:17:54.453 Connected to 35.178.94.36
. 2023-10-23 14:17:54.453 Selecting events 63 for socket 2356
. 2023-10-23 14:17:54.469 Waiting for the server to continue with the initialization
. 2023-10-23 14:17:54.469 Looking for incoming data
. 2023-10-23 14:17:54.469 Looking for network events
. 2023-10-23 14:17:54.469 We claim version: SSH-2.0-WinSCP_release_5.21.1
. 2023-10-23 14:17:54.469 Detected network event
. 2023-10-23 14:17:54.469 Enumerating network events for socket 2356
. 2023-10-23 14:17:54.469 Enumerated 18 network events making 18 cumulative events for socket 2356
. 2023-10-23 14:17:54.469 Handling network write event on socket 2356 with error 0
. 2023-10-23 14:17:54.469 Handling network connect event on socket 2356 with error 0
. 2023-10-23 14:17:54.469 Connected to 35.178.94.36
. 2023-10-23 14:17:54.469 Looking for network events
. 2023-10-23 14:17:54.507 Detected network event
. 2023-10-23 14:17:54.507 Enumerating network events for socket 2356
. 2023-10-23 14:17:54.507 Enumerated 1 network events making 1 cumulative events for socket 2356
. 2023-10-23 14:17:54.507 Handling network read event on socket 2356 with error 0
. 2023-10-23 14:17:54.507 Waiting for the server to continue with the initialization
. 2023-10-23 14:17:54.507 Looking for incoming data
. 2023-10-23 14:17:54.507 Looking for network events
. 2023-10-23 14:17:54.507 Remote version: SSH-2.0-Authorized users only. All actions will be logged.
. 2023-10-23 14:17:54.507 Using SSH protocol version 2
. 2023-10-23 14:17:54.507 Have a known host key of type rsa2
. 2023-10-23 14:17:54.507 Doing ECDH key exchange with curve nistp256 and hash SHA-256
. 2023-10-23 14:17:54.642 Detected network event
. 2023-10-23 14:17:54.642 Enumerating network events for socket 2356
. 2023-10-23 14:17:54.642 Enumerated 1 network events making 1 cumulative events for socket 2356
. 2023-10-23 14:17:54.642 Handling network read event on socket 2356 with error 0
. 2023-10-23 14:17:54.642 Waiting for the server to continue with the initialization
. 2023-10-23 14:17:54.642 Looking for incoming data
. 2023-10-23 14:17:54.642 Looking for network events
. 2023-10-23 14:17:54.673 Host key fingerprint is:
. 2023-10-23 14:17:54.673 ssh-rsa 2048 SHA256:5dn8SLOmKM5RdtC902k+Oj66gw+GuH5vZghCa+oCjGo
. 2023-10-23 14:17:54.673 Verifying host key rsa2 0x10001,0xb0356c9f68ebeaec 01d6745a8bd45d7c 5c871b27e00dfa49 08f8b620c190ee5c 259d8be31763c397 3cddac988a42fe35 a071d9f987dc6ea9 6f8b39adaa4b5c1f 9ea9215dbdd53bbf 1579330612c7e63b 1ea7f68fe0f6fcbf 390fdfaedc38b68d a40b634da08b8d87 b32bd4032f0c11d2 783a5084b6b888a8 51f7cc2bb687a10e d970ec106f2d5fca 3f44acd56b1ba3da 41dae6ded65ec4ad 67c60a49584be51a e662adbfc584a789 b678405307718c71 2ebd79655d03ee57 62d424df8b03f3be 6910e025a94743b6 27b4c3c3e05b0514 8ec4c96fbb888ffc 266917418fa2d64e e16978ac0c9f041d 65b191562c18c815 e186f17f912c9461 d5f0563e5291ab47 with fingerprints ssh-rsa 2048 SHA256:5dn8SLOmKM5RdtC902k+Oj66gw+GuH5vZghCa+oCjGo, ssh-rsa 2048 a2:82:c4:bf:db:6b:25:82:1c:78:99:25:78:2e:87:93
. 2023-10-23 14:17:54.720 Host key matches cached key
. 2023-10-23 14:17:54.720 Initialised AES-256 SDCTR (AES-NI accelerated) [aes256-ctr] outbound encryption
