You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What version of RCX are you using (About -> App version)?
RCX 1.12.2 (F-Droid) with Rclone v1.55.1-rcx
What is your Android version, phone model and manufacturer?
OxygenOS 13.0 (Android 13) on OnePlus 10 Pro by OnePlus
Which steps are required to reproduce this issue?
Connect to an SFTP remote with a (4096-bit) RSA key_pem.
The Rclone process from RCX will try to authenticate with the ssh_rsa signature algorithm instead of rsa-sha2-256, which results in a rejection from recent OpenSSH server due to its deprecation. The server side log shows:
openssh-server_1 | userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
Whereas using the same rclone config on desktop (with Rclone v1.61.1 on Arch Linux), it does use rsa-sha2-256 and succeeds. The server side log shows:
openssh-server_1 | Accepted publickey for [redacted] from [redacted] port [redacted] ssh2: RSA SHA256:[redacted]
The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These algorithms have the advantage of using the same key type as "ssh-rsa" but use the safe SHA-2 hash algorithms. These have been supported since OpenSSH 7.2 and are already used by default if the client and server support them.
(Not sure if this is related to golang/go#56342 , but the Rclone version shipped with RCX is older instead of newer than the desktop version that's working fine.)
The text was updated successfully, but these errors were encountered:
zhanghai
changed the title
SFTP uses ssh_rsa instead of rsa-sha2-256
SFTP uses deprecated ssh_rsa instead of rsa-sha2-256 for signature algorithm
Mar 3, 2023
What version of RCX are you using (About -> App version)?
RCX 1.12.2 (F-Droid) with Rclone v1.55.1-rcx
What is your Android version, phone model and manufacturer?
OxygenOS 13.0 (Android 13) on OnePlus 10 Pro by OnePlus
Which steps are required to reproduce this issue?
Connect to an SFTP remote with a (4096-bit) RSA key_pem.
The Rclone process from RCX will try to authenticate with the
ssh_rsa
signature algorithm instead ofrsa-sha2-256
, which results in a rejection from recent OpenSSH server due to its deprecation. The server side log shows:Whereas using the same rclone config on desktop (with Rclone v1.61.1 on Arch Linux), it does use
rsa-sha2-256
and succeeds. The server side log shows:According to the OpenSSH release notes linked in https://security.stackexchange.com/a/226133:
(Not sure if this is related to golang/go#56342 , but the Rclone version shipped with RCX is older instead of newer than the desktop version that's working fine.)
What is your configuration (
rclone.conf
)?Does the same issue also occur when using the same configuration on a PC or in Termux?
No.
What are the contents of
Android/data/io.github.x0b.rcx/files/logs/log.txt
?log.txt
(click to expand)The text was updated successfully, but these errors were encountered: