| View previous topic :: View next topic |
| Author |
Message |
Frautoincnam
Guru
Joined: 19 May 2017
Posts: 331
|
 Posted: Sun Dec 26, 2021 9:14 pm Post subject: openssh update and android app AndFTP SFTP broken |
 |
|
Hello,
Since I updated openssh on my linux server, from version 8.7_p1-r4 to version 8.8_p1-r4, I can no longer connect to it with the android application AndFTP in SFTP with my key ssh.
| Code: | | Dec 26 17:03:31 myserver sshd[4278]: Unable to negotiate with 192.168.5.226 port 52152: no matching host key type found. Their offer: ssh-rsa,ssh-dss [preauth] |
But I still manage to connect from all of my Linux PCs.
I understand that openssh has disabled things regarding SHA-1, but I don't see what I need to do to reestablish this connection.
Or is it AndFTP which is involved and I can't do anything?
Thanks in advance for your suggestions. |
|
| Back to top |
|
 |
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23062
|
| Posted: Sun Dec 26, 2021 9:31 pm Post subject: |
|
|
As I read the release notes, this is a server-side change which requires clients to do the right thing. Clients based on any even vaguely recent openssh will do the right thing, which is why your Linux PCs continue to work. AndFTP must be very old or based off a separate codebase that was never fixed. You may be able to configure the server to allow this legacy version, but you would be better off to either switch AndFTP to another key type or switch it to use the newer signature type. The openssh release notes hint at this: | https://www.openssh.com/releasenotes.html: | Incompatibility is more likely when connecting to older SSH
implementations that have not been upgraded or have not closely tracked
improvements in the SSH protocol. For these cases, it may be necessary
to selectively re-enable RSA/SHA1 to allow connection and/or user
authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms
options. For example, the following stanza in ~/.ssh/config will enable
RSA/SHA1 for host and user authentication for a single destination host:
Host old-host
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
We recommend enabling RSA/SHA1 only as a stopgap measure until legacy
implementations can be upgraded or reconfigured with another key type
(such as ECDSA or Ed25519). |
|
|
| Back to top |
|
|
Frautoincnam
Guru
Joined: 19 May 2017
Posts: 331
|
| Posted: Sun Dec 26, 2021 9:37 pm Post subject: |
|
|
So that's what I feared, that AndFTP would be totally involved. And since I can't find anything in its settings to change anything.
Its last version dates from 03/30/2021.
I have written to the indicated developer, but have little hope of getting a reaction.
I'll have to find another SFTP client. I liked this one.
Thank you for your help.
We will see if someone brings additional information that can help me. |
|
| Back to top |
|
|
sam_
Developer
Joined: 14 Aug 2020
Posts: 2113
|
| Posted: Sun Dec 26, 2021 10:33 pm Post subject: |
|
|
| See this news item. Make sure you're reading your news. |
|
| Back to top |
|
|
Frautoincnam
Guru
Joined: 19 May 2017
Posts: 331
|
| Posted: Mon Dec 27, 2021 2:10 am Post subject: |
|
|
Yes, that's what we were talking about. I do not see what it brings more since this configuration is not applicable to AndFTP, it seems to me.
Did you read my original post? |
|
| Back to top |
|
|
sam_
Developer
Joined: 14 Aug 2020
Posts: 2113
|
| Posted: Mon Dec 27, 2021 2:28 am Post subject: |
|
|
| Frautoincnam wrote: | Yes, that's what we were talking about. I do not see what it brings more since this configuration is not applicable to AndFTP, it seems to me.
Did you read my original post? |
yes, I did read your original post. I did not see any mention of the news item or which config options you tried.
It seems to me like this in /etc/ssh/sshd_config would help?
| Quote: |
PubkeyAcceptedAlgorithms +ssh-rsa
|
|
|
| Back to top |
|
|
figueroa
Advocate
Joined: 14 Aug 2005
Posts: 3007
Location: Edge of marsh USA
|
| Posted: Mon Dec 27, 2021 4:31 am Post subject: |
|
|
I'm a long time paid AndFTP user. I confirmed it's no longer working with my OpenSSH 8.8 servers. There is nothing to configure. I've emailed the developers. I use username and password to connect within my LAN.
For other Android users, TurboClient (genuinely free and no adds) continues to work great and comes with a bonus text editor which is quite satisfactory. Also, ConnectBot (Android) continues to work fine for shell session.
Edit - ADDED: I did try adding each of the following in-turn:
| Code: | #HostkeyAlgorithms +ssh-rsa
#HostkeyAlgorithms +ssh-ecdsa
#HostkeyAlgorithms +ssh-ed25519 |
+ssh-rsa allowed AndFTP to work, but no effect with the others. But, afterwards I disabled +ssh-rsa because I don't want to use it.
_________________
Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi |
|
| Back to top |
|
|
freke
Veteran
Joined: 23 Jan 2003
Posts: 1050
Location: Somewhere in Denmark
|
| Posted: Mon Dec 27, 2021 7:22 am Post subject: |
|
|
I just got hit by this on/from Windows (PuTTY)
haven't checked yet if I can configure PuTTY to behave.... I 'just' used the quickfix/workaround 
| sam_ wrote: | | Frautoincnam wrote: | Yes, that's what we were talking about. I do not see what it brings more since this configuration is not applicable to AndFTP, it seems to me.
Did you read my original post? |
yes, I did read your original post. I did not see any mention of the news item or which config options you tried.
It seems to me like this in /etc/ssh/sshd_config would help?
| Quote: |
PubkeyAcceptedAlgorithms +ssh-rsa
|
|
|
|
| Back to top |
|
|
hdcg
Tux's lil' helper
Joined: 07 Apr 2013
Posts: 121
|
|
| Back to top |
|
|
freke
Veteran
Joined: 23 Jan 2003
Posts: 1050
Location: Somewhere in Denmark
|
| Posted: Tue Dec 28, 2021 9:38 am Post subject: |
|
|
Thx - hadn't checked (can't remember when I last checked for a new PuTTY  ) |
|
| Back to top |
|
|
|
Networking & Security