. 2023-10-23 14:17:54.720 Initialised HMAC-SHA-256 outbound MAC algorithm
. 2023-10-23 14:17:54.720 Initialised AES-256 SDCTR (AES-NI accelerated) [aes256-ctr] inbound encryption
. 2023-10-23 14:17:54.720 Initialised HMAC-SHA-256 inbound MAC algorithm
. 2023-10-23 14:17:54.751 Detected network event
. 2023-10-23 14:17:54.751 Enumerating network events for socket 2356
. 2023-10-23 14:17:54.751 Enumerated 1 network events making 1 cumulative events for socket 2356
. 2023-10-23 14:17:54.751 Handling network read event on socket 2356 with error 0
. 2023-10-23 14:17:54.751 Waiting for the server to continue with the initialization
. 2023-10-23 14:17:54.751 Looking for incoming data
. 2023-10-23 14:17:54.751 Looking for network events
! 2023-10-23 14:17:54.751 Using username "xxx".
. 2023-10-23 14:17:54.808 Detected network event
. 2023-10-23 14:17:54.808 Enumerating network events for socket 2356
. 2023-10-23 14:17:54.808 Enumerated 1 network events making 1 cumulative events for socket 2356
. 2023-10-23 14:17:54.808 Handling network read event on socket 2356 with error 0
. 2023-10-23 14:17:54.808 Waiting for the server to continue with the initialization
. 2023-10-23 14:17:54.808 Looking for incoming data
. 2023-10-23 14:17:54.808 Looking for network events
. 2023-10-23 14:17:54.808 Server offered these authentication methods: publickey,password
. 2023-10-23 14:17:54.808 Prompt (password, "SSH password", , "&Password: ")
. 2023-10-23 14:17:54.808 Using stored password.
. 2023-10-23 14:17:54.814 Sent password
. 2023-10-23 14:17:57.386 Detected network event
. 2023-10-23 14:17:57.386 Enumerating network events for socket 2356
. 2023-10-23 14:17:57.386 Enumerated 1 network events making 1 cumulative events for socket 2356
. 2023-10-23 14:17:57.386 Handling network read event on socket 2356 with error 0
. 2023-10-23 14:17:57.386 Waiting for the server to continue with the initialization
. 2023-10-23 14:17:57.386 Looking for incoming data
. 2023-10-23 14:17:57.386 Looking for network events
. 2023-10-23 14:17:57.386 Access granted
. 2023-10-23 14:17:57.386 Opening main session channel
. 2023-10-23 14:17:57.417 Detected network event
. 2023-10-23 14:17:57.417 Enumerating network events for socket 2356
. 2023-10-23 14:17:57.417 Enumerated 1 network events making 1 cumulative events for socket 2356
. 2023-10-23 14:17:57.417 Handling network read event on socket 2356 with error 0
. 2023-10-23 14:17:57.417 Waiting for the server to continue with the initialization
. 2023-10-23 14:17:57.417 Looking for incoming data
. 2023-10-23 14:17:57.417 Looking for network events
. 2023-10-23 14:17:57.417 Opened main channel
. 2023-10-23 14:17:57.449 Detected network event
. 2023-10-23 14:17:57.449 Enumerating network events for socket 2356
. 2023-10-23 14:17:57.449 Enumerated 1 network events making 1 cumulative events for socket 2356
. 2023-10-23 14:17:57.449 Handling network read event on socket 2356 with error 0
. 2023-10-23 14:17:57.449 Waiting for the server to continue with the initialization
. 2023-10-23 14:17:57.449 Looking for incoming data
. 2023-10-23 14:17:57.449 Looking for network events
. 2023-10-23 14:17:57.449 Started a shell/command

