Page 1 of 1

Fedora and sftp key upgrades?

Posted: Tue Mar 16, 2021 12:13 am
by urilabob
Fedora 33 has released a stricter policy on strong key encryption. I guess this will soon be followed by other distros. It results in the following host error message when trying to use andftp to upload to a fedora 33 system:
Unable to negotiate with <omitted for privacy>: no matching host key type found. Their offer: ssh-rsa,ssh-dss [preauth]
  • Is there any way to get andftp to use more secure keys so that it can play with an unmodified Fedora 33?
  • If not, is there a plan to upgrade the available encryption (since I can easily modify the phone, there's no problem for me if this isn't the default setting)?
The new fedora 33 default policy is:
  • Keep only TLS 1.2 (and TLS 1.3 when available) as enabled protocols and move the TLS 1.x, x<=1 to legacy level.
  • Require finite field parameters (RSA, Diffie-Hellman) of 2048 and more in the default settings
  • Disable SHA1 support for use in signatures (X.509 certificates, TLS, IPSEC handshakes)
andftp 5.4 on android 10

Thanks
Bob

Re: Fedora and sftp key upgrades?

Posted: Sun Jan 02, 2022 6:16 pm
by support
Did you try to enable secure provider as described here?
viewtopic.php?f=5&t=25706