DSA 2048 key fix not working anymore?

It seems as though the previous workaround for this issue is no longer working.


path_override = ssh -oHostKeyAlgorithms=ssh-ed25519

in the config, and:

rclone ... --sftp-path-override "ssh -oHostKeyAlgorithms=ssh-ed25519"

both result in failed connections.

Confirmed problem in versions:

rclone v1.55.1 (MacOS)
rclone v1.52.2 (FreeBSD)


/mnt/usr/local/bin/rclone -vv lsd --sftp-host
usw-s001.rsync.net --sftp-user test --sftp-ask-password --sftp-path-override 'ssh -oHostKeyAlgorithms=ssh-ed25519' :sftp:

2021/06/12 21:41:14 DEBUG : rclone: Version "v1.52.2" starting with parameters
["/mnt/usr/local/bin/rclone" "-vv" "lsd" "--sftp-host" "usw-s001.rsync.net"
"--sftp-user" "1005" "--sftp-ask-password" "--sftp-path-override" "ssh
-oHostKeyAlgorithms=ssh-ed25519" ":sftp:"] 2021/06/12 21:41:14 NOTICE: Config file "/root/.config/rclone/rclone.conf" not found - using defaults
Enter SFTP password:
2021/06/12 21:41:19 DEBUG : pacer: low level retry 1/10 (error couldn't connect SSH:
ssh: handshake failed: ssh: unsupported DSA key size 2048)

Was the patch left out of a recent build?

There already is a post on the topic:

I found the patch referred to

The problem was identified by FiloSottile here

So from reading that I think If you were to switch the order of the DSA (old almost deprecated) and the Ed25519 (shiny and new) crypto methods in the server config then I think rclone would work. You'd also be getting users to use more modern crypto by default.

Note that rclone doesn't use the system ssh binary - --sftp-path-override is for something else

Override path used by SSH connection.

This allows checksum calculation when SFTP and SSH paths are different. This issue affects among others Synology NAS boxes.