#12328 closed Bug report (rejected)

Connection failed to Fedora 33 SSH/SFTP server

Reported by: Vitaly Zaitsev Owned by:
Priority: high Component: FileZilla Client
Keywords: Cc:
Component version: 3.51.0 Operating system type:
Operating system version: Fedora 33

Description (last modified by Vitaly Zaitsev)

Description of problem:
Cannot connect to the OpenSSH server on Fedora 33 due to recent crypto-policy changes with using standard RSA-4096 keys (curve25519 works).

I can also reproduce this issue with FileZilla on Windows 10 and even in PuTTY client.

Version-Release number of selected component (if applicable):
filezilla-3.51.0-1.fc33
libfilezilla-0.25.0-2.fc33

How reproducible:
Always.

Steps to Reproduce:

  1. Install Fedora 33.
  2. Install OpenSSH server: sudo dnf install openssh-server
  3. Enable it: sudo systemctl enable --now sshd.service
  4. Disable password authentication:

echo "PasswordAuthentication no" | sudo tee /etc/ssh/sshd_config.d/00-disablepass.conf
sudo chmod 0600 /etc/ssh/sshd_config.d/00-disablepass.conf

  1. Restart OpenSSH server: sudo systemctl restart sshd.service
  2. Create SFTP connection in FileZilla to 127.0.0.1.
  3. Try to connection with RSA key authentication (id_rsa should be added to the SSH agent).

Actual results:
Connection failure:
FATAL ERROR: No supported authentication methods available (server sent: publickey)

Expected results:
Successful connection.

Additional info:
Logs attached:

  • filezilla.log - internal FileZilla log file with full debug enabled;
  • sshd-filezilla.log - OpenSSH Server log with debug for the FileZilla connection;
  • sshd-console-client.log - OpenSSH Server log with debug for the default console SSH client.

Attachments (3)

filezilla.log (5.7 KB ) - added by Vitaly Zaitsev 10 months ago.
sshd-filezilla.log (4.4 KB ) - added by Vitaly Zaitsev 10 months ago.
sshd-console-client.log (6.5 KB ) - added by Vitaly Zaitsev 10 months ago.

Download all attachments as: .zip

Change History (10)

by Vitaly Zaitsev, 10 months ago

Attachment: filezilla.log added

by Vitaly Zaitsev, 10 months ago

Attachment: sshd-filezilla.log added

by Vitaly Zaitsev, 10 months ago

Attachment: sshd-console-client.log added

comment:1 by Vitaly Zaitsev, 10 months ago

Description: modified (diff)

comment:2 by Tim Kosse, 10 months ago

Resolution: rejected
Status: newclosed

You are trying to authenticate with a key type (ssh-rsa) not supported by the server.

The working login shows an authentication attempt with a different key type (rsa-sha2-256).

Make sure to load a key type supported by the server in your agent.

comment:3 by Vitaly Zaitsev, 10 months ago

I use the same key both in FileZilla and console OpenSSH client.

OpenSSH client can connect, FileZilla - cannot.

comment:4 by Vitaly Zaitsev, 10 months ago

Resolution: rejected
Status: closedreopened

I think this ticket need to be reopened.

The same server, SSH key, SSH agent running and two different clients: FileZilla and the default console SSH client. FileZilla cannot connect, but the console client works absolutely fine.

I guess this issue is related to the PuTTY libraries. I have absolutely the same problem with PuTTY 0.74 on Windows 10 and the same SSH RSA key.

comment:5 by Tim Kosse, 10 months ago

Resolution: rejected
Status: reopenedclosed

There are multiple different keys involved. Make sure to use the same key in all your tests.

comment:6 by Vitaly Zaitsev, 10 months ago

Resolution: rejected
Status: closedreopened

I have only one key. The same server, SSH key, SSH agent running and two different clients: FileZilla and the default console SSH client.

Just take Fedora 33 live, boot from it, generate RSA key, disable password authentication and you will easily reproduce this issue.

comment:7 by Tim Kosse, 10 months ago

Resolution: rejected
Status: reopenedclosed

You are trying to authenticate with a key type (ssh-rsa) not supported by the server.
The working login shows an authentication attempt with a different key type (rsa-sha2-256).

A key cannot simultaneously be of two types, which means that you are using multiple keys.

Make sure to use the same key in all clients, then it behaves the same in all clients: Either all connect, or none connect.

Note: See TracTickets for help on using tickets.