Opened 5 months ago

Last modified 3 months ago

#12432 new Bug report

"No supported authentication methods available" when connecting to RHEL 8 (fips mode enabled)

Reported by: pkbarbiedoll Owned by:
Priority: normal Component: FileZilla Client
Keywords: rhel8, fips, authentication Cc: pkbarbiedoll
Component version: 3.53.1 Operating system type: Linux
Operating system version: Client: Linux Mint 20.1; Server: RHEL 8

Description

I'm attempting to connect to a new RHEL8 server using the latest build of FileZilla (3.53.1). My client machine is running the latest version of Linux Mint (20.1)

FileZilla reports:

Status:	Connecting to rhel8.server.host.name...
Response:	fzSftp started, protocol_version=10
Command:	open "acoder2020@rhel8.server.host.name" 22
Status:	Using username "acoder2020". 
Error:	FATAL ERROR: No supported authentication methods available 
(server sent: publickey,gssapi-keyex,gssapi-with-mic)
Error:	Could not connect to server

The RHEL server was installed with FIPS mode for enhanced security. So some authentication methods are removed to tighten the server down.

Here is the server log on the corresponding SFTP login attempt through FileZilla:

/var/log/secure

Apr 21 16:30:14 rhel8 sshd[2442322]: userauth_pubkey: 
key type ssh-rsa not in PubkeyAcceptedKeyTypes [preauth]
Apr 21 16:30:14 rhel8 sshd[2442322]: Connection closed by authenticating user 
acoder2020 1.1.1.1 port 33378 [preauth]

And the SSH config:

/etc/crypto-policies/back-ends/opensshserver.config

PubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,
ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,
ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,
rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com

Not that it matters much, but I'm able to ssh and sftp to the same machine from a terminal.

Change History (2)

comment:1 by pkbarbiedoll, 3 months ago

This issue appears to be fixed in nightly build dated 2021-07-02: 3.55.0-rc1-nightly

Last edited 3 months ago by pkbarbiedoll (previous) (diff)

comment:2 by pkbarbiedoll, 3 months ago

It is not corrected in latest stable release: FileZilla_3.54.1_x86_64-linux-gnu.tar.bz2

Note: See TracTickets for help on using tickets.