[Rob-Hague]

That's odd. Does it happen every time, or only sporadically?

Does it also occur if you remove everything except aes192-ctr, or everything except aes128-ctr? e.g.

var aes = sftp.ConnectionInfo.Encryptions["aes128-ctr"];
sftp.ConnectionInfo.Encryptions.Clear();
sftp.ConnectionInfo.Encryptions.Add("aes128-ctr", aes);

[drieseng]

I was indeed able to reproduce the issue consistently. I'd be interested to learn whether #1235 resolves this issue.

[Ger202020]

I've downloaded #1235 and it does not appear to fix this issue.
This issue has been consistent in it's behaviour.
Interestingly, the following code does not work, I get the same error, Invalid Password.

var aes = sftp.ConnectionInfo.Encryptions["aes128-ctr"];
sftp.ConnectionInfo.Encryptions.Clear();
sftp.ConnectionInfo.Encryptions.Add("aes128-ctr", aes);

However, this does continue to work in #1235

sftp.ConnectionInfo.Encryptions.Remove("aes256-ctr");

What is more strange is that when I add the trace and remove only aes256-ctr it does appear to be using aes128-ctr see trace below. It's strange because it failed when clearing out all the encryptions collection and adding only aes128-ctr.

nitiating connection to ...
Server version '2.0' on 'Authorized'.
[] Received message 'KeyExchangeInitMessage' from server: 'SSH_MSG_KEXINIT'.
[] Sending message 'KeyExchangeInitMessage' to server: 'SSH_MSG_KEXINIT'.
[] Sending message 'KeyExchangeEcdhInitMessage' to server: 'SSH_MSG_KEX_ECDH_INIT'.
[] Received message 'KeyExchangeEcdhReplyMessage' from server: 'SSH_MSG_KEX_ECDH_REPLY'.
[] Sending message 'NewKeysMessage' to server: 'SSH_MSG_NEWKEYS'.
[] Received message 'NewKeysMessage' from server: 'SSH_MSG_NEWKEYS'.
[58F18FAF51CB594411FF44BAC65614DCB16511B943D23776CBADC8830A9B9B17] Creating server cipher (Name:**aes128-ctr**,Key:AE860892E8A2069B1F0CD884E561BBB29E02DF3FADB46E4F71A80F1D601F2535,IV:C9FF54F56291A4ACFC58153CD585710645578F0EF71C9DBF245D9494FD556802)
[58F18FAF51CB594411FF44BAC65614DCB16511B943D23776CBADC8830A9B9B17] Sending message 'ServiceRequestMessage' to server: 'SSH_MSG_SERVICE_REQUEST'.
[58F18FAF51CB594411FF44BAC65614DCB16511B943D23776CBADC8830A9B9B17] Received message 'ServiceAcceptMessage' from server: 'SSH_MSG_SERVICE_ACCEPT'.
[58F18FAF51CB594411FF44BAC65614DCB16511B943D23776CBADC8830A9B9B17] Sending message 'RequestMessageNone' to server: 'SSH_MSG_USERAUTH_REQUEST'.
[58F18FAF51CB594411FF44BAC65614DCB16511B943D23776CBADC8830A9B9B17] Received message 'FailureMessage' from server: 'SSH_MSG_USERAUTH_FAILURE'.
[58F18FAF51CB594411FF44BAC65614DCB16511B943D23776CBADC8830A9B9B17] Sending message 'RequestMessagePassword' to server: 'SSH_MSG_USERAUTH_REQUEST'.
[58F18FAF51CB594411FF44BAC65614DCB16511B943D23776CBADC8830A9B9B17] Received message 'SuccessMessage' from server: 'SSH_MSG_USERAUTH_SUCCESS'.
[58F18FAF51CB594411FF44BAC65614DCB16511B943D23776CBADC8830A9B9B17] Sending message 'ChannelOpenMessage' to server: 'SSH_MSG_CHANNEL_OPEN'.
[58F18FAF51CB594411FF44BAC65614DCB16511B943D23776CBADC8830A9B9B17] Received message 'ChannelOpenConfirmationMessage' from server: 'SSH_MSG_CHANNEL_OPEN_CONFIRMATION : #0'.
[58F18FAF51CB594411FF44BAC65614DCB16511B943D23776CBADC8830A9B9B17] Sending message 'ChannelRequestMessage' to server: 'SSH_MSG_CHANNEL_REQUEST : #0'.
[58F18FAF51CB594411FF44BAC65614DCB16511B943D23776CBADC8830A9B9B17] Received message 'ChannelSuccessMessage' from server: '**SSH_MSG_CHANNEL_SUCCESS** : #0'.
[58F18FAF51CB594411FF44BAC65614DCB16511B943D23776CBADC8830A9B9B17] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
[58F18FAF51CB594411FF44BAC65614DCB16511B943D23776CBADC8830A9B9B17] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
[58F18FAF51CB594411FF44BAC65614DCB16511B943D23776CBADC8830A9B9B17] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
[58F18FAF51CB594411FF44BAC65614DCB16511B943D23776CBADC8830A9B9B17] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
Disconnecting client.
[58F18FAF51CB594411FF44BAC65614DCB16511B943D23776CBADC8830A9B9B17] Sending message 'ChannelEofMessage' to server: 'SSH_MSG_CHANNEL_EOF : #0'.
[58F18FAF51CB594411FF44BAC65614DCB16511B943D23776CBADC8830A9B9B17] Sending message 'ChannelCloseMessage' to server: 'SSH_MSG_CHANNEL_CLOSE : #0'.
[58F18FAF51CB594411FF44BAC65614DCB16511B943D23776CBADC8830A9B9B17] Received message 'ChannelRequestMessage' from server: 'SSH_MSG_CHANNEL_REQUEST : #0'.
[58F18FAF51CB594411FF44BAC65614DCB16511B943D23776CBADC8830A9B9B17] Received message 'ChannelEofMessage' from server: 'SSH_MSG_CHANNEL_EOF : #0'.
[58F18FAF51CB594411FF44BAC65614DCB16511B943D23776CBADC8830A9B9B17] Received message 'ChannelCloseMessage' from server: 'SSH_MSG_CHANNEL_CLOSE : #0'.
[58F18FAF51CB594411FF44BAC65614DCB16511B943D23776CBADC8830A9B9B17] Disposing session.
[58F18FAF51CB594411FF44BAC65614DCB16511B943D23776CBADC8830A9B9B17] Disconnecting session.
[58F18FAF51CB594411FF44BAC65614DCB16511B943D23776CBADC8830A9B9B17] Sending message 'DisconnectMessage' to server: 'SSH_MSG_DISCONNECT'.
[58F18FAF51CB594411FF44BAC65614DCB16511B943D23776CBADC8830A9B9B17] Shutting down socket.
[58F18FAF51CB594411FF44BAC65614DCB16511B943D23776CBADC8830A9B9B17] Disposing socket.
[58F18FAF51CB594411FF44BAC65614DCB16511B943D23776CBADC8830A9B9B17] Disposed socket.

