Bug 417787

Summary: sshfs key exchange methods deprecated
Product: [Applications] kdeconnect Reporter: David Pape <zyzzyxdonta>
Component: android-applicationAssignee: Albert Vaca Cintora <albertvaka>
Status: RESOLVED FIXED    
Severity: normal CC: cliabhach, heri+kde, kde.bugzilla.2012, likivik, maciej.stanczew, mavoga, pmartycz, poloking, sh200105
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Android   
OS: Android 9.x   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description David Pape 2020-02-17 13:32:56 UTC 
SUMMARY

The Android app offers ssh key exchange using diffie-hellman-group14-sha1 and diffie-hellman-group1-sha1. In the newest version of openssh the former was removed from the defaults, the latter has been disabled for a while. This results in kdeconnect not being able to create a connection using sshfs.

STEPS TO REPRODUCE
1. Click on your phone icon in dolphin

OBSERVED RESULT
Error message

EXPECTED RESULT
A connection to the phones file system

SOFTWARE/OS VERSIONS
App on Android version 1.13.7
kdeconnect 1.4.1 on Linux

ADDITIONAL INFORMATION

kdeconnectd[1119]: kdeconnect.plugin.sftp: Mount device: "XXX"
kdeconnectd[1119]: kdeconnect.plugin.sftp: Created mounter
kdeconnectd[1119]: kdeconnect.plugin.sftp: Starting loop to wait for mount
kdeconnectd[1119]: kdeconnect.plugin.sftp: Mount device: "XXX"
kdeconnectd[1119]: kdeconnect.plugin.sftp: Unmount QObject(0x0)
kdeconnectd[1119]: kdeconnect.core: Converting IPv6 QHostAddress("::ffff:192.168.178.29") to IPv4 QHostAddress("192.168.178.29")
kdeconnectd[1119]: kdeconnect.plugin.sftp: Starting process:  "sshfs kdeconnect@192.168.178.29:/ /run/user/1000/719fb2d6a31cfd4d -p 1739 -s -f -F /dev/null -o IdentityFile=/home/XXX/.config/kdeconnect/privateKey.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o HostKeyAlgorithms=+ssh-dss -o uid=1000 -o gid=1000 -o reconnect -o ServerAliveInterval=30 -o password_stdin"
kdeconnectd[1119]: QDBusAbstractAdaptor: Cannot relay signal SftpPlugin::packetReceived(NetworkPacket): Unregistered input type in parameter list: NetworkPacket
kdeconnectd[1119]: kdeconnect.plugin.sftp: Process started
kdeconnectd[1119]: kdeconnect.plugin.sftp: "XXX" "Remote filesystem mounted at /run/user/1000/719fb2d6a31cfd4d"
kernel: fuse: init (API version 7.31)
kernel: *** VALIDATE fuse ***
kernel: *** VALIDATE fuse ***
systemd[1]: Mounting FUSE Control File System...
systemd[1]: Mounted FUSE Control File System.
kdeconnectd[1119]: kdeconnect.plugin.sftp: stdout: "Unable to negotiate with 192.168.178.29 port 1739: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1\r\n"
kdeconnectd[1119]: kdeconnect.plugin.sftp: stdout: "read: Connection reset by peer\n"
kdeconnectd[1119]: kdeconnect.plugin.sftp: Process failed (exit code: 1 )
kdeconnectd[1119]: kdeconnect.plugin.sftp: Unmount KProcess(0x55837cbda9d0)
systemd[975]: run-user-1000-719fb2d6a31cfd4d.mount: Succeeded.
systemd[1]: run-user-1000-719fb2d6a31cfd4d.mount: Succeeded.
kdeconnectd[1119]: kdeconnect.plugin.sftp: Destroy mounter
kdeconnectd[1119]: kdeconnect.plugin.sftp: Unmount QObject(0x0)
Comment 1 Maciej Stanczew 2020-02-17 20:32:54 UTC 
Regarding workarounds: since the call to sshfs uses "-F /dev/null", config file for SSH (~/.ssh/config) cannot be used to enable diffie-hellman-group14-sha1.
The only workaround I've found is to create a script called "sshfs", with the following content:
  exec /usr/bin/sshfs -oKexAlgorithms=+diffie-hellman-group14-sha1 "$@"
and put it in PATH (before /usr/bin), so that KDE Connect will use it when calling sshfs. After this, I can successfully browse my phone using Dolphin.
(Tested on Arch; sshfs binary may be in a different place in other distributions, and then path in the script would need to be changed.)
Comment 2 David Pape 2020-02-18 20:59:18 UTC 
Has been fixed by adding a key exchange option in the desktop application.
Comment 3 2wxsy58236r3 2020-02-22 01:36:43 UTC 
> Has been fixed by adding a key exchange option in the desktop application.
Could you please give me the URL to the Git commit so that I can try it out? Thank you.
Comment 4 David Pape 2020-02-22 07:46:30 UTC 
Oups, I missread the version number. It was the Arch packager who fixed it. The bug should still be there in the repository https://git.archlinux.org/svntogit/community.git/commit/trunk?h=packages/kdeconnect&id=3f4cabc50dab5ea4ca613c4e48808912e4e5fb71
Comment 5 Dennis Schridde 2020-03-07 22:44:45 UTC 
(In reply to David from comment #2)
> Has been fixed by adding a key exchange option in the desktop application.

