rsync
June 16, 2021, 3:43am
1
It seems as though the previous workaround for this issue is no longer working.
Trying:
path_override = ssh -oHostKeyAlgorithms=ssh-ed25519
in the config, and:
rclone ... --sftp-path-override "ssh -oHostKeyAlgorithms=ssh-ed25519"
both result in failed connections.
Confirmed problem in versions:
rclone v1.55.1 (MacOS)
Ex:
/mnt/usr/local/bin/rclone -vv lsd --sftp-hostusw-s001.rsync.net --sftp-user test --sftp-ask-password --sftp-path-override 'ssh -oHostKeyAlgorithms=ssh-ed25519' :sftp:
2021/06/12 21:41:14 DEBUG : rclone: Version "v1.52.2" starting with parametersusw-s001.rsync.net "
Was the patch left out of a recent build?
There already is a post on the topic:
What is the problem you are having with rclone?
Having trouble connecting to rsync.net via SFTP from two different servers (which might mean this is their problem and not a bug with rclone).
I'm seeing errors with ssh handshake failing due to DSA key too large. I don't see this problem when connecting to SFTP servers. Not sure if this is user error on my part, or if a problem with rsync.net? I get the same error regardless of whether I use the SSH password in the config file, or via --sftp-ask-…
ncw
June 16, 2021, 11:49am
3
I found the patch referred to
opened 06:32PM - 08 Feb 18 UTC
We are seeing some odd behavior connecting to a customer SFTP site with a userna… me and password. This code is working for all other tested endpoints.
I see a section of code in the crypto/keys.go file in the function checkDSAParams that fails if the key length is not 1024, but since I am able to connect to that SFTP with ssh and other SFTP clients, I'm not sure why that restriction is being enforced in Go.
### What version of Go are you using (`go version`)?
go1.9.2 linux/amd64
### Does this issue reproduce with the latest release?
yes
### What operating system and processor architecture are you using (`go env`)?
GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/go"
GORACE=""
GOROOT="/usr/local/go"
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
CC="gcc"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0"
CXX="g++"
CGO_ENABLED="1"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
### What did you do?
Attempting to establish a connection to a remote SFTP server.
ssh.Dial("tcp", config.SftpServer+":"+string(config.SftpPort), sshConfig)
If possible, provide a recipe for reproducing the error.
A complete runnable program is good.
A link on play.golang.org is best.
### What did you expect to see?
A successful SSH handshake and authentication.
### What did you see instead?
An error: ssh: handshake failed: ssh: unsupported DSA key size 2048
The problem was identified by FiloSottile here
opened 06:32PM - 08 Feb 18 UTC
We are seeing some odd behavior connecting to a customer SFTP site with a userna… me and password. This code is working for all other tested endpoints.
I see a section of code in the crypto/keys.go file in the function checkDSAParams that fails if the key length is not 1024, but since I am able to connect to that SFTP with ssh and other SFTP clients, I'm not sure why that restriction is being enforced in Go.
### What version of Go are you using (`go version`)?
go1.9.2 linux/amd64
### Does this issue reproduce with the latest release?
yes
### What operating system and processor architecture are you using (`go env`)?
GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/go"
GORACE=""
GOROOT="/usr/local/go"
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
CC="gcc"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0"
CXX="g++"
CGO_ENABLED="1"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
### What did you do?
Attempting to establish a connection to a remote SFTP server.
ssh.Dial("tcp", config.SftpServer+":"+string(config.SftpPort), sshConfig)
If possible, provide a recipe for reproducing the error.
A complete runnable program is good.
A link on play.golang.org is best.
### What did you expect to see?
A successful SSH handshake and authentication.
### What did you see instead?
An error: ssh: handshake failed: ssh: unsupported DSA key size 2048
So from reading that I think If you were to switch the order of the DSA (old almost deprecated) and the Ed25519 (shiny and new) crypto methods in the server config then I think rclone would work. You'd also be getting users to use more modern crypto by default.
ncw
June 16, 2021, 1:02pm
4
Note that rclone doesn't use the system ssh binary - --sftp-path-override
Override path used by SSH connection.
This allows checksum calculation when SFTP and SSH paths are different. This issue affects among others Synology NAS boxes.