[Rob-Hague]

Maybe it uses a different client cipher by default. Could you add a log like the following? Key and IV are not necessary. Then we can know the client cipher in the different scenarios.

diff --git a/src/Renci.SshNet/Security/KeyExchange.cs b/src/Renci.SshNet/Security/KeyExchange.cs
index 5024941b..7460f870 100644
--- a/src/Renci.SshNet/Security/KeyExchange.cs
+++ b/src/Renci.SshNet/Security/KeyExchange.cs
@@ -210,6 +210,12 @@ namespace Renci.SshNet.Security
 
             clientKey = GenerateSessionKey(SharedKey, ExchangeHash, clientKey, _clientCipherInfo.KeySize / 8);
 
+            DiagnosticAbstraction.Log(string.Format("[{0}] Creating client cipher (Name:{1},Key:{2},IV:{3})",
+                                                    Session.ToHex(Session.SessionId),
+                                                    Session.ConnectionInfo.CurrentClientEncryption,
+                                                    Session.ToHex(clientKey),
+                                                    Session.ToHex(clientVector)));
+
             // Create client cipher
             return _clientCipherInfo.Cipher(clientKey, clientVector);
         }

And, just to rule it out, can you try the patch in #1217 (comment)? The relevant change there is the var paddingMultiplier line which changes serverCipher to clientCipher.

[Ger202020]

Client and server cipher seem to always be the same. Also tried #1217 (comment) but it made no difference.

