Rclone fails ssh handshakes with rsync.net's SFTP when a known hosts file is specified

sweh · February 13, 2022, 12:31am

So I moved the ed25519 entry earlier up in the list (in common.go) and recompiled (clearing the cache, ensuring the module entry wasn't refreshed!) and, as expected, it negotiated an ed25519 key.

Refreshing the module and it went back to ssh-dss.

But what I did learn was the library will allow multiple entries for a host as long as each entry has a different key type.

So:
ssh-keyscan -t dsa,rsa,ecdsa,ed25519 hk-s020.rsync.net >> known_hosts

This created two entries (ssh-dss and ssh-ed25519) and this worked with the original and the hacked common.go.

ncw · February 14, 2022, 2:30pm

Great test, very interesting.

So do you think it is worth reporting a go issue?

Do you think we should add anything to the rclone docs?

ORYLY · February 14, 2022, 11:39pm

So do you think it is worth reporting a go issue?

I went ahead and already reported it to the Go tracker a day or two ago.

sweh · February 15, 2022, 2:34am

It may be worth adding the ssh-keyscan command to show how to generate ssh-dss keys... I'll leave that determination up to you

system · February 18, 2022, 2:35am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

ncw · February 22, 2022, 9:03pm

@sweh I stuck your command in the docs - thank you