Getting the Brother ADS-1700W Scanner to work

  • 15th Jul 2024
    •  • 
  • 2 min read

I have a paperless-ngx instance for my bureaucracy documents and other documents I want to keep and find again. Importing documents is easy for the ones I get already digital as PDF or similar. But the documents which I get in paper-form need to get digitalized

Weird bugs with E-Mail delivery

Passwords with Special-Characters do not work (weird SASL-Auth Error in Postfix-Logs) - tested with dashes, after it worked I didn't investigate further. When I got the authentication eventually to work, I stumbled across a weird behavior regarding the sent mails.

If I configured the scanner to use port 465 and do explicit TLS (Setting SSL in the Web-UI) mails in Apple-Mail display without sender address (normally the From-Header). When I changed the configuration to use port 587 and do implicit TLS (aka STARTTLS, Setting TLS in the Web-UI) the mails show a sender address in Apple-Mail. Weird multipart-behavior...

I have absolutely no idea how you can code your software to behave that way.

The tale of SFTP

Default Debian 12 (bookworm) sshd_config prevents the SFTP upload function from working. Following additions to the sshd_config were necessary to make SFTP work:

HostKeyAlgorithms +ssh-rsa
KexAlgorithms +diffie-hellman-group14-sha1
Subsystem sftp internal-sftp

For the "Server Public Key" configuration on the ADS-1700W scanner the file /etc/ssh/ssh_host_rsa_key.pub from the SFTP server is needed. The ed25519 and ecdsa files don't work.

With the line

PubkeyAcceptedAlgorithms +ssh-rsa

added to the sshd_config, the RSA-2048 bit keys generated by the scanner do also work.

The scanner does not create the upload directories if they don't exist. So they have be created beforehand manually.

I created some ansible code for my paperless-ngx server to auto-deploy an upload-only, chrooted sftp server which can be found in my ansible-repository.

Wishlist for future Updates

If Brother would ask me what I would improve in a new firmware release my answer would be:

  • "modern" Cryptography support
    • eliptic curves, or at least RSA with 4096 bit
    • modern SSH-Key-Exchange Algorithms

Resources I found, during researching these issues, which helped me.

  • https://cweiske.de/tagebuch/brother-ads1700w-sftp.htm
  • https://blog.sengotta.net/brother-ads-1700w-keine-sftp-verbindung-zu-aktuellen-linux-distributionen/