2

I just installed Ubuntu 22.04 on my desktop computer and now the Android app AndFTP on my phone gives the error

There was a problem while connecting to 192.168.178.52:22 java.IOException Key exchange was not finished, connection is closed.

when I try to login using SSH with a keypair, even before I entered the password of the keypair.

When I try ssh user@192.168.178.52 on the desktop itself it works just fine.

What am I doing wrong?

Adriaan
  • 630
  • 2
  • 11
  • 23
  • 1
    I wonder if it's related to removal of ssh-dss hostkey support? see for example [openssh update and android app AndFTP SFTP broken](https://forums.gentoo.org/viewtopic-p-8686319.html?sid=2bae225ec2bd1287744bf1b11194a859) and this related Q&A [SSH returns: no matching host key type found. Their offer: ssh-dss](https://askubuntu.com/questions/836048/ssh-returns-no-matching-host-key-type-found-their-offer-ssh-dss) – steeldriver May 07 '22 at 12:58
  • @steeldriver I guess so. I looked at the two links and added the lines `PubkeyAcceptedKeyTypes +ssh-rsa` and `HostkeyAlgorithms +ssh-rsa` to `/etc/ssh/sshd_config` and restarted the SSH server with `sudo systemctl restart ssh.service`. After doing this, AndFTP is now working as before. And the same holds for the programs SFTP Net Drive 2017 and MobaXterm. I'm only wondering if adding these lines might make my security more vulnerable...is that the case? – Adriaan May 07 '22 at 18:21
  • Also see [this answer](https://askubuntu.com/questions/1409105/ubuntu-22-04-ssh-the-rsa-key-isnt-working-since-upgrading-from-20-04/1409528#1409528). – user68186 Aug 29 '22 at 20:29

1 Answers1

5

It seems to me that 22.04 has reviewed a lot of security and enforced a lot of changes to the previous defaults. From what I can tell, ED25519 is deemed to be significantly better than RSA, which has been disabled by default.

If you uncomment "HostKey /etc/ssh/ssh_host_ed25519_key" in /etc/ssh/sshd_config and restart the server with "sudo service sshd restart". You can now connect this way without enabling the "lesser" RSA method.

In AndFTP, you can go to "Edit connection" > "Advanced" > "Expert/Specific FTP settings" > "SSH provider" and switch to the "Secure" mode, which works for me.

Colin Hemming
  • 51
  • 1
  • 2
  • There's extra steps if using key authentication: Advanced->SSH key. Copy and rename the ed25519 private key (e.g id_ed25519) to be named like an image file, e.g id_ed25519.png This is needed apparently because of the way Android grants the app file access. The AndFTP developer themselves suggested this in a response to someone's review on the Play Store – happyskeptic Mar 01 '23 at 06:53