Initiating connection to ...
Server version '2.0' on 'Authorized'.
[] Received message 'KeyExchangeInitMessage' from server: 'SSH_MSG_KEXINIT'.
[] Sending message 'KeyExchangeInitMessage' to server: 'SSH_MSG_KEXINIT'.
[] Sending message 'KeyExchangeEcdhInitMessage' to server: 'SSH_MSG_KEX_ECDH_INIT'.
[] Received message 'KeyExchangeEcdhReplyMessage' from server: 'SSH_MSG_KEX_ECDH_REPLY'.
[] Sending message 'NewKeysMessage' to server: 'SSH_MSG_NEWKEYS'.
[] Received message 'NewKeysMessage' from server: 'SSH_MSG_NEWKEYS'.
[D8D04B19B7A7DD72F0095103E1CCEA9E01DD670C55F13942640F3810CB189F73] Creating server cipher (Name:aes128-ctr,Key:B6FBF2EDA2EA35190FCE6CE245BFEA9FF648971F97AE773A77F9CB21182AA350,IV:87844A1D7EF0AE9A3D1018E5B318EC512210A754477834F77559A30316083BCC)
[D8D04B19B7A7DD72F0095103E1CCEA9E01DD670C55F13942640F3810CB189F73] Creating client cipher (Name:aes128-ctr,Key:B1C3295D37E561E9A41E0B2B1965283B097A47FCD12D101A4B9E150B1FB92065,IV:3A839A33A70CD322606B79E9AC9B12FCFCC601380D5C06FCE3321C9AB2917EA6)
[D8D04B19B7A7DD72F0095103E1CCEA9E01DD670C55F13942640F3810CB189F73] Sending message 'ServiceRequestMessage' to server: 'SSH_MSG_SERVICE_REQUEST'.
[D8D04B19B7A7DD72F0095103E1CCEA9E01DD670C55F13942640F3810CB189F73] Received message 'ServiceAcceptMessage' from server: 'SSH_MSG_SERVICE_ACCEPT'.
[D8D04B19B7A7DD72F0095103E1CCEA9E01DD670C55F13942640F3810CB189F73] Sending message 'RequestMessageNone' to server: 'SSH_MSG_USERAUTH_REQUEST'.
[D8D04B19B7A7DD72F0095103E1CCEA9E01DD670C55F13942640F3810CB189F73] Received message 'FailureMessage' from server: 'SSH_MSG_USERAUTH_FAILURE'.
[D8D04B19B7A7DD72F0095103E1CCEA9E01DD670C55F13942640F3810CB189F73] Sending message 'RequestMessagePassword' to server: 'SSH_MSG_USERAUTH_REQUEST'.
[D8D04B19B7A7DD72F0095103E1CCEA9E01DD670C55F13942640F3810CB189F73] Received message 'FailureMessage' from server: 'SSH_MSG_USERAUTH_FAILURE'.
Exception thrown: 'Renci.SshNet.Common.SshAuthenticationException' in Renci.SshNet.dll
[D8D04B19B7A7DD72F0095103E1CCEA9E01DD670C55F13942640F3810CB189F73] Disposing session.
[D8D04B19B7A7DD72F0095103E1CCEA9E01DD670C55F13942640F3810CB189F73] Disconnecting session.
[D8D04B19B7A7DD72F0095103E1CCEA9E01DD670C55F13942640F3810CB189F73] Shutting down socket.
[D8D04B19B7A7DD72F0095103E1CCEA9E01DD670C55F13942640F3810CB189F73] Disposing socket.
[D8D04B19B7A7DD72F0095103E1CCEA9E01DD670C55F13942640F3810CB189F73] Disposed socket.
Exception thrown: 'System.ObjectDisposedException' in System.dll
[D8D04B19B7A7DD72F0095103E1CCEA9E01DD670C55F13942640F3810CB189F73] Raised exception: Renci.SshNet.Common.SshConnectionException: An established connection was aborted by the server.
Exception thrown: 'Renci.SshNet.Common.SshAuthenticationException' in Renci.SshNet.dll
The thread 0x7cb0 has exited with code 0 (0x0).
An unhandled exception of type 'Renci.SshNet.Common.SshAuthenticationException' occurred in Renci.SshNet.dll
Permission denied (password).

