New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
failure to connect #698
Comments
I'm having the same issue. Android v8, connect bot 1.9.5. |
Same issue. Android v9, Connect bot 1.9.5 |
A temporary workaround is to use a different type, such as ed25519 |
I tried ed25519 and still get the error |
I've not yet done comprehensive testing of all possible configurations. But it's definitely working for me. /etc/ssh/sshd_config
Remember to run EDIT Okay I did another test now.
Also works, in the case where perhaps you want to connect from connectbot with ed25519 and also from a proper linux ssh client with RSA. EDIT2 |
The above worked. Thanks @softwarecreations To sum up what you did and how I implemented it:
|
Any update on this issue? Thanks. |
Thanks a lot @ridobe. Works like a charm. |
The SteelCloud security package that was implemented on my servers uses up to three factor authentication. In this case you can easily use the "ed25519 key". Contact us: contato@steelcloud.com.br |
Happens here too on pixel2 with Android 10 |
I used this as a workaround and it worked well: hwsecurity-sdk#17 (comment) |
Suggesting people use ed25519 keys over RSA keys is not a solution here. There is a very good reason everybody uses RSA for sshd. I also went with the termbot suggestion. Works great. Thanks for that, @ridobe. |
This should be fixed by 90f7894 because the newer sshlib contains this commit: connectbot/sshlib@e6a49c5 |
@AlexanderS I just tested ConnectBot-git-v1.9.7-7-g5a317a6e-google.apk which seemed to be the latest prerelease hoping that this would make ConnectBot usable again. Unfortunately I'm still SOL due to Key exchange failure with the Unknown hostkey type rsa-sha2-512. Is there something else needed to be able to use this hostkey type? Other file size, I'm still missing the difference between the oss vs. google builds. I suspect this is because the latest 1.9.7 contains sshlib 2.2.13 but 2.2.14 is needed for things to work properly. Any chance someone can post a build of connectbot using sshlib 2.2.14 which may have my issue fixed? |
@rhardy613 could you give some information about the server you're connecting to? Linux distribution, OpenSSH server version, any special changes to |
The problem seems to present itself with old systems or ssh servers with minimal support. Looking through other tickets I found a few other instances with I suspect the same problem. connectbot is working with recent systems but not systems which do not support the latest hostkeys. Ubuntu 16.04, Openssh 1:7.2p2-4ubuntu2.10. The servers support only these host key types: rsa-sha2-256,rsa-sha2-512. Oddly it started working once I upped the verbosity of the openssh server from a default INFO to VERBOSE to try to debug getting connectbot to connect today. I realize this make for the worst kind of problem report... |
@kruton I noticed the same issue when trying to connect to a QNAP NAS. Neither ConnectBot 1.9.6 from the Play Store nor Termbot (like suggested above) work on Android 8.1. I can post some interesting things, however, maybe they can be helpful to troubleshoot. SettingsThe QNAP NAS has its own SSH server (a customized version) running on port 22:
However this instance doesn't output debug data, so I launched another instance on port 52221 (internal), then I mapped with port forwarding on my router the 52221 LAN into 52201 WAN (external). I've created 3 different connections in ConnectBot: Attempt 1: external IP on debug serverI've tried using the 3rd connection, the one that tries on the public IP, and this is the result: At the same time, the debug on the server says (I've masked the keys):
As you can see, it's the client (ConnectBot) that disconnects and the connection is coming from the router (192.168.0.1). If I use Putty on the PC it works; on Android, Termbot DOES NOT work (same error than ConnectBot), while JuiceSSH and Termux WORK after asking about the fingerprint of the host key. Attempt 2: internal IP on debug serverI've tried then the 2nd connection, with the smartphone connected with Wi-Fi to the LAN and requesting a connection on internal port 52221... same issue: The server log is exactly the same, apart those 2 lines:
Attempt 3: internal IP on main serverThen the first of the three connections above: this one connects to the internal IP on port 22, i.e. the QNAP SSH server. I cannot provide debug, because as I already said, this instance cannot be debugged. Attempt 4: port forwarding local 22 to WAN 52201Finally I've tried to forward the local 22 to WAN outside port 52201 and this is NOT working: But again, Putty, JuiceSSH and Termux still work when ConnectBot and TermBot are failing. ConclusionsI suspect that the problem is related with the port number, because when using port 22 ConnectBot is connecting while any other port number doesn't work. But probably, as TermBot is failing too, this may be something on the SSH connecting library? However, I must say, I'm connecting succesfully to another very old NAS with ConnectBot on a port different from 22, but it's using |
To add to my previous post, this is the
EDIT: Also tried with |
I tried to install Android Studio on a VM to debug and inspect why also the latest git version of ConnectBot it's failing.
