Unable to connect via SFTP

Posts: 8 · woot 9 Aug 2020, 06:42

FFS version 11.0 [Donation Edition]. Authenticating via the agent, excerpt from the sshd_config:

Protocol 2

AddressFamily inet

Compression delayed

KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256

Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com

MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com

PubkeyAuthentication yes

HostbasedAuthentication no

PasswordAuthentication no

PermitEmptyPasswords no

ChallengeResponseAuthentication no

KerberosAuthentication no

GSSAPIAuthentication no

IgnoreRhosts yes

GatewayPorts no

AllowTcpForwarding no

X11Forwarding no

UsePAM no

Subsystem sftp internal-sftp

Error returned:

Cannot find the following folders:



sftp://XXX.XXX.XXX.XXX

___________________________________________



Cannot read file attributes of "sftp://XXX.XXX.XXX.XXX".

LIBSSH2_ERROR_KEX_FAILURE: Unable to exchange encryption keys [libssh2_session_handshake]

Please update libssh2 so it can be used with the modern cypher-set.

Posts: 7051 · Zenju 9 Aug 2020, 08:13

libssh2 feature requests need to be reported here: https://github.com/libssh2/libssh2/issues

Posts: 7051 · Zenju 9 Aug 2020, 08:16

Looks like such a request already exists: https://github.com/libssh2/libssh2/issues/457

Posts: 8 · woot 9 Aug 2020, 09:45

Are you building against v1.9? Might be worth updating.

Looking at its changelog:

     adds ECDSA keys and host key support when using OpenSSL

     adds ED25519 key and host key support when using OpenSSL 1.1.1 

     adds explicit zeroing of sensitive data in memory

     adds additional bounds checks to network buffer reads 

     fixed a small memory leak during the key exchange process

     fixed a possible memory leak of the ssh banner string

     fixed various small memory leaks in the backends

     fixed possible out of bounds read when parsing public keys from the server

     fixed possible out of bounds read when parsing invalid PEM files

Posts: 7051 · Zenju 9 Aug 2020, 09:57

Are you building against v1.9? woot, 09 Aug 2020, 09:45

Yes.

Posts: 8 · woot 9 Aug 2020, 10:09

Are you building against v1.9? woot, 09 Aug 2020, 09:45
Yes. Zenju, 09 Aug 2020, 09:57

OK, waiting for v2.0 then...

Posts: 8 · woot 23 Sep 2020, 23:12

https://github.com/libssh2/libssh2/pull/468 was merged into the master branch. Pending release...