With this code it works co.Encryptions.Remove(@"aes256-ctr");
Initiating connection to ...
Server version '2.0' on 'Authorized'.
[] Received message 'KeyExchangeInitMessage' from server: 'SSH_MSG_KEXINIT'.
[] Sending message 'KeyExchangeInitMessage' to server: 'SSH_MSG_KEXINIT'.
[] Sending message 'KeyExchangeEcdhInitMessage' to server: 'SSH_MSG_KEX_ECDH_INIT'.
[] Received message 'KeyExchangeEcdhReplyMessage' from server: 'SSH_MSG_KEX_ECDH_REPLY'.
[] Sending message 'NewKeysMessage' to server: 'SSH_MSG_NEWKEYS'.
[] Received message 'NewKeysMessage' from server: 'SSH_MSG_NEWKEYS'.
[3AF5ABB1C7CD01F0545CD2961C77DC0EFDFEB68BB2E4E759E0DA089440209223] Creating server cipher (Name:aes128-ctr,Key:EAD4FE09C2E7FA5E04B3640DAEE46939DEBBFC86CC306B8910478A5E9E4790D3,IV:05A87812D18B9A7A5C056A899E129AF4753D636A5DF8DD667DA29758CCA94CE4)
[3AF5ABB1C7CD01F0545CD2961C77DC0EFDFEB68BB2E4E759E0DA089440209223] Creating client cipher (Name:aes128-ctr,Key:4AA63F4DC8EAD9F00F36A41604F7159AA4101ADDB5EDA2E3D04CD3C0F996BAED,IV:C061356905C3CB4F569144E2790E6395C5173C8652D353495F62A789350913A6)
[3AF5ABB1C7CD01F0545CD2961C77DC0EFDFEB68BB2E4E759E0DA089440209223] Sending message 'ServiceRequestMessage' to server: 'SSH_MSG_SERVICE_REQUEST'.
[3AF5ABB1C7CD01F0545CD2961C77DC0EFDFEB68BB2E4E759E0DA089440209223] Received message 'ServiceAcceptMessage' from server: 'SSH_MSG_SERVICE_ACCEPT'.
[3AF5ABB1C7CD01F0545CD2961C77DC0EFDFEB68BB2E4E759E0DA089440209223] Sending message 'RequestMessageNone' to server: 'SSH_MSG_USERAUTH_REQUEST'.
[3AF5ABB1C7CD01F0545CD2961C77DC0EFDFEB68BB2E4E759E0DA089440209223] Received message 'FailureMessage' from server: 'SSH_MSG_USERAUTH_FAILURE'.
[3AF5ABB1C7CD01F0545CD2961C77DC0EFDFEB68BB2E4E759E0DA089440209223] Sending message 'RequestMessagePassword' to server: 'SSH_MSG_USERAUTH_REQUEST'.
[3AF5ABB1C7CD01F0545CD2961C77DC0EFDFEB68BB2E4E759E0DA089440209223] Received message 'SuccessMessage' from server: 'SSH_MSG_USERAUTH_SUCCESS'.
[3AF5ABB1C7CD01F0545CD2961C77DC0EFDFEB68BB2E4E759E0DA089440209223] Sending message 'ChannelOpenMessage' to server: 'SSH_MSG_CHANNEL_OPEN'.
[3AF5ABB1C7CD01F0545CD2961C77DC0EFDFEB68BB2E4E759E0DA089440209223] Received message 'ChannelOpenConfirmationMessage' from server: 'SSH_MSG_CHANNEL_OPEN_CONFIRMATION : #0'.
[3AF5ABB1C7CD01F0545CD2961C77DC0EFDFEB68BB2E4E759E0DA089440209223] Sending message 'ChannelRequestMessage' to server: 'SSH_MSG_CHANNEL_REQUEST : #0'.
[3AF5ABB1C7CD01F0545CD2961C77DC0EFDFEB68BB2E4E759E0DA089440209223] Received message 'ChannelSuccessMessage' from server: 'SSH_MSG_CHANNEL_SUCCESS : #0'.
[3AF5ABB1C7CD01F0545CD2961C77DC0EFDFEB68BB2E4E759E0DA089440209223] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
[3AF5ABB1C7CD01F0545CD2961C77DC0EFDFEB68BB2E4E759E0DA089440209223] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
[3AF5ABB1C7CD01F0545CD2961C77DC0EFDFEB68BB2E4E759E0DA089440209223] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
[3AF5ABB1C7CD01F0545CD2961C77DC0EFDFEB68BB2E4E759E0DA089440209223] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
Disconnecting client.
[3AF5ABB1C7CD01F0545CD2961C77DC0EFDFEB68BB2E4E759E0DA089440209223] Sending message 'ChannelEofMessage' to server: 'SSH_MSG_CHANNEL_EOF : #0'.
[3AF5ABB1C7CD01F0545CD2961C77DC0EFDFEB68BB2E4E759E0DA089440209223] Sending message 'ChannelCloseMessage' to server: 'SSH_MSG_CHANNEL_CLOSE : #0'.
[3AF5ABB1C7CD01F0545CD2961C77DC0EFDFEB68BB2E4E759E0DA089440209223] Received message 'ChannelRequestMessage' from server: 'SSH_MSG_CHANNEL_REQUEST : #0'.
[3AF5ABB1C7CD01F0545CD2961C77DC0EFDFEB68BB2E4E759E0DA089440209223] Received message 'ChannelEofMessage' from server: 'SSH_MSG_CHANNEL_EOF : #0'.
[3AF5ABB1C7CD01F0545CD2961C77DC0EFDFEB68BB2E4E759E0DA089440209223] Received message 'ChannelCloseMessage' from server: 'SSH_MSG_CHANNEL_CLOSE : #0'.
[3AF5ABB1C7CD01F0545CD2961C77DC0EFDFEB68BB2E4E759E0DA089440209223] Disposing session.
[3AF5ABB1C7CD01F0545CD2961C77DC0EFDFEB68BB2E4E759E0DA089440209223] Disconnecting session.
[3AF5ABB1C7CD01F0545CD2961C77DC0EFDFEB68BB2E4E759E0DA089440209223] Sending message 'DisconnectMessage' to server: 'SSH_MSG_DISCONNECT'.
[3AF5ABB1C7CD01F0545CD2961C77DC0EFDFEB68BB2E4E759E0DA089440209223] Shutting down socket.
[3AF5ABB1C7CD01F0545CD2961C77DC0EFDFEB68BB2E4E759E0DA089440209223] Disposing socket.
[3AF5ABB1C7CD01F0545CD2961C77DC0EFDFEB68BB2E4E759E0DA089440209223] Disposed socket.

