xbmc / vfs.sftp

SFTP VFS addon for Kodi
GNU General Public License v2.0
21 stars 28 forks source link

Unable to update known host key #47

Open puigru opened 4 years ago

puigru commented 4 years ago

Recently I migrated my system and with that my SSH server got a new key. When this happens, attempting to connect will make most SSH clients warn you that someone could be impersonating the remote server. Of course, in this case we know that is not the case so updating the known host key would pose no security concern.

Unfortunately, this add-on doesn't appear to allow such option. Yesterday I went to use a device which I use on occasion and it still happened to have the old SSH key in place. I tried playing content from the server but it would simply refuse to connect with a generic error message. At first this led me to believe that something was wrong with my internet connection but in fact it just was the client itself refusing the connection due to the mismatched key.

I couldn't easily figure out a way to delete the previously stored key, the device isn't rooted and I didn't have access to a file manager, so I ended up clearing Kodi's data. I believe that there should be a better way to handle this case as the current solution is both inconvenient and misleading.

Mismatched key warning

Downloading69 commented 4 years ago

This is an annoying issue indeed. Especially on an Android TV where we do not have any access to the known_hosts file. Uninstalling and reinstalling Kodi to be able to access the same SSH server with a different key works but seems a bit overkill.

My solution would be: I think it would be nice to remove the entry in the known_hosts file when removing an SFTP source. That way, when the server key gets changed , removing and re-adding the SFTP server source would be sufficient.

pumrum commented 4 months ago

has anyone found a workaround for this other than uninstall/reinstall? I'm using this on a FireTV and would really prefer not to have to remove my source, re-add it, and rebuild my library.

eharris commented 4 months ago

You can use a file manager app (like ES File Explorer) to delete (or edit) the known hosts file in: card 0/Android/data/org.xbmc.kodi/files/.ssh/known_hosts Be aware that you might have to enable viewing "hidden" files to be able to see the .ssh directory. In ES File Explorer, this is under "Display Settings".