Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NppFTP can no longer connect to hosts that only support ssh-rsa. OpenSSH can connect. #348

Open
Ben-Voris opened this issue Oct 31, 2022 · 12 comments
Open

NppFTP can no longer connect to hosts that only support ssh-rsa. OpenSSH can connect. #348

Ben-Voris opened this issue Oct 31, 2022 · 12 comments

Comments

@Ben-Voris
Copy link

Ben-Voris commented Oct 31, 2022
edited
Loading

Description of the Issue

Cannot connect to a sftp server that offers only ssh-rsa.

OpenSSH can connect to such a host.

Steps to Reproduce the Issue

  1. Connect to a sftp host that offers only ssh-rsa for private key
  2. Note the error

Expected Behavior

sftp plugin should honor the ssh config file. This allows allows one to configure

Actual Behavior

Connection is rejected.

NppFTP Output

[SFTP] Connection failed : kex error : no match for method server host key algo: server [ssh-rsa], client [rsa-sha2-512,rsa-sha2-256,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256]

Debug Information

Notepad++ v8.4.6   (64-bit)
Build time : Sep 25 2022 - 19:51:39
Path : C:\Program Files\Notepad++\notepad++.exe
Command Line : 
Admin mode : OFF
Local Conf mode : OFF
Cloud Config : OFF
OS Name : Windows 10 Enterprise (64-bit) 
OS Version : 20H2
OS Build : 19042.2006
Current ANSI codepage : 1252
Plugins : 
    ComparePlugin (2.0.2)
    DSpellCheck (1.4.24)
    JsonTools (3.2)
    MarkdownViewerPlusPlus (0.8.2)
    mimeTools (2.8)
    NppConverter (4.4)
    NppExec (0.8.2)
    NppExport (0.4)
    NppFTP (0.29.10)
    NppGist (1.5.1.35)
    NppSaveAsAdmin (1.0.211)
    XMLTools (3.1.1.13)
    zoomdisabler_x64 (1.2)
    _CustomizeToolbar (5.3)

NppFTPversion: 0.29.10 Unicode with libssh version 0.10.0

Cygwin and Ubuntu sftp work with a host like this because they honor the ~/.ssh/config file which, for a host like this, contains

Host host-name
	HostKeyAlgorithms +ssh-rsa
	PubkeyAcceptedKeyTypes +ssh-rsa

For example:

sftp -v user@host
OpenSSH_8.2p1 Ubuntu-4ubuntu0.5, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /home/user/.ssh/config
...
debug1: Authenticating to host:22 as 'user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-rsa
...
debug1: Offering public key: /home/user/.ssh/id_rsa RSA SHA256:/wbB/...
debug1: Server accepts key: /home/user/.ssh/id_rsa RSA SHA256:/wbB/...
debug1: Authentication succeeded (publickey).
@Ben-Voris
Copy link
Author

Ben-Voris commented Oct 31, 2022
edited
Loading

"About NppFTP" reports a libssh version. But the version number makes me wonder if NppFTP uses libssh2, not libssh. The two are completely different.

If NppFTP uses libssh2, please change "About NppFTP" to reflect that.

libssh offers ssh_options_parse_config().

For libssh2, this might be interesting libssh2 APIs to configure different algorithms

@chcg
Copy link
Collaborator

chcg commented Nov 1, 2022

See https://github.com/ashkulz/NppFTP/blob/master/build_3rdparty.py#L91 on usage of libssh.

Could you please check if https://github.com/ashkulz/NppFTP/releases/tag/v0.29.11 fixes your problem.

If this is not the case, see

https://www.libssh.org/2022/08/26/libssh-0-10-0/

for RSA there are some changes:

  • Added support for limiting RSA key sizes and not accepting small one by default

Maybe the problem arises from that. In this case it would be helpful to known if the plugin version v0.29.9 before the change to libssh 0.10.x is still working.

@Ben-Voris
Copy link
Author

I overwrite the contents of "%ProgramFiles%\Notepad++\plugins\NppFTP" with the files from https://github.com/ashkulz/NppFTP/releases/download/v0.29.11/NppFTP-x86.zip. After doing that, "About NppFTP" shows "0.29.11 Unicode".

This release does not revolve the problem.

The keys I must use are in a format that later OpenSSH releases do not accept by default. This is why I have the entries in ~/.ssh/config that I show above.

Since you are using libssh, ssh_options_parse_config() appears to be an option.

https://github.com/ashkulz/NppFTP/releases/tag/v0.27.6 works with the keys I have.

@Ben-Voris
Copy link
Author

Also, see #34

@Parsnip
Copy link

Parsnip commented Nov 21, 2022

Seems I have the same issue over here, and rolling back to v0.29.9 fixed it.

@iwl
Copy link

iwl commented Dec 2, 2022
edited
Loading

I can't connect with dsa either, same key which worked all the time and still works with cygwin where it's from.
So I fiddled with some rsa type and the keys from linux sub system, nothing works....
https://github.com/ashkulz/NppFTP/releases/tag/v0.29.9 works for me also

@sargearmstrong
Copy link

I confirm (without having tested other versions) that this issue is not present in version 0.30.12 unicode. Discovered by accident so thought I'd share. Thanks.

@Parsnip
Copy link

Parsnip commented Dec 22, 2022

I confirm (without having tested other versions) that this issue is not present in version 0.30.12 unicode. Discovered by accident so thought I'd share. Thanks.

I'd guess that's expected since that version is still using the older libssh version.

Currently the last versions not experiencing this issue are v0.29.9 and pre-release v0.30.13.

@chcg chcg mentioned this issue Jan 10, 2023
Open
@TikursewMe
Copy link

I can't connect with dsa either, same key which worked all the time and still works with cygwin where it's from. So I fiddled with some rsa type and the keys from linux sub system, nothing works.... https://github.com/ashkulz/NppFTP/releases/tag/v0.29.9 works for me also

Thanks this worked for me as well. something wrong with the latest version

@chcg
Copy link
Collaborator

chcg commented Jul 12, 2023

See https://stackoverflow.com/questions/76572797/libssh-public-key-authentication-failed-the-key-algorithm-ssh-rsa-is-not-all . ssh-rsa seems to be using insecure sha1 and therefore likely disabled by libssh:

ssh-rsa is deprecated for a reason though, because it uses the insecure SHA-1 hash algorithm. If you need to connect to an old system that runs an OpenSSL version before 7.2 (when the rsa-sha2-* algorithms were introduced), then ssh-rsa is the only way you can do public key authentication against such a system, so you kind of have not much of a choice.

@Ben-Voris
Copy link
Author

Ben-Voris commented Jul 12, 2023 via email

@chcg chcg mentioned this issue Sep 5, 2023
Closed
@chcg chcg mentioned this issue Dec 20, 2023
Closed
@vrubleg
Copy link

vrubleg commented Mar 1, 2024

Had the same issue on NppFTP v1.29.13, had to roll back to v0.29.9. Thanks for the suggestion.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@iwl @vrubleg @sargearmstrong @Parsnip @chcg @Ben-Voris @TikursewMe