Support JSCH

[Joeviocoe]

ssh-rsa is no longer being supported by many clients. Please support JSCH algorithms.

[wolpi]

This app supports newer algorithms like ecdsa and ed25519. And there is #317. Which algorithm do you miss?

[Joeviocoe]

Not sure exactly what happened or what algorithms would work. But the issue was with the SFTP update to Keepass2Android. v1.09 broke the ability to connect to primative-ftpd. In the latest pre-release beta version (1.10-pre), I now have the option to specify a deprecated algorithm. So it works again if I specify ssh-rsa.
PhilippC/keepass2android#2386

[wolpi]

can you share screenshots or logs in which we can see more detail? In server log we should see which algorithms are tried when connection fails, that would be interesting.

[Joeviocoe]

grep -i algo prim-ftpd-log-2023-11-29-13-07-19.csv

"2023-11-29 01:09:07.6";"TRACE";"org.apache.sshd.server.session.ServerSession";"Kex: negotiate(kex algorithms) guess=ecdh-sha2-nistp256 (client: ecdh-sha2-nistp256,ecdh-sha2-nis...";"";
"2023-11-29 01:09:07.6";"TRACE";"org.apache.sshd.server.session.ServerSession";"Kex: negotiate(server host key algorithms) guess=ssh-rsa (client: ssh-rsa / server: ssh-ed25519,s...";"";
"2023-11-29 01:09:07.6";"TRACE";"org.apache.sshd.server.session.ServerSession";"Kex: negotiate(encryption algorithms (client to server)) guess=aes128-ctr (client: aes128-ctr,aes...";"";
"2023-11-29 01:09:07.6";"TRACE";"org.apache.sshd.server.session.ServerSession";"Kex: negotiate(encryption algorithms (server to client)) guess=aes128-ctr (client: aes128-ctr,aes...";"";
"2023-11-29 01:09:07.6";"TRACE";"org.apache.sshd.server.session.ServerSession";"Kex: negotiate(mac algorithms (client to server)) guess=hmac-sha2-256 (client: hmac-sha2-256-etm@...";"";
"2023-11-29 01:09:07.6";"TRACE";"org.apache.sshd.server.session.ServerSession";"Kex: negotiate(mac algorithms (server to client)) guess=hmac-sha2-256 (client: hmac-sha2-256-etm@...";"";
"2023-11-29 01:09:07.6";"TRACE";"org.apache.sshd.server.session.ServerSession";"Kex: negotiate(compression algorithms (client to server)) guess=none (client: none / server: none";"";
"2023-11-29 01:09:07.6";"TRACE";"org.apache.sshd.server.session.ServerSession";"Kex: negotiate(compression algorithms (server to client)) guess=none (client: none / server: none";"";
"2023-11-29 01:09:53.8";"TRACE";"org.apache.sshd.server.session.ServerSession";"Kex: negotiate(kex algorithms) guess=ecdh-sha2-nistp256 (client: ecdh-sha2-nistp256,ecdh-sha2-nis...";"";
"2023-11-29 01:09:53.8";"WARN";"org.apache.sshd.server.session.ServerSession";"Exception caught";"java.lang.IllegalStateException: Unable to negotiate key exchange for server host key algorithms (client: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 / server: ssh-ed25519,ssh-rsa,ssh-rsa)

[wolpi]

That sounds to me like client and server would partly use/support same algorithms but use different names for them. This app supports names as used by OpenSSH.

Also seems like JSCH does not support ed25519, which some consider the "best" algorithm.
JSCH seems to support ecdsa which this app supports for encryption but not as host-key. That would be something to consider if I find time for that.

Which client application do you use?

[Joeviocoe]

Which client application do you use?

https://github.com/PhilippC/keepass2android/

[wolpi]

Good to know.

You might also ask in JSCH project to add support for algorithm ed25519. Maybe they are faster than me 😄

[wolpi]

Has been added.
You have to choose ECDSA 256 in preferences (host key algorithm). That preference has been newly added.