FS#72350 - kdeconnect: OpenSSH 8.8p1 compatibility

Attached to Project: Arch Linux
Opened by Zhong Lufan (hill) - Tuesday, 05 October 2021, 14:26 GMT
Last edited by Antonio Rojas (arojas) - Tuesday, 05 October 2021, 22:32 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Antonio Rojas (arojas)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

The latest OpenSSH 8.8p1 causes kdeconnect's remote file browsing to not work, which is supposed to be caused by 8.8p1 disabling the ssh-rsa host key exchange algorithm by default.

I noticed that there is currently a patch for openssh 8.2 that addresses a similar issue, so perhaps we can update this patch to make it compatible with openssh 8.8.
This task depends upon

Closed by  Antonio Rojas (arojas)
Tuesday, 05 October 2021, 22:32 GMT
Reason for closing:  Fixed
Additional comments about closing:  kdeconnect 21.08.1-2
Comment by loqs (loqs) - Tuesday, 05 October 2021, 19:10 GMT
Does the attached diff resolve the issue for you? It adds ssh-rsa to HostKeyAlgorithms in addition to ssh-dsa that it was previously adding.
If that does not work please try changing the patch to add ssha-rsa to PubkeyAcceptedAlgorithms.
   PKGBUILD.diff (2.6 KiB)
Comment by Antonio Rojas (arojas) - Tuesday, 05 October 2021, 20:19 GMT
Adding it to HostKeyAlgorithms is not enough, and for some reason sshfs doesn't accept a PubkeyAcceptedAlgorithms option:

> sshfs kdeconnect@192.168.1.31:/ /run/user/1000/******** -p 1745 -s -f -F /dev/null -o IdentityFile=/home/antonio/.config/kdeconnect/privateKey.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa -o uid=1000 -o gid=1000 -o reconnect -o ServerAliveInterval=30 -o password_stdin

fuse: unknown option(s): `-o PubkeyAcceptedAlgorithms=+ssh-rsa'
Comment by Zhong Lufan (hill) - Tuesday, 05 October 2021, 21:12 GMT
sshfs maintains its own list of ssh options[1], which does not contain PubkeyAcceptedAlgorithms, but does contain PubkeyAcceptedKeyTypes (equivalent to PubkeyAcceptedAlgorithms).

However, the existing is_ssh_opt function of sshfs is flawed and does not recognize PubkeyAcceptedKeyTypes as ssh parameters, so this parameter cannot be used.

Upstream sshfs issue: https://github.com/libfuse/sshfs/issues/237

[1]: https://github.com/libfuse/sshfs/blob/master/sshfs.c#L389
Comment by Zhong Lufan (hill) - Tuesday, 05 October 2021, 21:21 GMT
If sshfs is not patched, then the only workaround is to specify the ssh profile using -F and then use a configuration similar to the following.

ssh_config:
```
Host *
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
```
Comment by loqs (loqs) - Tuesday, 05 October 2021, 21:46 GMT
Is the bug in sshfs where the options PubkeyAcceptedKeyTypes and PubkeyAuthentication are not accepted caused by a missing comma at the end of line 435 [1]?

[1] https://github.com/libfuse/sshfs/blob/master/sshfs.c#L435
Comment by Antonio Rojas (arojas) - Tuesday, 05 October 2021, 21:47 GMT
Turns out the sshfs issue is just a silly typo https://github.com/libfuse/sshfs/pull/269

EDIT: loqs beat me by a second
Comment by Zhong Lufan (hill) - Tuesday, 05 October 2021, 22:03 GMT
I am not familiar with C, and I am glad you found the problem.

We may temporarily patch sshfs and kde connect as a solution.

Loading...