[Rob-Hague]

Just for clarity, could you fill out this table?

ConnectionInfo	Client Cipher	Server Cipher	Success or error
Default			Error
Remove aes256-ctr			Success
Only aes128-ctr

[Ger202020]

ConnectionInfo	Client Cipher	Server Cipher	Success or error
Default	aes256-ctr	aes256-ctr	Error
Remove aes256-ctr	aes128-ctr	aes128-ctr	Success
Only aes128-ctr	aes128-ctr	aes128-ctr	Error

[Rob-Hague]

Ok so something else is going on. Next would probably be to establish which client+server hmac algorithms are being used, and then basically any difference between the scenarios in Session.SendMessage when the message is an instance of RequestMessagePassword (like the variables paddingMultiplier, packetData etc). Obviously you should not dump the packet data here for security but any findings you can summarise would be useful.

[Ger202020]

Hi Rob, would it be worth adding some extra logging into one of the branches and then I can retest it and send you back the results?

DiagnosticAbstraction.Log(...)

[Rob-Hague]

I guess something like this might help. We are looking for differences between the "Remove aes256-ctr" and "Only aes128-ctr" cases.

diff --git a/src/Renci.SshNet/Messages/Authentication/FailureMessage.cs b/src/Renci.SshNet/Messages/Authentication/FailureMessage.cs
index 61379600..cc7a2928 100644
--- a/src/Renci.SshNet/Messages/Authentication/FailureMessage.cs
+++ b/src/Renci.SshNet/Messages/Authentication/FailureMessage.cs
@@ -1,5 +1,7 @@
 using System;
 
+using Renci.SshNet.Abstractions;
+
 namespace Renci.SshNet.Messages.Authentication
 {
     /// <summary>
@@ -58,6 +60,7 @@ namespace Renci.SshNet.Messages.Authentication
 
         internal override void Process(Session session)
         {
+            DiagnosticAbstraction.Log($"{nameof(FailureMessage)} {nameof(PartialSuccess)} {PartialSuccess} \"{Message}\"");
             session.OnUserAuthenticationFailureReceived(this);
         }
     }
diff --git a/src/Renci.SshNet/Messages/Message.cs b/src/Renci.SshNet/Messages/Message.cs
index ebe3a2e7..856c9d1c 100644
--- a/src/Renci.SshNet/Messages/Message.cs
+++ b/src/Renci.SshNet/Messages/Message.cs
@@ -4,6 +4,7 @@ using System.IO;
 using Renci.SshNet.Abstractions;
 using Renci.SshNet.Common;
 using Renci.SshNet.Compression;
+using Renci.SshNet.Messages.Authentication;
 
 namespace Renci.SshNet.Messages
 {
@@ -121,6 +122,11 @@ namespace Renci.SshNet.Messages
 
                 var packetDataLength = GetPacketDataLength(messageLength, paddingLength);
 
