Sftp cannot Connect

[NotClear]

I have configured my Raspberry pi so that it can be accessed via Sftp, which also works with other apps. Here, however, do I get the same error message every time?!

[mmcguill]

Hi, do you know what authentication modes are enabled on your server?

[NotClear]

I had an rsa key created via Keygen or what is the question?

[mmcguill]

I was asking what SSH login modes are supported by your server (e.g. keyboard-interactive, username/password, publickey).

Looks like you're using publickey which is fine... Authentication is failing however. You should be able to find out more detail by looking in your server logs.

The only thing that I think could be wrong is that your are not sending the right Private Key (note Private Key)... Or that you are either not providing the right password or providing a password when none is required.

[NotClear]

It is not because of the privatekey, since it also works in several other programs. My question is whether the password has to be given or whether the privatekey file is enough

[mmcguill]

It will totally depend on how you've configured your Private Key. Is it encoded by a password or not?

To be very clear: The password here means the password for your private key, not a logon password for your SFTP server, or the Master Password for your database.

I assume you used ssh-keygen? if you open your key file in an editor does it being something like:

-----BEGIN RSA PRIVATE KEY-----

?

[NotClear]

I followed this tutorial https://youtu.be/xt9T6HCAfJY

[mmcguill]

I'm afraid I don't speak German, but a quick scan of that video it looks like no password is used to protect the id_rsa private key file, which is fine. There is something later in the video about using Putty which uses a different format for private keys. You should not use this format.

So you should be selecting the file "id_rsa" (if you used the same setup as in the video) as your private key file with no password. Is that what you are doing?

[NotClear]

Yes

[mmcguill]

Can you tell me what other programs you are using to connect successfully?

And if possible can you paste the configuration (screenshot with confidential items blanked out will do).

[NotClear]

the app i use is called ftpmanager

[mmcguill]

That dialog appears to show you are using a PPK file for the private key with that program.

Can you now paste a screenshot of the dialog in Strongbox as you try to connect?

[georgesnow]

are you including the port in the sftp hostname?

[mmcguill]

That was my next question...

[NotClear]

Here

[georgesnow]

so I just tried this myself using a password. I couldn't connect either. I got the same error.

[mmcguill]

He's not using a password though @georgesnow - if you supply a password with a none passworded private key file - it will fail like this as it should.

@NotClear You definitely didn't set a password when creating the key via ssh-keygen?

[georgesnow]

understood, I was attempting to just baseline SFTP connection then try a private key, and finally private key with password.

[NotClear]

Yes the privatekey is Without a password

[mmcguill]

I'm afraid I'm very much out of ideas. Do your SSHD logs show any sign of what could be wrong?

[georgesnow]

I got it to work with a password, but I had to leave the path as the root: / I can test later using public/private key pair

[georgesnow]

ok it fails for me with public key no password. I generated a fresh key installed it on the host sftp server. specified the private key on strongbox and failed. tried again just using a password and I can connect successfully.

[georgesnow]

one other tidbit and strange thing. using command line to ssh works. so there is something about the framework/implenentation that isn't working correctly.

[mmcguill]

Hi @georgesnow, I'm currently able to connect to my own SFTP server using a private key and no password...

Can you specify a list of commands here to generate the key, how you added it to your server and the command line you used then to connect to that server?

Happy to take a look if I can get the steps to reproduce the issue.

[georgesnow]

touch strongbox_rsa
ssh-keygen
less strongbox_rsa _(<=copy the key)_
nano authorized_keys _(paste key)_
ssh -I strongbox_rsa host _(separate machine to test that is a lower case i but it keeps correcting it)_

[mmcguill]

@georgesnow - I'm not an SSH expert, but aren't you supposed to paste the public key (strongbox_rsa.pub) into authorized_keys?

[georgesnow]

that's the nano part. nano is like vi or vim. you just add another line below with the key you copied from keygen

ssh-rsa -yourkey- me@whatever.blah

[georgesnow]

but the end result is the same. I tested the key from another machine and it works.

[mmcguill]

Understood but you seem to have copied from the private key: (less strongbox_rsa, rather than less strongbox_rsa.pub)

[georgesnow]

that's a typo in the post. I went back and confirmed (and re-test form separate host machine specifying that private key). with a public key installed on the first machine.

I had copied and pasted, but sanitized the output and I must have cut off or pasted the wrong line.

[georgesnow]

curious what happens to the permissions of the private key file when copied into strongbox? how does it maintain the proper permissions?

[mmcguill]

I'm afraid I can't spend any more time on this one for a while, higher priorities. But would be great to see if you can get it working, and if so to paste the exact steps in here.

Regarding permissions, it's just a data blob read from a URL using standard iOS APIs... no permissions needed or considered. This data blob is handed down to libssh to connect.

This is the first report of an issue here, I know there are plenty of people connecting to SFTP servers via public-key auth, so I'm going to wait for other reports. I'm also able to connect to my own server with one.

[georgesnow]

sounds good. I don't use SFTP for this purpose (ie strongbox). I sue ssh/sftp for other things regularly. I really just wanted to see if going through the basic motions I could get it to work on the first try. I will tinker some more. if I figure it out and have time I will post back here.

[mmcguill]

Thanks @georgesnow

@NotClear - Wishing you luck getting this working, I'm out of ideas for what could be wrong. Please let us know if you manage to get this working. Hopefully I'll get time to investigate further soon...

[georgesnow]

well, I couldn't get it to work, with strongbox (or another iOS SSH app). However, the key works no problem between Macs. 🤷‍♂️ I am generating OpenSSH keys.

Is there some other type that's required?

on the other iOS app (WebSSH). I get "SSH key object did not contain a load private key" when trying SFTP. This app requires you to paste the private key string into it. SSH says bad credentials. That doesn't make sense since I know the key works from another device.

@mmcguill do you have specifics how you created your key and what device? Also how you added the public key to your known hosts? etc..

[mmcguill]

Hi @georgesnow - I don't have specifics, it was quite a while ago, however the start of my working private key begins like this:

-----BEGIN RSA PRIVATE KEY-----

but the newer keys that I generate begin:

-----BEGIN OPENSSH PRIVATE KEY-----

I'm quite suspicious though that we're not doing something right here in setup.

[georgesnow]

I am starting to think the same. Need to find a known good workflow. Well, not sure I will have any time to further troubleshoot right now. If I get a chance and figure it out I will post back.

[janprzy]

Same issue here. I'm using a password-protected ed25519 key (also tried RSA, didn't work either). The same key works fine when logging in via Terminal my Mac. Also, password authentication is disabled on my server. The server logs are not very helpful, they just say "failed unknown".

I also tried multiple other apps: It works fine in Termius and PhotoSync, while both Documents and Pisth fail as well. Maybe the problem originates from some library that Strongbox and these two apps use.

[mmcguill]

OK, definitely seems like there's an issue here. I'll rebuild the ssl/ssh libraries with latest source and see if that will fix things...

[mmcguill]

1.45.16 is now available from the App Store with updated SSH libraries. Appreciate any feedback you guys have with that version.

[janprzy]

It works now, thank you!

[mmcguill]

That's great to hear. @georgesnow - can you confirm on your end?

[georgesnow]

I will do that. Probably won’t get a chance until tomorrow

[mmcguill]

@NotClear - Could you give the latest version a try and see if it fixes things for you?

[NotClear]

@mmcguill Yes I updated the app and now everything works flawlessly thank you.