Fedora and sftp key upgrades?

FTP client for Android handsets.
Post Reply
urilabob
Posts: 1
Joined: Mon Mar 15, 2021 11:42 pm
AntiSpam sum: 8

Fedora and sftp key upgrades?

Post by urilabob »

Fedora 33 has released a stricter policy on strong key encryption. I guess this will soon be followed by other distros. It results in the following host error message when trying to use andftp to upload to a fedora 33 system:
Unable to negotiate with <omitted for privacy>: no matching host key type found. Their offer: ssh-rsa,ssh-dss [preauth]
  • Is there any way to get andftp to use more secure keys so that it can play with an unmodified Fedora 33?
  • If not, is there a plan to upgrade the available encryption (since I can easily modify the phone, there's no problem for me if this isn't the default setting)?
The new fedora 33 default policy is:
  • Keep only TLS 1.2 (and TLS 1.3 when available) as enabled protocols and move the TLS 1.x, x<=1 to legacy level.
  • Require finite field parameters (RSA, Diffie-Hellman) of 2048 and more in the default settings
  • Disable SHA1 support for use in signatures (X.509 certificates, TLS, IPSEC handshakes)
andftp 5.4 on android 10

Thanks
Bob

support
Posts: 853
Joined: Sun Apr 20, 2008 4:40 pm

Re: Fedora and sftp key upgrades?

Post by support »

Did you try to enable secure provider as described here?
viewtopic.php?f=5&t=25706

Post Reply