DSA 2048 key fix not working anymore?

It seems as though the previous workaround for this issue is no longer working.

Trying:

path_override = ssh -oHostKeyAlgorithms=ssh-ed25519

in the config, and:

rclone ... --sftp-path-override "ssh -oHostKeyAlgorithms=ssh-ed25519"

both result in failed connections.

Confirmed problem in versions:

rclone v1.55.1 (MacOS)
rclone v1.52.2 (FreeBSD)

Ex:

/mnt/usr/local/bin/rclone -vv lsd --sftp-host
usw-s001.rsync.net --sftp-user test --sftp-ask-password --sftp-path-override 'ssh -oHostKeyAlgorithms=ssh-ed25519' :sftp:

2021/06/12 21:41:14 DEBUG : rclone: Version "v1.52.2" starting with parameters
["/mnt/usr/local/bin/rclone" "-vv" "lsd" "--sftp-host" "usw-s001.rsync.net"
"--sftp-user" "1005" "--sftp-ask-password" "--sftp-path-override" "ssh
-oHostKeyAlgorithms=ssh-ed25519" ":sftp:"] 2021/06/12 21:41:14 NOTICE: Config file "/root/.config/rclone/rclone.conf" not found - using defaults
Enter SFTP password:
2021/06/12 21:41:19 DEBUG : pacer: low level retry 1/10 (error couldn't connect SSH:
ssh: handshake failed: ssh: unsupported DSA key size 2048)

Was the patch left out of a recent build?

There already is a post on the topic:

I found the patch referred to

The problem was identified by FiloSottile here

So from reading that I think If you were to switch the order of the DSA (old almost deprecated) and the Ed25519 (shiny and new) crypto methods in the server config then I think rclone would work. You'd also be getting users to use more modern crypto by default.

Note that rclone doesn't use the system ssh binary - --sftp-path-override is for something else

Override path used by SSH connection.

This allows checksum calculation when SFTP and SSH paths are different. This issue affects among others Synology NAS boxes.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.