[GLLUG] Using sftp with debian and KDE

James Dutton james.dutton at gmail.com
Thu Sep 21 18:27:44 UTC 2023 

On Thu, 21 Sept 2023 at 11:09, Chris Bell via GLLUG <
gllug at mailman.lug.org.uk> wrote:

> On Wednesday, 20 September 2023 12:42:12 BST Chris Bell via GLLUG wrote:
> > Hello,
> > My main box is still using debian 11. I have been using ftp / sftp for
> many
> > years to transfer files between boxes connected via my own local
> networks,
> > usually using KDE "konqueror" because firefox has tended to complain. I
> have
> > recently found that both are now blocked, and konqueror claims that I
> have
> > aborted the attempt and refuses to retry. I have also discovered that
> duck-
> > duck-go now jumps in uninvited.
> > I run dnsmasq on a local router, and bind9 is running on the same local
> > network.
> > I have also tested using boxes that have been re-installed with debian 12
> > and KDE, and they are showing the same problem.
> > All are happy to connect using SSH. I also need to connect to other
> > legitimate sites such as my remote server.
> > Can someone please explain what is going on?
>
> All the boxes that I am attempt to connect using sftp through KDE
> Konqueror
> are currently connected using ssh, but konqueror is failing to open sftp,
> claiming that there is an authorization problem, yet it appears that
> firefox
> sftp is working at the moment.
> I might try debian with a different desktop next time.
>
>
ssh and sftp support a variety of encryption algorithms.
For ssh to work, both client and server have to have at least one algorithm
enabled that matches on both the client and the server.
For example, if your Konqueror is older, it might be trying an older
encryption algorithm that the newer ssh server does not permit, and thus
refuses to complete negotiation.
It is common for newer ssh versions to deny older, less secure algorithms.
The error reporting is not alway up to scratch, so it is quite common for
negotiation errors to simply be reported as a failed password.
FYI, openvpn fails the same way. If the algorithms don't match, it prompts
for the password again, instead of a more useful error.
A temporary solution, until Konqueror is updated, is to edit the ssh server
configuration to permit older algorithms.

Note, my suggestions above are just a guess, due to the absence of any logs
to look at.

Kind Regards

James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20230921/409dd954/attachment.htm>

More information about the GLLUG mailing list