I'm attaching a screenshot of the failing line here:
Probably this is the wrong location because the rawFingerPrint function is not called and the exception raises. Unfortunately I'm not skilled enough to patch the library (neither to use Android Studio correctly) so I hope @kruton can fix this ASAP. |
You are right. This should fix the issue: diff --git a/src/main/java/com/trilead/ssh2/KnownHosts.java b/src/main/java/com/trilead/ssh2/KnownHosts.java
index aa56015..01876cf 100644
--- a/src/main/java/com/trilead/ssh2/KnownHosts.java
+++ b/src/main/java/com/trilead/ssh2/KnownHosts.java
@@ -101,7 +101,7 @@ public class KnownHosts
if (hostnames == null)
throw new IllegalArgumentException("hostnames may not be null");
- if ("ssh-rsa".equals(serverHostKeyAlgorithm))
+ if ("ssh-rsa".equals(serverHostKeyAlgorithm) || serverHostKeyAlgorithm.startsWith("rsa-sha2-"))
{
RSAPublicKey rpk = RSASHA1Verify.decodeSSHRSAPublicKey(serverHostKey);
@@ -597,7 +597,7 @@ public class KnownHosts
{
PublicKey remoteKey = null;
- if ("ssh-rsa".equals(serverHostKeyAlgorithm))
+ if ("ssh-rsa".equals(serverHostKeyAlgorithm) || serverHostKeyAlgorithm.startsWith("rsa-sha2-"))
{
remoteKey = RSASHA1Verify.decodeSSHRSAPublicKey(serverHostKey);
} I will create a pull request for the sshlib. |
I hope a new release will be published soon, to be able to connect to my problematic host again! |
I have the same issue. |
@sppmasterspp The library has been fixed. We just have to wait until they will integrate the new version into a ConnectBot commit and publish a new release... |
Thank you. |
The issue occurs when connectbot do not have an entry for the host in the KnownHosts "file". So you can login as long as the key is already cached for the hostname or ip address. |
Is there a way to fix this or we should wait for the updated app. I cannot find the ConnectBot folder on my Android device. |
@kruton Thanks for fixing this bug in the latest release. I can connect normally again. |
Thanks for the update. This was fixed with #850 |
@kruton Sorry for bumping the thread again. Thanks for the fix, but the latest available version on F-droid is 1.2 years old (checked Google Store... same thing). Are there any daily builds available? I currently can't build it myself. |
You can download the APK from the Releases section here, on GitHub: But I agree with you, the version on the Play Store (and F-Droid) should be updated as well, because if someone doesn't know he can go here it simply uninstall the application thinking it doesn't work (and it doesn't, in fact, because it cannot connect to the server). |
@kruton I told him to install the APK from the Releases section of GitHub, and after updating the installed app of course it worked! So I'm asking: why the Play Store version of ConnectBot is still not updated and has issues? On the web page I see the last update is 12th November 2019, so that's certainly the reason. I don't have any problem installing an APK, but I know how to do it... other people simply think ConnectBot doesn't work (and actually it does not!) and switch to another app. Isn't that a bad advertisement for ConnectBot? |
Yeah, still a problem with play store version. |
Yes,Play Store version is not working in my case. I just installed TermBot from the F-Droid store. |
Will there be a new release for Play Store ? |
I'll release a new version today.
|
The problem still persists on the Play Store version. |
Hi,
I use connectbot for a long time, but recently, i have reinstall another android rom on my phone and I can't connected again to my server ...
my computer can connect to my server with ssh command again but connectbot on my phone don't want.
When I tap to connect to my server I have this message :
connection lost
key exchange was not finished, connection is closed.
the server hostkey was not accepted by the verifier callback
unknown key type rsa-sha2-512
My phone is nexus 6 with e rom and connectbot version is the last version on fdroid.
My server work with debian stretch and official ssh version in official repository with default config
Before I reinstall android on my phone, connectbot worked like a charm on lineageos
thank you for your help
The text was updated successfully, but these errors were encountered: