SSH auth error ( known_host is updated unconditionally ) about xfiles HOT 13 CLOSED

Hi, what Android version are you using? I remember I once had similar issues with Kitkat... definitely this seems a SSHJ-related issue, so you may also have a search in the SSHJ issue page here. The sftp-related commits are for showing detailed progress, so I'm pretty sure they are unrelated to this.

from xfiles.

I'm using LineageOS 15.1, so Android 8.1 or Oreo.

My OpenSSH is the recent version 7.9p1 configured on the basis of the "modern" guidelines of the Mozilla security guidelines from https://infosec.mozilla.org/guidelines/

ConnectBot is working well with this configuration.

Will have a look at the SSHJ issues soon.

Thanks for the great work, I love so called orthodox file managers, like Norton Commander. 😃

from xfiles.

I'm not able to reproduce the issue, I tried connecting both from an Android-x86 8.1 VM and from an Android 6 smartphone to a Linux SSH server, with explicit host key verification limited to ed22519. The expected behaviour is that, for the first connection to an unknown SSH server, once pressed Accept, the app will add it in its known_hosts file, try reconnect and load the remote file list, which you should find at the end. I have the same verification error in my sshd log, but I manage to connect anyway (I suspect verification outcome is ignored, will have to check this anyway).

from xfiles.

Just found out, the key gets added every time when I press accept. Even if I delete the known_hosts its behaviour is like this.

The file looks like this:
my.full.domain ssh-ed25519 KeyValue
my.full.domain ssh-ed25519 KeyValue
my.full.domain ssh-ed25519 KeyValue
my.full.domain ssh-ed25519 KeyValue
my.full.domain ssh-ed25519 KeyValue

from xfiles.

Sorry, but I still don't manage to cause the behaviour you describe. I need more information, e.g. some logcat starting from a clean installation or similar... The method responsible for adding host keys to known_hosts preliminarily checks that the given key exists in the file, so the problem may be due to some weird scenario I'm not aware of.

from xfiles.

Thank you for diving into it. 😃
I uninstalled xfiles and reinstalled it, then tried again the sftp content, same error, here the log:
https://ghostbin.com/paste/xj8o5

from xfiles.

I see a "getChannel error" in your logcat, due to a generic IOException, which may only be thrown from a InteractiveHostKeyVerifier constructor, a loadKeys() method, and a connect() method... That makes me suspect that there could be some problem with the access to the known_hosts file, and that the problem doesn't depend on the hostkey algorithm used (ed25519). I encourage you to try connecting to another OpenSSH server with rsa or dsa host key in order to verify this, and/or connecting to the same OpenSSH server from another Android device. One last question: are you trying connecting using password or public key authentication?

from xfiles.

I'm on holiday so I could only do a short test via VPN to my OpenWRT router which has DropBear and RSA key change.

Same problem:

02-26 20:03:43.713 E/KeyExchanger(10982): Disconnecting because none of the configured Host key verifiers ([it.pgp.xfiles.sftpclient.InteractiveHostKeyVerifier@f5e4eca]) could verify 'ssh-rsa' host key with fingerprint xxxxx for hostname:2222

I use public key authentication on my laptop, but on my phone I'm using password authentication only.

from xfiles.

Cannot reproduce even on physical device + LineageOS, closing for now...

from xfiles.

Yes OK, but the bug is still there.

Tested with 1.0.5:
05-15 17:26:12.511 E/KeyExchanger(1611): Disconnecting because none of the configured Host key verifiers ([it.pgp.xfiles.sftpclient.InteractiveHostKeyVerifier@a94bdd4]) could verify 'ssh-rsa' host key with fingerprint 93:74:20:2b:b0:a6:44:19:a7:ae:d0:49:7d:26:48:e7 for 10.10.10.1:2222

from xfiles.

Should be fixed now

from xfiles.

4bcacd2

from xfiles.

I'm glad you found the problem, thank you :-)

from xfiles.