Opened 4 years ago
Closed 4 years ago
#12328 closed Bug report (rejected)
Connection failed to Fedora 33 SSH/SFTP server
| Reported by: | Vitaly Zaitsev | Owned by: | |
|---|---|---|---|
| Priority: | high | Component: | FileZilla Client |
| Keywords: | Cc: | ||
| Component version: | 3.51.0 | Operating system type: | |
| Operating system version: | Fedora 33 |
Description (last modified by )
Description of problem:
Cannot connect to the OpenSSH server on Fedora 33 due to recent crypto-policy changes with using standard RSA-4096 keys (curve25519 works).
I can also reproduce this issue with FileZilla on Windows 10 and even in PuTTY client.
Version-Release number of selected component (if applicable):
filezilla-3.51.0-1.fc33
libfilezilla-0.25.0-2.fc33
How reproducible:
Always.
Steps to Reproduce:
- Install Fedora 33.
- Install OpenSSH server: sudo dnf install openssh-server
- Enable it: sudo systemctl enable --now sshd.service
- Disable password authentication:
echo "PasswordAuthentication no" | sudo tee /etc/ssh/sshd_config.d/00-disablepass.conf
sudo chmod 0600 /etc/ssh/sshd_config.d/00-disablepass.conf
- Restart OpenSSH server: sudo systemctl restart sshd.service
- Create SFTP connection in FileZilla to 127.0.0.1.
- Try to connection with RSA key authentication (id_rsa should be added to the SSH agent).
Actual results:
Connection failure:
FATAL ERROR: No supported authentication methods available (server sent: publickey)
Expected results:
Successful connection.
Additional info:
Logs attached:
- filezilla.log - internal FileZilla log file with full debug enabled;
- sshd-filezilla.log - OpenSSH Server log with debug for the FileZilla connection;
- sshd-console-client.log - OpenSSH Server log with debug for the default console SSH client.
Attachments (3)
Change History (10)
by , 4 years ago
| Attachment: | filezilla.log added |
|---|
by , 4 years ago
| Attachment: | sshd-filezilla.log added |
|---|
by , 4 years ago
| Attachment: | sshd-console-client.log added |
|---|
comment:1 by , 4 years ago
| Description: | modified (diff) |
|---|
comment:2 by , 4 years ago
| Resolution: | → rejected |
|---|---|
| Status: | new → closed |
comment:3 by , 4 years ago
I use the same key both in FileZilla and console OpenSSH client.
OpenSSH client can connect, FileZilla - cannot.
comment:4 by , 4 years ago
| Resolution: | rejected |
|---|---|
| Status: | closed → reopened |
I think this ticket need to be reopened.
The same server, SSH key, SSH agent running and two different clients: FileZilla and the default console SSH client. FileZilla cannot connect, but the console client works absolutely fine.
I guess this issue is related to the PuTTY libraries. I have absolutely the same problem with PuTTY 0.74 on Windows 10 and the same SSH RSA key.
comment:5 by , 4 years ago
| Resolution: | → rejected |
|---|---|
| Status: | reopened → closed |
There are multiple different keys involved. Make sure to use the same key in all your tests.
comment:6 by , 4 years ago
| Resolution: | rejected |
|---|---|
| Status: | closed → reopened |
I have only one key. The same server, SSH key, SSH agent running and two different clients: FileZilla and the default console SSH client.
Just take Fedora 33 live, boot from it, generate RSA key, disable password authentication and you will easily reproduce this issue.
comment:7 by , 4 years ago
| Resolution: | → rejected |
|---|---|
| Status: | reopened → closed |
You are trying to authenticate with a key type (ssh-rsa) not supported by the server.
The working login shows an authentication attempt with a different key type (rsa-sha2-256).
A key cannot simultaneously be of two types, which means that you are using multiple keys.
Make sure to use the same key in all clients, then it behaves the same in all clients: Either all connect, or none connect.
You are trying to authenticate with a key type (ssh-rsa) not supported by the server.
The working login shows an authentication attempt with a different key type (rsa-sha2-256).
Make sure to load a key type supported by the server in your agent.