sftpgo.json ; Configuration file - sftpd - host_key_algorithms #1346
Replies: 1 comment 1 reply
-
|
@Mistique8885 - Were you able to setup SFTP and ssh into your sftpgo instance before applying the host_key_algorithms restrictions? |
Beta Was this translation helpful? Give feedback.
-
|
Hi! I solved it with setting ENV var like this: It is 'ssh-rsa' + Default Algorithms |
Beta Was this translation helpful? Give feedback.
-
Hi!
Here is an issue:
I want to restrict SFTPGo to specific algorithms only:
Expected:
Config loaded properly, only "ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com" are supported:
Result:
{"level":"info","time":"2023-07-03T21:08:13.774","sender":"service","message":"initializing SFTP server with config {Banner:JOPA Bindings:[{Address: Port:2022 ApplyProxyConfig:true}] MaxAuthTries:0 HostKeys:[] HostCertificates:[] HostKeyAlgorithms:[ecdsa-sha2-nistp256-cert-v01@openssh.com ecdsa-sha2-nistp521-cert-v01@openssh.com] KexAlgorithms:[] Ciphers:[aes256-gcm@openssh.com] MACs:[] TrustedUserCAKeys:[] RevokedUserCertsFile: LoginBannerFile: EnabledSSHCommands:[md5sum sha1sum sha256sum cd pwd scp] KeyboardInteractiveAuthentication:false KeyboardInteractiveHook: PasswordAuthentication:true FolderPrefix: certChecker:<nil> parsedUserCAKeys:[]}"}When Client tries to connect we see in the log:
{"level":"debug","time":"2023-07-03T21:12:04.950","sender":"sftpd","message":"failed to accept an incoming connection: ssh: no common algorithm for host key; client offered: [ssh-ed25519 ssh-ed448 ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 rsa-sha2-512 rsa-sha2-256 ssh-rsa ssh-dss], server offered: []"}Question:
How to properly limit SFTPGo with specific algo?
Thank you!
Beta Was this translation helpful? Give feedback.
All reactions