Bug 339383

Summary: ecdsa-sha2-nistp521 do a bug
Product: [Unmaintained] kio Reporter: BRULE Herman <alpha_one_x86>
Component: sftpAssignee: Andreas Schneider <asn>
Status: RESOLVED UPSTREAM    
Severity: normal    
Priority: NOR    
Version First Reported In: 4.12.5   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description BRULE Herman 2014-09-25 14:55:13 UTC 
Hello,

Firstly sftp don't save the ecdsa-sha2-nistp521 public key into ~/.ssh/known_hosts but RSA.
Secondly, when I had already connect ssh client, it have created ecdsa-sha2-nistp521 entry, then dolphin don't detect it, try RSA and informe the user about key change error.
Thirdly, don't ask to replace this key.

Cheers,

Reproducible: Always
Comment 1 Andreas Schneider 2014-09-26 07:24:19 UTC 
Hello,

I've just tested it. libssh saved the ecdsa-sha2-nistp256 key to my known_hosts file. Which version of libssh are you using? Please report a bug upstream and tell us how to reproduce it!

https://red.libssh.org/

> Thirdly, don't ask to replace this key.

This will never be added. It is a security feature that you need to delete the key in the known_hosts file. Otherwise people do not think if something bad happpend!
Comment 2 BRULE Herman 2014-09-26 07:55:06 UTC 
Hello,

It's because your ssh server is configured with default key lenght, try:
ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -b 521 -N ''
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -b 4096 -N ''
on openssh server.
I use libssh 0.6.3

Cheers,
Comment 3 Andreas Schneider 2014-09-30 14:49:00 UTC 
This is not an issue in kio_sftp. Please open a bug at https://red.libssh.org/ 

Thanks!
Comment 4 BRULE Herman 2014-09-30 19:15:20 UTC 
https://red.libssh.org/issues/171