Shouldn't this be fixed by fixing the Android app to no longer use deprecated hash algorithms?
Comment 6 Likivik 2020-04-03 17:19:53 UTC 
Can confirm

SOFTWARE/OS VERSIONS
App on Android 9 and Android 10 version 1.13.7
kdeconnect 1.3.5 on Linux


ADDITIONAL INFORMATION
`sudo journalctl --since "1 hour ago" -o cat | grep kdeconnect`:

kdeconnect.plugin.sftp: Mount device: "ONEPLUS"
kdeconnect.plugin.sftp: Created mounter
kdeconnect.plugin.sftp: Starting loop to wait for mount
kdeconnect.kio: Stat:  QUrl("kdeconnect://77ac0c62ffef87e5/")
kdeconnect.plugin.sftp: Mount device: "ONEPLUS"
kdeconnect.plugin.sftp: Unmount QObject(0x0)
kdeconnect.core: Converting IPv6 QHostAddress("::ffff:10.10.10.224") to IPv4 QHostAddress("10.10.10.224")
kdeconnect.plugin.sftp: Starting process:  "sshfs kdeconnect@10.10.10.224:/ /run/user/1001/77ac0c62ffef87e5 -p 1744 -s -f -F /dev/null -o IdentityFile=/home/likivik/.config/kdeconnect/privateKey.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o HostKeyAlgorithms=+ssh-dss -o uid=1001 -o gid=100 -o reconnect -o ServerAliveInterval=30 -o password_stdin"
kdeconnect.plugin.sftp: Process started
kdeconnect.plugin.sftp: "ONEPLUS" "Remote filesystem mounted at /run/user/1001/77ac0c62ffef87e5"
kdeconnect.plugin.sftp: stdout: "Unable to negotiate with 10.10.10.224 port 1744: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1\r\n"
kdeconnect.plugin.sftp: stdout: "read: Connection reset by peer\n"
kdeconnect.plugin.sftp: Process failed (exit code: 1 )
kdeconnect.plugin.sftp: Unmount KProcess(0x15ae280)
kdeconnect.plugin.sftp: Destroy mounter
kdeconnect.plugin.sftp: Unmount QObject(0x0)
Comment 7 poloking 2020-04-03 18:53:49 UTC 
I started an "issue" in the GitLab, here: https://invent.kde.org/kde/kdeconnect-android/-/issues/19


I see that solution could work (Though I can't get it to). Would an alternative solution be to compile sshfs with the patch from here?:
https://git.archlinux.org/svntogit/community.git/tree/trunk/kdeconnect-openssh-8.2.patch?id=3f4cabc50dab5ea4ca613c4e48808912e4e5fb71
Comment 8 Philip C 2023-05-08 21:55:34 UTC 
As per discussion in the Telegram group and on the linked merge request https://invent.kde.org/network/kdeconnect-kde/-/merge_requests/239, this was fixed sometime in 2020. Please make a new bug if you see this appear again.