+                if (GetType() == typeof(RequestMessagePassword))
+                {
+                    DiagnosticAbstraction.Log($"packetLength={packetLength} paddingMultipler={paddingMultiplier} paddingLength={paddingLength} packetDataLength={packetDataLength}");
+                }
+
                 // lets construct an SSH data stream of the exact size required
                 using (var sshDataStream = new SshDataStream(packetLength + paddingLength + outboundPacketSequenceSize))
                 {
@@ -141,7 +147,14 @@ namespace Renci.SshNet.Messages
                     CryptoAbstraction.GenerateRandom(paddingBytes);
                     sshDataStream.Write(paddingBytes, 0, paddingLength);
 
-                    return sshDataStream.ToArray();
+                    var bytes = sshDataStream.ToArray();
+
+                    if (GetType() == typeof(RequestMessagePassword))
+                    {
+                        DiagnosticAbstraction.Log($"bytes.Length={bytes.Length}");
+                    }
+
+                    return bytes;
                 }
             }
         }
diff --git a/src/Renci.SshNet/Renci.SshNet.csproj b/src/Renci.SshNet/Renci.SshNet.csproj
index 4ccf6c72..d89ddbe9 100644
--- a/src/Renci.SshNet/Renci.SshNet.csproj
+++ b/src/Renci.SshNet/Renci.SshNet.csproj
@@ -3,6 +3,7 @@
     <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
     <AssemblyName>Renci.SshNet</AssemblyName>
 	<TargetFrameworks>net462;netstandard2.0;netstandard2.1;net6.0;net7.0</TargetFrameworks>
+      <RunAnalyzers>false</RunAnalyzers>
   </PropertyGroup>
 
   <PropertyGroup Condition=" '$(TargetFramework)' == 'net462' ">
diff --git a/src/Renci.SshNet/Security/KeyExchange.cs b/src/Renci.SshNet/Security/KeyExchange.cs
index 5024941b..75ac7fec 100644
--- a/src/Renci.SshNet/Security/KeyExchange.cs
+++ b/src/Renci.SshNet/Security/KeyExchange.cs
@@ -210,6 +210,12 @@ namespace Renci.SshNet.Security
 
             clientKey = GenerateSessionKey(SharedKey, ExchangeHash, clientKey, _clientCipherInfo.KeySize / 8);
 
+            DiagnosticAbstraction.Log(string.Format("[{0}] Creating client cipher (Name:{1},Key:{2},IV:{3})",
+                                                    Session.ToHex(Session.SessionId),
+                                                    Session.ConnectionInfo.CurrentClientEncryption,
+                                                    Session.ToHex(clientKey),
+                                                    Session.ToHex(clientVector)));
+
             // Create client cipher
             return _clientCipherInfo.Cipher(clientKey, clientVector);
         }
@@ -230,6 +236,11 @@ namespace Renci.SshNet.Security
                                                Hash(GenerateSessionKey(SharedKey, ExchangeHash, 'F', sessionId)),
                                                _serverHashInfo.KeySize / 8);
 
+            DiagnosticAbstraction.Log(string.Format("[{0}] Creating server hmac (Name:{1},Key:{2})",
+                                                    Session.ToHex(Session.SessionId),
+                                                    Session.ConnectionInfo.CurrentServerHmacAlgorithm,
+                                                    Session.ToHex(serverKey)));
+
             return _serverHashInfo.HashAlgorithm(serverKey);
         }
 
@@ -249,6 +260,11 @@ namespace Renci.SshNet.Security
                                                Hash(GenerateSessionKey(SharedKey, ExchangeHash, 'E', sessionId)),
                                                _clientHashInfo.KeySize / 8);
 
+            DiagnosticAbstraction.Log(string.Format("[{0}] Creating client hmac (Name:{1},Key:{2})",
+                                                    Session.ToHex(Session.SessionId),
+                                                    Session.ConnectionInfo.CurrentClientHmacAlgorithm,
+                                                    Session.ToHex(clientKey)));
+
             return _clientHashInfo.HashAlgorithm(clientKey);
         }