Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 8 Apr 2020 10:40:12 +0200
From:      Ruben <mail@osfux.nl>
To:        freebsd-questions@freebsd.org
Subject:   Re: difference in sshd protocol options
Message-ID:  <081421ff-7295-4406-fb17-fc5b4c974e95@osfux.nl>
In-Reply-To: <CAPORhP4aHUWuQww9LkMT=9m3m9CGJnHx6gdqKFBwo=ACkcCO7g@mail.gmail.com>
References:  <CAPORhP4aHUWuQww9LkMT=9m3m9CGJnHx6gdqKFBwo=ACkcCO7g@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

Hi David,

I don't know the answer to your question but I had an "interesting" run 
last year as well. I couldn't distill from your message whether or not 
you got things to work, perhaps my ramblings will save some further 
frustration if you didn't.

The android apps I tried all used a Java library for the actual syncing 
etc, which I only got working after adding this to my "global" sshd config:

ChallengeResponseAuthentication yes

Without it, all auths (by all apps I tried) resulted in:

# sshd[14279]: error: Received disconnect from X.X.X.X port 35190:3: 
com.jcraft.jsch.JSchException: Auth fail [preauth]

My global PasswordAuthentication setting is set to "no".

I also added:

Ciphers aes256-ctr,aes192-ctr,aes128-ctr

to my configuration around that time, can't remember if that was an 
actual attempt to allow apps authenticating against OpenSSH or not.

My individual android devices all have a "match" block:

Match User test123
   ChrootDirectory %h
   ForceCommand internal-sftp
   AllowTcpForwarding no
   PermitTunnel no
   PasswordAuthentication yes

This combination works for all apps i've tried since.

Kind Regards,

Ruben

On 4/8/20 7:59 AM, David Mehler wrote:
> Hello,
> 
> I just went through an interesting go tonight getting an android file
> manager to connect via sftp to my FreeBSD 12.1 sshd server. I've got
> two questions. Refering to the sshd_config man page the
> HostKeyAlgorithms option and the PubkeyAcceptedKeyTypes options is
> there a difference between the options (both of which appear in the
> default) ssh-rsa and ssh-rsa-cert-v01@openssh.com?
> 
> Thanks.
> Dave.
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?081421ff-7295-4406-fb17-fc5b4c974e95>