New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSH Host Key check fails #78

Closed
jakob opened this Issue Sep 23, 2015 · 7 comments

Comments

Projects
None yet
6 participants
@jakob
Owner

jakob commented Sep 23, 2015

There is a bug in Postico 0.26 that can cause the SSH host key check to fail for users on OS X 10.11 (El Capitan). If you are affected, you'll see an error message like the following:

Failed to connect to the SSH server because the key in the known_hosts file doesn't match.

The new version of SSH on OS X 10.11 supports elliptic curve cryptography, but libssh2 (which Postico uses) does not. So when your ~/.ssh/known_hosts contains an elliptic curve host key, Postico tries to match it against an RSA host key, which fails.

I'm working on a fix, but in the mean time, you can use this work around:

  1. Delete the elliptic curve host key from known_hosts
  2. Connect to the problematic SSH server using the following command:
    ssh -o HostKeyAlgorithms=ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss ssh.example.com
  3. When prompted, check the host key and confirm to add it to your known_hosts file

Once an RSA host key is in your known_hosts file, everything should work as expected.

@jakob jakob added bug started labels Sep 28, 2015

@jakob

This comment has been minimized.

Show comment
Hide comment
@jakob

jakob Sep 30, 2015

Owner

This will be fixed in version 0.27.
Prerelease build: https://eggerapps-downloads.s3.amazonaws.com/postico-2015-09-30.zip

Owner

jakob commented Sep 30, 2015

This will be fixed in version 0.27.
Prerelease build: https://eggerapps-downloads.s3.amazonaws.com/postico-2015-09-30.zip

@stefanwiesendanger

This comment has been minimized.

Show comment
Hide comment
@stefanwiesendanger

stefanwiesendanger Oct 1, 2015

I can confirm the prerelease build has fixed this issue for me, thanks!

stefanwiesendanger commented Oct 1, 2015

I can confirm the prerelease build has fixed this issue for me, thanks!

@fermion

This comment has been minimized.

Show comment
Hide comment
@fermion

fermion commented Oct 7, 2015

Thanks @jakob!

@winfried-van-loon

This comment has been minimized.

Show comment
Hide comment
@winfried-van-loon

winfried-van-loon Oct 8, 2015

Fixed in the prerelease build, indeed. Thanks!

winfried-van-loon commented Oct 8, 2015

Fixed in the prerelease build, indeed. Thanks!

@jakob

This comment has been minimized.

Show comment
Hide comment
@jakob

jakob Oct 8, 2015

Owner

I've just released 0.27.
Download & changelist: https://eggerapps.at/postico/changelist.html

Owner

jakob commented Oct 8, 2015

I've just released 0.27.
Download & changelist: https://eggerapps.at/postico/changelist.html

@jakob jakob closed this Oct 8, 2015

@doanerock

This comment has been minimized.

Show comment
Hide comment
@doanerock

doanerock Nov 10, 2015

@jakob just wanted to send you a thank you for fixing this bug.

doanerock commented Nov 10, 2015

@jakob just wanted to send you a thank you for fixing this bug.

@hraban

This comment has been minimized.

Show comment
Hide comment
@hraban

hraban Dec 1, 2015

In case someone is looking for a way to delete that key from known_hosts:

$ ssh-keygen -R <hostname>

hraban commented Dec 1, 2015

In case someone is looking for a way to delete that key from known_hosts:

$ ssh-keygen -R <hostname>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment