rclone: rclone's sftp not compatible with OpenSSH >=8.8 remote if RSA key pair used

The associated forum post URL from https://forum.rclone.org

None

What is the problem you are having with rclone?

OpenSSH 8.8 dropped the old ssh-rsa in PubkeyAcceptedAlgorithms which means that if one tries to use rclone to connect to sftp or anything that uses ssh as the transport, while using the rsa key pair, it will not work as long as the remote runs modern OpenSSH 8.8 or newer.

The remote end logs the following

Mar 31 15:52:20 [sshd] Connection closed by authenticating user piotr 172.17.17.2 port 60214 [preauth]
Mar 31 15:52:20 [sshd] userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
Mar 31 15:52:20 [sshd] Connection closed by authenticating user piotr 172.17.17.2 port 60216 [preauth]
Mar 31 15:52:20 [sshd] userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
Mar 31 15:52:20 [sshd] Connection closed by authenticating user piotr 172.17.17.2 port 60218 [preauth]
Mar 31 15:52:21 [sshd] userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
Mar 31 15:52:21 [sshd] Connection closed by authenticating user piotr 172.17.17.2 port 60220 [preauth]
Mar 31 15:52:23 [sshd] userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
Mar 31 15:52:23 [sshd] Connection closed by authenticating user piotr 172.17.17.2 port 60222 [preauth]
Mar 31 15:52:25 [sshd] userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
Mar 31 15:52:25 [sshd] Connection closed by authenticating user piotr 172.17.17.2 port 60224 [preauth]
Mar 31 15:52:27 [sshd] userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
Mar 31 15:52:27 [sshd] Connection closed by authenticating user piotr 172.17.17.2 port 60226 [preauth]
Mar 31 15:52:29 [sshd] userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
Mar 31 15:52:29 [sshd] Connection closed by authenticating user piotr 172.17.17.2 port 60228 [preauth]

As I workaround I can switch keys to ed25519 from rsa, but going forward more and more people wir suffer, would be good to either have rclone default to rsa-sha2-256 for rsa keys and fallback to old ssh-rsa.

What is your rclone version (output from rclone version)

rclone v1.58.0
- os/version: gentoo 2.8 (64 bit)
- os/kernel: 5.17.0 (x86_64)
- os/type: linux
- os/arch: amd64
- go/version: go1.17.8
- go/linking: static
- go/tags: none

Which OS you are using and how many bits (e.g. Windows 7, 64 bit)

Linux, Gentoo, ~amd64, 64 bit.

Which cloud storage system are you using? (e.g. Google Drive)

sftp, OpenSSH 8.9

The command you were trying to run (e.g. rclone copy /tmp remote:tmp)

./rclone -vv mount --sftp-host hagane-ethernet :sftp:/ ~/mnt/hagane

A log from the command with the -vv flag (e.g. output from rclone -vv copy /tmp remote:tmp)

% ./rclone -vv mount --sftp-host hagane-ethernet :sftp:/ ~/mnt/hagane
2022/03/31 17:11:33 DEBUG : rclone: Version "v1.58.0" starting with parameters ["./rclone" "-vv" "mount" "--sftp-host" "hagane-ethernet" ":sftp:/" "/home/piotr/mnt/hagane"]
2022/03/31 17:11:33 DEBUG : Creating backend with remote ":sftp:/"
2022/03/31 17:11:33 DEBUG : :sftp: detected overridden config - adding "{OFBPa}" suffix to name
2022/03/31 17:11:33 NOTICE: Config file "/home/piotr/.config/rclone/rclone.conf" not found - using defaults
2022/03/31 17:11:33 DEBUG : pacer: low level retry 1/10 (error couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain)
2022/03/31 17:11:33 DEBUG : pacer: Rate limited, increasing sleep to 200ms
2022/03/31 17:11:33 DEBUG : pacer: low level retry 2/10 (error couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain)
2022/03/31 17:11:33 DEBUG : pacer: Rate limited, increasing sleep to 400ms
2022/03/31 17:11:33 DEBUG : pacer: low level retry 3/10 (error couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain)
2022/03/31 17:11:33 DEBUG : pacer: Rate limited, increasing sleep to 800ms
2022/03/31 17:11:34 DEBUG : pacer: low level retry 4/10 (error couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain)
2022/03/31 17:11:34 DEBUG : pacer: Rate limited, increasing sleep to 1.6s
2022/03/31 17:11:35 DEBUG : pacer: low level retry 5/10 (error couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain)
2022/03/31 17:11:35 DEBUG : pacer: Rate limited, increasing sleep to 2s
2022/03/31 17:11:36 DEBUG : pacer: low level retry 6/10 (error couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain)
2022/03/31 17:11:38 DEBUG : pacer: low level retry 7/10 (error couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain)
2022/03/31 17:11:40 DEBUG : pacer: low level retry 8/10 (error couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain)
2022/03/31 17:11:42 DEBUG : pacer: low level retry 9/10 (error couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain)
2022/03/31 17:11:44 DEBUG : pacer: low level retry 10/10 (error couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain)
2022/03/31 17:11:44 Failed to create file system for ":sftp:/": NewFs: couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

How to use GitHub

  • Please use the šŸ‘ reaction to show that you are affected by the same issue.
  • Please donā€™t comment if you have no relevant information to add. Itā€™s just extra noise for everyone subscribed to this issue.
  • Subscribe to receive notifications on status change and new comments.

