kio_sftp can't connect to hosts after OpenSSH 6 has cached their ECDSA key
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | kde-runtime (Ubuntu) |
Undecided
|
Unassigned | ||
Bug Description
This seems to be the KDE bug 270322 - https:/
Ubuntu 15.04 ships libssh 0.6.3, but we still have the behavior that using Dolphin to access SFTP URLs, after using OpenSSH to cache the host's ECDSA key result in "The host key for this server was not found, but another type of key exists." error and inability to connect.
The workaround details in the KDE bug works, so it seems like the same problem.
| Alvin (alvind) wrote : | #2 |
I remember that upstream bug. No, this should be a new one. That bug was fixed.
Now, sftp://
The host key for this server was not found, but another type of key exists. An attacker might change the default server key to confuse your client into thinking the key does not exists. Please contact your system administrator.
| Oded Arbel (oded-geek) wrote : | #3 |
This looks like the same behavior to me, as well as the same workaround works for this one as well.
| Nick B. (futurepilot) wrote : | #4 |
I don't understand this. This is supposed to be solved in libssh 0.6.0 but Ubuntu still has this bug with 0.6.3? That makes no sense. This is annoying because now I have two keys in known_hosts ECDSA and RSA and openssh complains about mismatching keys
Warning: the ECDSA host key for 'host' differs from the key for the IP address '[x.x.x.x]:22'
| Adam Lyall (magicmyth) wrote : | #5 |
I agree with Alvin. That old KDE bug (ECDSA and libssh) affected me for a long time but as soon as Kubuntu got libssh 0.6 (Saucy I think?) it was resolved. I'm running the same system that has simply been upgraded (not reset) and this behaviour has recently come back. I'm not sure if it was there on the shipped Plasma 5.2 as I did not test sftp until I installed the backports of 5.3. Has this affected other distributions with KDE 5 tech (OpenSuse?). If so maybe its time for an upstream bug report.
Is there a way to get more verbose information of what Dolphin is doing from the command line?
| Adam Lyall (magicmyth) wrote : | #6 |
Just found this upstream bug report:
https:/
Seems it may be resolved in libssh 0.6.5 according to that report. Is there any chance we could get an updated version to test?
| Adam Lyall (magicmyth) wrote : | #7 |
I was able to build updated deb packages of libssh 0.6.5 but the problem still persists for me. I thought it would have fixed the issue as 0.6.4's changelog mentions a few ECDSA changes. Just to make sure I "ssh-keygen -R HOST_WITH_ECDSA", accessed the host via SFTP in Dolphin which worked, "ssh-keygen -R HOST_WITH_ECDSA" again, access the host via ssh (which pulled in the ECDSA key), and then accessed via Dolphin's SFTP again which failed. Any host of mine that does not use ECDSA works fine so it does seem limited to ECDSA host keys.
Note that Ed25519 keys will fail as well as that requires libssh 0.7.0.
| aslam karachiwala (akwala) wrote : | #8 |
I started with a fresh ~/.ssh/known_hosts and first tried connecting to a a remote machine using SFTP in Dolphin. The record this wrote to ~/.ssh/known_hosts begins with "[hostname]:port ssh-rsa". Apparently, SFTP in Kubuntu 15.04 does not handle ECDSA keys, which are what SSH creates by default. However, SSH does seem to handle RSA keys, I was able to connect to the remote machine with the key.
The workaround is to first connect using SFTP to any remote machine if you need to connect to it using both SSH and SFTP.
Incidentally, I did build and install libssh from the latest source (v. 0.7.1), which made no difference. The libssh.org site (https:/
More on this bug here: https:/
Status changed to 'Confirmed' because the bug affects multiple users.