AndFTP key exchange failure
Posted: Thu Dec 26, 2024 6:55 am
Hi,
I am having some trouble using public key auth.
It looks related to an earlier post, but it is over 2 years old so I am making a new one instead of commenting there: viewtopic.php?f=5&t=25763
Also, the RSA/SHA1 signature algorithm has been disabled by default as of OpenSSH 8.8:
https://www.openssh.com/txt/release-8.8
This post mentions that RSA/SHA-256 and RSA/SHA512 signatures are still supported, and that RSA keys should still work fine.
Various information is below:
AndFTP version: AndFTPPro 6.4
Android version: Android 13
OpenSSH server: OpenSSH_9.8p1, OpenSSL 3.3.1 4 Jun 2024
RSA key length: 4096 bits
Below are the combinations of SSH provider and RSA key file format I've tried.
In all cases, the logs are from connecting and inputting the SSH key passphrase once (the screen shows "Attempt 1"), then canceling the connection attempt instead of trying again on "Attempt 2".
Sorry for the long post.
SSH provider: "Secure (includes ED25519)"
RSA key file format: PEM
SSH server log:
AndFTP log:
SSH provider: "Default"
RSA key file format: PEM
SSH server log:
AndFTP log:
SSH provider: "Legacy"
RSA key file format: PEM
SSH server log:
AndFTP log:
SSH provider: "Secure (includes ED25519)"
RSA key file format: OpenSSH
SSH server log:
AndFTP log:
SSH provider: "Default"
RSA key file format: OpenSSH
SSH server log:
AndFTP log:
SSH provider: "Legacy"
RSA key file format: OpenSSH
SSH server log:
AndFTP log:
I am having some trouble using public key auth.
It looks related to an earlier post, but it is over 2 years old so I am making a new one instead of commenting there: viewtopic.php?f=5&t=25763
Also, the RSA/SHA1 signature algorithm has been disabled by default as of OpenSSH 8.8:
https://www.openssh.com/txt/release-8.8
This post mentions that RSA/SHA-256 and RSA/SHA512 signatures are still supported, and that RSA keys should still work fine.
Various information is below:
AndFTP version: AndFTPPro 6.4
Android version: Android 13
OpenSSH server: OpenSSH_9.8p1, OpenSSL 3.3.1 4 Jun 2024
RSA key length: 4096 bits
Below are the combinations of SSH provider and RSA key file format I've tried.
In all cases, the logs are from connecting and inputting the SSH key passphrase once (the screen shows "Attempt 1"), then canceling the connection attempt instead of trying again on "Attempt 2".
Sorry for the long post.
SSH provider: "Secure (includes ED25519)"
RSA key file format: PEM
SSH server log:
Code: Select all
userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
Code: Select all
CONNECT <server>
Exhausted available authentication methods c5.c: Problem getting public key from PKCS5KeyFile{resource=[e] /storage/emulated/0/Download/id_rsa.pem}
CONNECT <server>
Exhausted available authentication methods
DISCONNECT <server>
RSA key file format: PEM
SSH server log:
Code: Select all
Unable to negotiate with <ip> port 58764: no matching host key type found. Their offer: ssh-rsa,ssh-dss [preauth]
Unable to negotiate with <ip> port 33932: no matching host key type found. Their offer: ssh-rsa,ssh-dss [preauth]
Code: Select all
CONNECT <server>
There was a problem while connecting to <server>:22 java.io.IOException: Key exchange was not finished, connection is closed.
CONNECT <server>
There was a problem while connecting to <server>:22 java.io.IOException: Key exchange was not finished, connection is closed.
DISCONNECT <server>
RSA key file format: PEM
SSH server log:
Code: Select all
error: Received disconnect from <ip> port 37740:3: com.jcraft.jsch.e0: USERAUTH fail [preauth]
userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
error: Received disconnect from <ip> port 34582:3: com.jcraft.jsch.e0: Auth fail [preauth]
Code: Select all
CONNECT <server>
USERAUTH fail
CONNECT <server>
Auth fail
DISCONNECT <server>
RSA key file format: OpenSSH
SSH server log:
Code: Select all
userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
Code: Select all
CONNECT <server>
Exhausted available authentication methods c5.c: Problem getting public key from w2.a@98bd42c
CONNECT <server>
Exhausted available authentication methods
DISCONNECT <server>
RSA key file format: OpenSSH
SSH server log:
Code: Select all
Unable to negotiate with <ip> port 41330: no matching host key type found. Their offer: ssh-rsa,ssh-dss [preauth]
Unable to negotiate with <ip> port 54786: no matching host key type found. Their offer: ssh-rsa,ssh-dss [preauth]
Code: Select all
CONNECT <server>
There was a problem while connecting to <server>:22 java.io.IOException: Key exchange was not finished, connection is closed.
CONNECT <server>
There was a problem while connecting to <server>:22 java.io.IOException: Key exchange was not finished, connection is closed.
DISCONNECT <server>
RSA key file format: OpenSSH
SSH server log:
Code: Select all
<none>
Code: Select all
CONNECT <server>
invalid privatekey: [B@55ffab3
CONNECT <server>
invalid privatekey: [B@6abd369
DISCONNECT <server>