Bug 344517

Summary: kio sftp only supports hmac-sha1
Product: [Unmaintained] kio Reporter: Florian Jacob <accounts+bugs.kde>
Component: sftpAssignee: Andreas Schneider <asn>
Status: RESOLVED UPSTREAM    
Severity: normal CC: kdelibs-bugs, web.yannick
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Florian Jacob 2015-02-24 09:28:07 UTC 
I just configured my ssh server to not use SHA1 anymore, and now I can't access it via sftp:// with dolphin. Happens with kio-5.7.0.

Reproducible: Always

Steps to Reproduce:
1. configure your ssh server according to https://stribika.github.io/2015/01/04/secure-secure-shell.html
2. especially, remove hmac-sha1 in /etc/ssh/sshd_config and set MACs to:
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
3. access your server through dolphin by entering sftp://<username>@<server> in the address bar

Actual Results:  
kex error : no match for method mac algo client->server: server [hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com], client [hmac-sha1]

Expected Results:  
support of more secure MACs than hmac-sha1
Comment 1 yann 2015-04-25 06:19:47 UTC 
I have the same problem using kubuntu 15.04 with kio-5.9.0.

It's really tricky because with hmac-sha1 support only, it's not possible to get a highly secure connection.
Comment 2 Andreas Schneider 2015-04-27 11:33:49 UTC 
We will support other HMACs with libssh 0.7 which will be released next month.

See

https://git.libssh.org/projects/libssh.git/commit/?id=4a089026647073be32ddb0885c12f47496bc709b
Comment 3 Florian Jacob 2015-04-27 16:41:33 UTC 
Happy to hear that, thanks. :)
Comment 4 yann 2015-04-28 17:30:29 UTC 
I'm happy to hear that to, thanks
Comment 5 Andreas Schneider 2015-05-11 09:32:36 UTC 
See https://www.libssh.org/2015/05/11/libssh-0-7-0/