Author Topic: Change to SSH that might prevent access to your website.  (Read 2135 times)

elagache

  • Global Moderator
  • Storm
  • *****
  • Posts: 6494
    • DW3835
    • KCAORIND10
    • Canebas Weather
  • Station Details: Davis Vantage Pro-2, Mac mini (2018), macOS 10.14.3, WeatherCat 3
Change to SSH that might prevent access to your website.
« on: June 30, 2017, 10:35:49 PM »
Dear WeatherCat web spinners,

Mysteriously, my FTP client (Yummy FTP Pro) started to be unable to SFTP to my web site hosted by GoDaddy.  It generated the following error message:

Unable to negotiate host xxx.xxx.xxx.xxx port 22 no matching host key type found.  Their offer ssh-dss


I checked my hosting options, I didn't see anything I could change, so I did the usual trick of searching for the error message.  That brought this discussion:

https://stackoverflow.com/questions/34208495/unable-to-negotiate-with-xx-xxx-xx-xx-no-matching-host-key-type-found-their-of

According to that source, the problem is:

The recent openssh version deprecated DSA keys by default. You should suggest to your GIT provider to add some reasonable host key. Relying only on DSA is not a good idea.

The posting suggested a configuration change to allow the old key system to be used instead, but I wasn't able to make this work.  I will contact GoDaddy technical support to see if they can fix this, but in the meantime I can't use SFTP to access my account.  My only choice would be to - of all things - fall back on the less secure FTP.

Sadly it is a example of never having enough time to implement a change in such a way as everyone remains on the same page, and as a result, producing exactly the opposite of the intended effect: users forced to use less secure protocols in order to get their work done.

Oh well, Edouard

xairbusdriver

  • Storm
  • *****
  • Posts: 3126
    • EW7115 (E7115)
    • KTNGERMA20
    • Mid-South Weather
  • Station Details: Davis VP2 wireless + remote Anemometer/2014 Mac min - 10.15.7/WC 3.0.5
Re: Change to SSH that might prevent access to your website.
« Reply #1 on: July 01, 2017, 03:33:32 AM »
Just a wild guess, on a completely different server/ISP, all I actually changed in my FTP app's settings (other than the FTP tp SFPT)  was to change from the default port 22 to 2222. Sure beats talking with tech "support". ;)
THERE ARE TWO TYPES OF COUNTRIES
Those that use metric = #1 Measurement system
And the United States = The Banana system


elagache

  • Global Moderator
  • Storm
  • *****
  • Posts: 6494
    • DW3835
    • KCAORIND10
    • Canebas Weather
  • Station Details: Davis Vantage Pro-2, Mac mini (2018), macOS 10.14.3, WeatherCat 3
Nope - didn't work. (Re: Change to SSH)
« Reply #2 on: July 01, 2017, 10:01:24 PM »
Dear X-Air and WeatherCat troubleshooters,

Just a wild guess, on a completely different server/ISP, all I actually changed in my FTP app's settings (other than the FTP tp SFPT)  was to change from the default port 22 to 2222. Sure beats talking with tech "support". ;)

Well, I couldn't directly reach GoDaddy via an email which was what I wanted to do.  This wasn't the sort of a problem that could be solved via chat or phone.  I posted a question on their support forum, nobody dared offered a response.  I just tried changing the port number as you suggested - as expected that didn't work either.  I suspect that openSSH has really got the Internet world caught with their pants down on this one.  The really should have made a lot of noise about this before making the change. 

Cheers, Edouard

Blicj11

  • Storm
  • *****
  • Posts: 3941
    • EW3808
    • KUTHEBER6
    • Timber Lakes Weather
  • Station Details: Davis Vantage Pro2 Plus | WeatherLinkIP Data Logger | iMac (2019), 3.6 GHz Intel Core i9, 40 GB RAM, macOS Ventura 13.6 | Sharx SCNC2900 Webcam | WeatherCat 3.3 | Supportive Wife
Re: Change to SSH that might prevent access to your website.
« Reply #3 on: July 04, 2017, 12:09:00 AM »
This won't likely help you either, but it might help someone else down the line. I use FileZilla and my ISP told me with FileZilla:

For FTPS
Use port 21 and select Explicit FTPS

For SFTP
Select Explicit FTP over TLS
Blick


elagache

  • Global Moderator
  • Storm
  • *****
  • Posts: 6494
    • DW3835
    • KCAORIND10
    • Canebas Weather
  • Station Details: Davis Vantage Pro-2, Mac mini (2018), macOS 10.14.3, WeatherCat 3
Going to have to dig into OpenSSH docs. (Re: Change to SSH)
« Reply #4 on: July 04, 2017, 10:49:40 PM »
Dear Blick and WeatherCat troubleshooters,

This won't likely help you either, but it might help someone else down the line. I use FileZilla and my ISP told me with FileZilla:

Alas, indeed neither suggestion relates to the SSH protocols.  My posting on the GoDaddy forum continues to get no replies.  At some point I need to plunge into the OpenSSH documentation and hope I can find an answer myself.

Cheers, Edouard