difference in sshd protocol options
Ruben
mail at osfux.nl
Wed Apr 8 08:40:26 UTC 2020
Hi David,
I don't know the answer to your question but I had an "interesting" run
last year as well. I couldn't distill from your message whether or not
you got things to work, perhaps my ramblings will save some further
frustration if you didn't.
The android apps I tried all used a Java library for the actual syncing
etc, which I only got working after adding this to my "global" sshd config:
ChallengeResponseAuthentication yes
Without it, all auths (by all apps I tried) resulted in:
# sshd[14279]: error: Received disconnect from X.X.X.X port 35190:3:
com.jcraft.jsch.JSchException: Auth fail [preauth]
My global PasswordAuthentication setting is set to "no".
I also added:
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
to my configuration around that time, can't remember if that was an
actual attempt to allow apps authenticating against OpenSSH or not.
My individual android devices all have a "match" block:
Match User test123
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
PermitTunnel no
PasswordAuthentication yes
This combination works for all apps i've tried since.
Kind Regards,
Ruben
On 4/8/20 7:59 AM, David Mehler wrote:
> Hello,
>
> I just went through an interesting go tonight getting an android file
> manager to connect via sftp to my FreeBSD 12.1 sshd server. I've got
> two questions. Refering to the sshd_config man page the
> HostKeyAlgorithms option and the PubkeyAcceptedKeyTypes options is
> there a difference between the options (both of which appear in the
> default) ssh-rsa and ssh-rsa-cert-v01 at openssh.com?
>
> Thanks.
> Dave.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list