-
-
Notifications
You must be signed in to change notification settings - Fork 290
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v8.2.0 breaks SFTP connection with RSA private key #12733
Comments
Also reported in #12720. |
Tried with 2048 and 4096 bits RSA keys but was unable to reproduce the issue. Can you please post a debug log from an authentication attempt? Refer to https://docs.cyberduck.io/cyberduck/support/?highlight=debug#logging-output |
Here's the log. I've changed the original hostname. Everything else was left untouched. |
Relevant login attempts using different authentication methods.
It shows the server is not accepting the key |
I'm using the exact same key with version 8.1.2 and it's working fine. |
Thanks @mariolopes. Can you please share the fingerprint of your private key? That would give me information about the type and size of the key.
|
Weird. It says it's not a key file. Anyway, here's the fingerprint that's on the file header. I thought it was an RSA key but I was wrong. It's a AES-128 key.
|
Same issue, AES256 here though. Downgraded back to 8.0.0, works flawlessly. |
@mariolopes You have an RSA private key encrypted with AES-128-CBC. Tried with an encrypted private key too but was still able to properly connect. Also tried to restrict the used algorithms on the server side to the ones I see in your log. Still no luck but I suspect that the change of the signature algorithm priority in the sshj library could be the reason. Refer to iterate-ch/sshj@624747c Can you please try to connect in debug mode from the command line and post the output? That would let me see the supported algorithms of your server and if we choose an unsupported one.
I'm especially interested in the following two lines:
|
Here you go:
By the way, I have two VPS machines running Ubuntu Focal and we're using an scp wrapper for Python (paramiko). In one of the machines I'm still able to connect. In the other I get the same error (Authentication failed) as with Cyberduck 8.2.0. They're running the exact same versions of openssh-client. |
@mariolopes What version of Paramiko are you running? You might hit paramiko/paramiko#1955. It would be helpful to post the output as shown in the issue above when trying to connect with Cyberduck 8.2.0. |
Weird. In the VPS that's still connecting to the SFTP server we're running Paramiko 2.8.1 (older Docker image). In the version that's not connecting, it was upgraded to 2.9.1. There must have been some recent change in the ssh that's breaking the authentication with older SFTP servers. |
For me it looks like paramiko/paramiko#1955 is partially fixed only, i.e. for |
Another thing I have noticed from your initial Cyberduck log file provided is that you run GoAnywhere 6.0.1 but your debug2 output shows |
Here it goes:
|
That's weird. Anyway, the server is not managed by us. I'll contact the host and let him know that. Thanks. |
I have the same problem here, Cyberduck Version 8.1.1 connects to a CentOS 6 server via SSH just fine, but Cyberduck 8.2.0 fails to connect and |
@tdmayden Any chance to also post the two
|
@ylangisc there are two lines of each in that output, all pasted here:
and
|
Can you please confirm that the latest snapshot version fixes the issue? |
@ylangisc i would be happy to do that, how do i go about getting a snapshot version? |
You need to switch to the Snapshot feed in the Preferences and then update. Also refer to https://docs.cyberduck.io/cyberduck/preferences/#update. |
@ylangisc thanks so much - i can confirm that with 8.2.1 via snapshot feed, i can now connect to the machines that i previously could not connect to. thanks so much! 👍 |
Thanks for confirming. A new release will be available next week. |
Even though my issue #12720 was closed without resolution, I can confirm that this snapshot build works for my case too. Thanks! |
It also works for me! Thank you very much, @ylangisc. What was the issue, by the way? What's the commit hash that fixes this? |
This was resolved upstream with iterate-ch/sshj@f1928dd |
I've been using Cyberduck for a while for connecting to an SFTP server (GoAnywhere MFT SFTP Server). Since I upgraded to version 8.2.0 I'm unable to authenticate using an RSA private key file. Downgrading to v8.1.1 fixes it.
The text was updated successfully, but these errors were encountered: