Trixology

General Category => General Computing/Macintosh => Topic started by: elagache on June 30, 2017, 10:35:49 PM

Title: Change to SSH that might prevent access to your website.
Post by: elagache on June 30, 2017, 10:35:49 PM

Dear WeatherCat web spinners,

Mysteriously, my FTP client (Yummy FTP Pro (http://www.yummysoftware.com/)) started to be unable to SFTP to my web site hosted by GoDaddy.  It generated the following error message:

Unable to negotiate host xxx.xxx.xxx.xxx port 22 no matching host key type found.  Their offer ssh-dss

I checked my hosting options, I didn't see anything I could change, so I did the usual trick of searching for the error message.  That brought this discussion:

https://stackoverflow.com/questions/34208495/unable-to-negotiate-with-xx-xxx-xx-xx-no-matching-host-key-type-found-their-of (https://stackoverflow.com/questions/34208495/unable-to-negotiate-with-xx-xxx-xx-xx-no-matching-host-key-type-found-their-of)

According to that source, the problem is:

The recent openssh version deprecated DSA keys by default. You should suggest to your GIT provider to add some reasonable host key. Relying only on DSA is not a good idea.

The posting suggested a configuration change to allow the old key system to be used instead, but I wasn't able to make this work.  I will contact GoDaddy technical support to see if they can fix this, but in the meantime I can't use SFTP to access my account.  My only choice would be to - of all things - fall back on the less secure FTP.

Sadly it is a example of never having enough time to implement a change in such a way as everyone remains on the same page, and as a result, producing exactly the opposite of the intended effect: users forced to use less secure protocols in order to get their work done.

Oh well, Edouard

Title: Re: Change to SSH that might prevent access to your website.
Post by: xairbusdriver on July 01, 2017, 03:33:32 AM

Just a wild guess, on a completely different server/ISP, all I actually changed in my FTP app's settings (other than the FTP tp SFPT)  was to change from the default port 22 to 2222. Sure beats talking with tech "support". ;)

Title: Nope - didn't work. (Re: Change to SSH)
Post by: elagache on July 01, 2017, 10:01:24 PM

Dear X-Air and WeatherCat troubleshooters,

Quote from: xairbusdriver on July 01, 2017, 03:33:32 AM

Just a wild guess, on a completely different server/ISP, all I actually changed in my FTP app's settings (other than the FTP tp SFPT)  was to change from the default port 22 to 2222. Sure beats talking with tech "support". ;)

Well, I couldn't directly reach GoDaddy via an email which was what I wanted to do.  This wasn't the sort of a problem that could be solved via chat or phone.  I posted a question on their support forum, nobody dared offered a response.  I just tried changing the port number as you suggested - as expected that didn't work either.  I suspect that openSSH has really got the Internet world caught with their pants down on this one.  The really should have made a lot of noise about this before making the change. 

Cheers, Edouard

Title: Re: Change to SSH that might prevent access to your website.
Post by: Blicj11 on July 04, 2017, 12:09:00 AM

This won't likely help you either, but it might help someone else down the line. I use FileZilla and my ISP told me with FileZilla:

For FTPS
Use port 21 and select Explicit FTPS

For SFTP
Select Explicit FTP over TLS

Title: Going to have to dig into OpenSSH docs. (Re: Change to SSH)
Post by: elagache on July 04, 2017, 10:49:40 PM

Dear Blick and WeatherCat troubleshooters,

Quote from: Blicj11 on July 04, 2017, 12:09:00 AM

This won't likely help you either, but it might help someone else down the line. I use FileZilla and my ISP told me with FileZilla:

Alas, indeed neither suggestion relates to the SSH protocols.  My posting on the GoDaddy forum continues to get no replies.  At some point I need to plunge into the OpenSSH documentation and hope I can find an answer myself.

Cheers, Edouard