SFTP: Cannot connect to Pterodactyl Panel's Wings SFTP server with both password and RSA key file authentication (BouncyCastle dependency issue?)

[explor4268]

Details

Acode Version: 1.10.3 (F-Droid) OS Version: Android 10 (doesn't really matter, also affects other devices with different Android versions) SFTP Host: Pterodactyl Wings SFTP Server SSH-2.0-Go (Go SSH Library, see below for relevant source codes) Extensions/Plugins: None Key files are generated with OpenSSH_9.7p1, OpenSSL 3.2.1 from Termux Packages.

Steps to reproduce

1. Add an SFTP server from Menu -> Files -> Add (plus icon) -> SFTP
2. Fill the name with anything
3. Fill the username, hostname, and port obtained from the server settings panel
4. Try with one of the method: password (with password used to log into the panel itself), key file generated with ssh-keygen -t rsa -b 4096, and with ssh-keygen -t rsa-sha2-256 -b 4096 (not attempting ed25519 because of Acode not supporting ed25519 keys). With key file add the public key into the Account -> SSH Keys section on the panel. (Don't forget to re-add everytime the key is regenerated with that command)
5. Press "OK" (in my case I also started adb logcat with argument -T 0 to avoid other unrelated logs)
6. Wait it just stuck on "Connecting to <server>)"
7. After a few minutes, it shows "Failed to connect to <server>". (see logcat output below)
8. Try attempting to connect with other authentication method from step 4.

However, connecting with OpenSSH_9.7p1, OpenSSL 3.2.1 SSH Client (not Acode) with both password and the exact same rsa-sha2-256 key file authentication (because OpenSSH disabled RSA-SHA1 support by default) succeeded without any errors.

Also connecting to OpenSSH_9.7p1 SFTP servers with Acode works fine and I can browse, read, and write into files.

So far, I am facing this issue on two different Pterodactyl host provider with the exact same issue.

UPDATE: The BouncyCastle issue is likely the root cause of this issue, see below for links and issuecomment

This seems like an issue with the JAdaptive Maverick SSH Library used in Acode, but also an Acode issue if the issue is already fixed upstream and Acode not updated its dependencies. This issue is also related to the Ed25519 key issue where Acode is missing the recommend BouncyCastle dependency.

I will attempt to pinpoint the root cause by creating a sample SFTP server with go sftp and ssh library, then connecting it with Acode or with Maverick SSH Library directly. Wait for this issue updates.

adb logcat -T 0 output

Using key file authentication (both RSA SHA-1 and RSA SHA-256), after pressing on "OK", the app starts to output warnings and errors every few seconds as shown below:

06-27 12:12:23.822  2209  5547 W System.err: java.io.IOException: Failed to negotiate a transport component from {} and {}
06-27 12:12:23.823  2209  5547 W System.err:    at com.sshtools.synergy.ssh.TransportProtocol.selectNegotiatedComponent(TransportProtocol.java:2097)
06-27 12:12:23.824  2209  5547 W System.err:    at com.sshtools.client.TransportProtocolClient.selectNegotiatedComponent(TransportProtocolClient.java:292)
06-27 12:12:23.824  2209  5547 W System.err:    at com.sshtools.synergy.ssh.TransportProtocol.performKeyExchange(TransportProtocol.java:1743)
06-27 12:12:23.824  2209  5547 W System.err:    at com.sshtools.synergy.ssh.TransportProtocol.processMessage(TransportProtocol.java:1968)
06-27 12:12:23.825  2209  5547 W System.err:    at com.sshtools.synergy.ssh.TransportProtocol.processBinaryPackets(TransportProtocol.java:627)
06-27 12:12:23.825  2209  5547 W System.err:    at com.sshtools.synergy.ssh.TransportProtocol.onSocketRead(TransportProtocol.java:457)
06-27 12:12:23.825  2209  5547 W System.err:    at com.sshtools.client.TransportProtocolClient.onSocketRead(TransportProtocolClient.java:132)
06-27 12:12:23.825  2209  5547 W System.err:    at com.sshtools.synergy.nio.SocketConnection.processReadEvent(SocketConnection.java:294)
06-27 12:12:23.825  2209  5547 W System.err:    at com.sshtools.synergy.nio.SshEngine$SocketReadWriteTask.doTask(SshEngine.java:675)
06-27 12:12:23.826  2209  5547 W System.err:    at com.sshtools.common.ssh.ConnectionAwareTask.run(ConnectionAwareTask.java:45)
06-27 12:12:23.826  2209  5547 W System.err:    at com.sshtools.common.ssh.ExecutorOperationSupport$OperationTask.executeAllTasks(ExecutorOperationSupport.java:128)
06-27 12:12:23.826  2209  5547 W System.err:    at com.sshtools.common.ssh.ExecutorOperationSupport$OperationTask.run(ExecutorOperationSupport.java:85)
06-27 12:12:23.827  2209  5547 W System.err:    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:462)
06-27 12:12:23.827  2209  5547 W System.err:    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
06-27 12:12:23.828  2209  5547 W System.err:    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
06-27 12:12:23.828  2209  5547 W System.err:    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
06-27 12:12:23.829  2209  5547 W System.err:    at java.lang.Thread.run(Thread.java:919)
06-27 12:12:53.614  2209  5544 E connectUsingKeyFile: Cannot connect
06-27 12:12:53.614  2209  5544 E connectUsingKeyFile: java.io.IOException: Failed to connect to <server hostname>
06-27 12:12:53.614  2209  5544 E connectUsingKeyFile:   at com.sshtools.client.SshClient.doConnect(SshClient.java:158)
06-27 12:12:53.614  2209  5544 E connectUsingKeyFile:   at com.sshtools.client.SshClient.<init>(SshClient.java:132)
06-27 12:12:53.614  2209  5544 E connectUsingKeyFile:   at com.sshtools.client.SshClient.<init>(SshClient.java:121)
06-27 12:12:53.614  2209  5544 E connectUsingKeyFile:   at com.sshtools.client.SshClient.<init>(SshClient.java:117)
06-27 12:12:53.614  2209  5544 E connectUsingKeyFile:   at com.foxdebug.sftp.Sftp$2.run(Sftp.java:131)
06-27 12:12:53.614  2209  5544 E connectUsingKeyFile:   at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
06-27 12:12:53.614  2209  5544 E connectUsingKeyFile:   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
06-27 12:12:53.614  2209  5544 E connectUsingKeyFile:   at java.lang.Thread.run(Thread.java:919)

Finally, the errors stopped after it shows "Failed to connect" error at the end.

Connecting with password authentication also outputs similar warnings and errors, but the connectUsingKeyFile error is only specific to comnecting using a key file. (Using password authentication shows the exact same error prompt)

Alternatives

• Using external SFTP client (e.g. OpenSSH with Termux) to get the file, edit it on Acode, then putting the file back after saving the file in Acode.
• Use the panel's built-in file editor (although a bit finicky since the panel is intended to be opened with a desktop web browser)
• Just edit the files using the computer

If anyone had other alternatives, please leave a comment here on this issue.

Relevant links and issues

• https://github.com/pterodactyl/wings/blob/release/v1.11.13/sftp/server.go (Relevant source code from Pterodactyl Wings)

• 674 (cannot add the recommended BouncyCastle dependency)

• https://pkg.go.dev/github.com/pkg/sftp
• https://pkg.go.dev/golang.org/x/crypto/ssh
• https://github.com/sshtools/maverick-synergy/issues/57 (TL;DR BouncyCastle cannot be loaded)

Updates to this issue

• 2024-06-28: Added more relevant links, added more alternatives, updated details and description, changed some wordings.
• 2024-07-01: Updated details please see the issuecomment below

[explor4268]

It looks like Pterodactyl Wings SFTP Server only support the following key exchanges:

https://github.com/pterodactyl/wings/blob/ac6acf27ed627c745aa72486b825a86b027c11db/sftp/server.go#L53

KeyExchanges: []string{
                "curve25519-sha256", "curve25519-sha256@libssh.org",
                "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521",
                "diffie-hellman-group14-sha256",
            },

which Acode doesn't support because of the missing BouncyCastle dependency in Acode (#674)