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 15 (11 by maintainers)

Commits related to this issue

Most upvoted comments

All good. no worries.

The keys remains the same, RSA keys are okay and ot the problem, its just the hash that is send during the ā€˜ssh handshakeā€™ shall we put it that way needs to be changed. It uses SHA-1 that is no longer supported for security reasons.

The OpenSSH release note explain it good so let me quote it here

In the SSH protocol, the "ssh-rsa" signature scheme uses the SHA-1
hash algorithm in conjunction with the RSA public key algorithm.
It is now possible[1] to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K.

Note that the deactivation of "ssh-rsa" signatures does not necessarily
require cessation of use for RSA keys. In the SSH protocol, keys may be
capable of signing using multiple algorithms. In particular, "ssh-rsa"
keys are capable of signing using "rsa-sha2-256" (RSA/SHA256),
"rsa-sha2-512" (RSA/SHA512) and "ssh-rsa" (RSA/SHA1). Only the last of
these is being turned off by default.

What it means for regular Joe is that ssh, sftp and anything that actually uses libssh2 under the hood just work, because it will just use other hashes that are accepted by server, in order for OpenSSH 8.9 for rsa keys it is first rsa-sha2-512 with a fallback to rsa-sha2-256. You can get it out of ā€˜ssh -vvā€™ output for the server what are the signatures that server will accept

    debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519

Because thereā€™s no ssh-rsa there, the rclone will fail to connect.

I see rclone uses crypto/ssh and this issue seems like just it https://github.com/golang/go/issues/37278

+3
slashbeast on Apr 1, 2022

@slashbeast thank you for the fix.

Iā€™ve merged this to master now which means it will be in the latest beta in 15-30 minutes and released in v1.59 and also in v1.58.1 in a week or two.

+2
ncw on Apr 1, 2022

Great success

% /home/piotr/go/bin/rclone version
rclone v1.59.0-beta.6049.6ecbbf796
- os/version: gentoo 2.8 (64 bit)
- os/kernel: 5.17.0 (x86_64)
- os/type: linux
- os/arch: amd64
- go/version: go1.17.8
- go/linking: dynamic
- go/tags: none

All works

% /home/piotr/go/bin/rclone -vv mount --sftp-host hagane-ethernet :sftp:/ ~/mnt/hagane
2022/04/01 11:52:06 DEBUG : rclone: Version "v1.59.0-beta.6049.6ecbbf796" starting with parameters ["/home/piotr/go/bin/rclone" "-vv" "mount" "--sftp-host" "hagane-ethernet" ":sftp:/" "/home/piotr/mnt/hagane"]
2022/04/01 11:52:06 DEBUG : Creating backend with remote ":sftp:/"
2022/04/01 11:52:06 DEBUG : :sftp: detected overridden config - adding "{OFBPa}" suffix to name
2022/04/01 11:52:06 NOTICE: Config file "/home/piotr/.config/rclone/rclone.conf" not found - using defaults
2022/04/01 11:52:06 DEBUG : sftp://piotr@hagane-ethernet:22//: New connection 172.17.17.2:60358->172.17.17.5:22 to "SSH-2.0-OpenSSH_8.9"
2022/04/01 11:52:06 DEBUG : fs cache: renaming cache item ":sftp:/" to be canonical ":sftp{OFBPa}:/"
2022/04/01 11:52:06 INFO  : sftp://piotr@hagane-ethernet:22//: poll-interval is not supported by this remote
2022/04/01 11:52:06 DEBUG : sftp://piotr@hagane-ethernet:22//: Mounting on "/home/piotr/mnt/hagane"
2022/04/01 11:52:06 DEBUG : : Root:
2022/04/01 11:52:06 DEBUG : : >Root: node=/, err=<nil>

if I might suggest something, unless next release is soon to be released, I really think it would be good to have a minor update to latest stable rclone with this dependency, More and more distributions updates OpenSSH there so I can only expect more and more people hitting this problem

+1
slashbeast on Apr 1, 2022
Read more comments on GitHub
← rclone: [rclone v1.63.0] remote Nextcloud not working after upgrade from 1.62.2 to 1.63.0
rclone: regression between v1.52.3 and v1.53.1: rclone tries to create an existing S3 bucket →