Bug 344517 - kio sftp only supports hmac-sha1
Summary: kio sftp only supports hmac-sha1
Status: RESOLVED UPSTREAM
Alias: None
Product: kio
Classification: Frameworks and Libraries
Component: sftp (show other bugs)
Version: unspecified
Platform: Arch Linux Linux
: NOR normal
Target Milestone: ---
Assignee: Andreas Schneider
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-02-24 09:28 UTC by Florian Jacob
Modified: 2015-05-11 09:32 UTC (History)
2 users (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Jacob 2015-02-24 09:28:07 UTC
I just configured my ssh server to not use SHA1 anymore, and now I can't access it via sftp:// with dolphin. Happens with kio-5.7.0.

Reproducible: Always

Steps to Reproduce:
1. configure your ssh server according to https://stribika.github.io/2015/01/04/secure-secure-shell.html
2. especially, remove hmac-sha1 in /etc/ssh/sshd_config and set MACs to:
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
3. access your server through dolphin by entering sftp://<username>@<server> in the address bar

Actual Results:  
kex error : no match for method mac algo client->server: server [hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com], client [hmac-sha1]

Expected Results:  
support of more secure MACs than hmac-sha1
Comment 1 yann 2015-04-25 06:19:47 UTC
I have the same problem using kubuntu 15.04 with kio-5.9.0.

It's really tricky because with hmac-sha1 support only, it's not possible to get a highly secure connection.
Comment 2 Andreas Schneider 2015-04-27 11:33:49 UTC
We will support other HMACs with libssh 0.7 which will be released next month.

See

https://git.libssh.org/projects/libssh.git/commit/?id=4a089026647073be32ddb0885c12f47496bc709b
Comment 3 Florian Jacob 2015-04-27 16:41:33 UTC
Happy to hear that, thanks. :)
Comment 4 yann 2015-04-28 17:30:29 UTC
I'm happy to hear that to, thanks
Comment 5 Andreas Schneider 2015-05-11 09:32:36 UTC
See https://www.libssh.org/2015/05/11/libssh-0-7-0/