search

shellster / keepass-sftp-sync

Keepass SftpSync
30 stars 6 forks source link

An exception occurred during a WebClient request / An established connection was aborted by the server #15

Open scarlion1 opened 1 year ago

scarlion1 commented 1 year ago

I recently started getting this error after trying to login to the SFTP server, which running Debian and was recently upgraded. I'm thinking it has to do with SFTPSync using an old deprecated cipher or something? and I'm still havin to use the 2.2 version since I'm using mono on Linux... any ideas?

Maybe it's time I find a native Linux version of KeePass with SFTP capability... any suggestions?

Thanks

t00 commented 1 year ago

I just switched to SFTP from WebDAV on Linux and found out the same issue.

On ssh server (sftp works from keepass2android for example) when connecting the following log entry is added:

sshd[304773]: Unable to negotiate with 10.1.1.1 port 38618: no matching host key type found. Their offer: ssh-rsa,ssh-dss [preauth]

mono/dotnet works fine on Linux, no reason for sftp-sync not to work. Not sure how to fix this problem yet.

t00 commented 1 year ago

Temporary fixed by adding these 2 lines in /etc/ssh/sshd_config:

HostKeyAlgorithms +ssh-rsa,ssh-dss
PubkeyAcceptedKeyTypes +ssh-rsa,ssh-dss

Temporary because above lines reduce ssh security overall - there is no way to set these hashes only for certain groups or users, all users will be affected. Use only for low risk, special, chrooted sftp-only accounts with /sbin/nologin shell.

shellster commented 11 months ago

This is due to an issue with older SSH.NET not supporting the new algorithms, however, a fork with some changes I needed was recently updated. When I get a chance I'll see about rolling a new release.

scarlion1 commented 11 months ago

...there is no way to set these hashes only for certain groups or users, all users will be affected.

@t00 You should be able to add those options to your own ~/.ssh/config file, under a Host definition.  ℰ.ℊ.:

Host <whatever>
  Hostname 10.1.1.1
  Port 38618
  HostKeyAlgorithms +ssh-rsa,ssh-dss
  PubkeyAcceptedKeyTypes +ssh-rsa,ssh-dss

Then you can just ssh <whatever> and it'll connect to the specified Hostname on the specified Port along with the HostKeyAlgorithms and PubkeyAcceptedKeyTypes you specified.  These options would only apply to your user account and only for that Host definition.