SUMMARY Access of files on a kdeconnect mounted filesystem is broken, resulting in permission denied error. STEPS TO REPRODUCE 1. Do a fresh install of kdeconnect 1.29.0 on android 13 2. Ensure that MANAGE_EXTERNAL_STORAGE permission is granted to kdeconnect app 3. Pair laptop with android device using kdeconnect or gsconnect 4. Mount android filesystem using `sshfs -p 1739 kdeconnect@192.168.1.40:/ -o ssh_command='ssh -i ~/.config/gsconnect/private.pem -o IdentitiesOnly=yes -o PubkeyAcceptedKeyTypes=+ssh-rsa -v' -d -f mountdir` 5. try to list files with `ls mountdir` OBSERVED RESULT `ls mountdir` results in `permission denied` (even when using sudo) We can see from the sshfs command output that the connection is fine: SSHFS version 3.7.3 executing <ssh> <-i> <~/.config/gsconnect/private.pem> <-o> <IdentitiesOnly=yes> <-o> <PubkeyAcceptedKeyTypes=+ssh-rsa> <-v> <-x> <-a> <-oClearAllForwardings=yes> <-oPort=1739> <-2> <kdeconnect@192.168.1.40> <-s> <sftp> OpenSSH_9.0p1, OpenSSL 3.0.9 30 May 2023 debug1: Reading configuration data /home/yannik/.ssh/config debug1: /home/yannik/.ssh/config line 1: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug1: configuration requests final Match pass debug1: re-parsing configuration debug1: Reading configuration data /home/yannik/.ssh/config debug1: /home/yannik/.ssh/config line 1: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug1: Connecting to 192.168.1.40 [192.168.1.40] port 1739. debug1: Connection established. debug1: identity file /home/yannik/.config/gsconnect/private.pem type -1 debug1: identity file /home/yannik/.config/gsconnect/private.pem-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_9.0 debug1: Remote protocol version 2.0, remote software version SSHD-CORE-0.14.0 debug1: compat_banner: no match: SSHD-CORE-0.14.0 debug1: Authenticating to 192.168.1.40:1739 as 'kdeconnect' debug1: load_hostkeys: fopen /home/yannik/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: ecdh-sha2-nistp384 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none debug1: kex: ecdh-sha2-nistp384 need=32 dh_need=32 debug1: kex: ecdh-sha2-nistp384 need=32 dh_need=32 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: SSH2_MSG_KEX_ECDH_REPLY received debug1: Server host key: ecdsa-sha2-nistp256 SHA256:jeQHsA4OYuqtgdzmrUFYWR1wnhyhNyPtH4Ak9p7z8So debug1: load_hostkeys: fopen /home/yannik/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug1: Host '[192.168.1.40]:1739' is known and matches the ECDSA host key. debug1: Found key in /home/yannik/.ssh/known_hosts:1993 debug1: rekey out after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey in after 4294967296 blocks debug1: get_agent_identities: bound agent to hostkey debug1: get_agent_identities: agent returned 5 keys debug1: Will attempt key: /home/yannik/.config/gsconnect/private.pem explicit debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: password,keyboard-interactive,publickey debug1: Next authentication method: publickey debug1: Trying private key: /home/yannik/.config/gsconnect/private.pem Authenticated to 192.168.1.40 ([192.168.1.40]:1739) using "publickey". debug1: pkcs11_del_provider: called, provider_id = (null) debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: pledge: filesystem debug1: Sending subsystem: sftp Server version: 3 [00001] LSTAT [00002] LSTAT [00001] STATUS 26bytes (10ms) [00003] LSTAT [00002] ATTRS 33bytes (14ms) [00003] STATUS 38bytes (148ms) [00004] LSTAT [00004] STATUS 33bytes (50ms) [00005] LSTAT [00005] STATUS 28bytes (4ms) [00006] OPENDIR [00006] STATUS 22bytes (5ms) [00007] LSTAT [00007] STATUS 33bytes (4ms) [00008] OPENDIR [00008] STATUS 22bytes (4ms) [00009] OPENDIR [00009] STATUS 22bytes (5ms) [00010] OPENDIR [00010] STATUS 22bytes (7ms) [00011] OPENDIR [00011] STATUS 22bytes (6ms) [00012] OPENDIR [00012] STATUS 22bytes (4ms) [00013] OPENDIR [00013] STATUS 22bytes (5ms) [00014] OPENDIR [00014] STATUS 22bytes (4ms) [00015] OPENDIR [00015] STATUS 22bytes (5ms) [00016] OPENDIR [00016] STATUS 22bytes (6ms) [00017] OPENDIR [00017] STATUS 22bytes (6ms) [00018] OPENDIR [00018] STATUS 22bytes (6ms) [00019] OPENDIR [00019] STATUS 22bytes (5ms) [00020] OPENDIR [00020] STATUS 22bytes (5ms) [00021] OPENDIR [00021] STATUS 22bytes (7ms) [00022] OPENDIR [00022] STATUS 22bytes (7ms) [00023] OPENDIR [00023] STATUS 22bytes (5ms) [00024] OPENDIR [00024] STATUS 22bytes (5ms) [00025] OPENDIR [00025] STATUS 22bytes (5ms) [00026] OPENDIR [00026] STATUS 22bytes (10ms) [00027] OPENDIR [00027] STATUS 22bytes (7ms) [00028] OPENDIR [00028] STATUS 22bytes (10ms) [00029] OPENDIR [00029] STATUS 22bytes (5ms) [00030] OPENDIR [00030] STATUS 22bytes (4ms) [00031] OPENDIR [00031] STATUS 22bytes (4ms) [00032] OPENDIR [00032] STATUS 22bytes (10ms) [00033] LSTAT [00033] STATUS 33bytes (6ms) [00034] OPENDIR [00034] STATUS 22bytes (217ms) EXPECTED RESULT `ls` should list the files on the android phone.
On the android side, I can see the following messages using `adb logcat` when trying to access files on the mounted filesystem: 12-20 13:33:58.273 15311 15311 W sshd-SftpSubsys: type=1400 audit(0.0:2980): avc: denied { read } for name="/" dev="dm-2" ino=2 scontext=u:r:untrusted_app:s0:c51,c257,c512,c768 tcontext=u:object_r:rootfs:s0 tclass=dir permissive=0 app=org.kde.kdeconnect_tp
Same here. What works though is `ls mountdir/storage/emulated/0`
Thanks for the beautiful oneliner allowing me to investigate the problem closer Mounting via sftp fails now but has worked before. I am now on KDE Connect 1.31 (updated 10.06.24). Maybe the update screwed up the mounting and I could try to roll back to older versions. Back to the oneliner my output is: """" debug1: hostkeys_find_by_key_hostfile: hostkeys file /home/georg/.ssh/known_hosts2 does not exist debug1: hostkeys_find_by_key_hostfile: hostkeys file /etc/ssh/ssh_known_hosts does not exist debug1: hostkeys_find_by_key_hostfile: hostkeys file /etc/ssh/ssh_known_hosts2 does not exist The authenticity of host '[192.168.0.153]:1739 ([192.168.0.153]:1739)' can't be established. ECDSA key fingerprint is SHA256:vFynwjoH36MBsY9wFJPu6ZpmMwSiws5cUsk3h6DYwyU. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '[192.168.0.153]:1739' (ECDSA) to the list of known hosts. debug1: rekey out after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS """" The mount itself works but for remounting again the question with the fingerprint is raised again. Should that not be stored somewhere as known host?