NuSphere Forums Forum Index
NuSphere Forums
Reply to topic
After upgrade to PHpEd 20, can't connect for server upload


Joined: 12 Jun 2023
Posts: 4
Reply with quote
I know your forum rules say don't post technical probs here, but I've sent two support requests and never received an answer.

I recently updated to PhpEd 20.0 (build 20033) (Pro) and can no longer upload files to my Ubuntu server (22.04.2) [Connection denied]. I'm using public key method. SSH (v2 only)

Ubunt0 22.04, by default does not support RSA. By adding this line:

PubkeyAcceptedAlgorithms +ssh-rsa

to /etc/ssh/sshd_config

PhpEd can connect, but downgrading the security like this is not reccomended.

Note that other apps I use such as Putty and FileZiila (which use the same public key method and the same key) do indeed connect as expected. Without needing to modify /etc/ssh/sshd_config

What can I do to make PhpED able to connect (simple uploading, not talking about debuggin sessions) without modifying my ssh daemon?
View user's profileFind all posts by codepuppySend private message
Site Admin

Joined: 13 Jul 2003
Posts: 8338
Reply with quote
This "sha-rsa" tweak is not about all RSA keys, it's about only SHA-1 RSA keys. Corresponding key algorithm is considered weak and was disabled by default in openssh version 7.3 or around and it is disabled by default in PhpED v20 too.
You'd better use SHA-2 RSA keys or something like ED25519 or ECDSA. See corresponding settings on Keys tab in the Accounts dialog:

_________________
The PHP IDE team
View user's profileFind all posts by dmitriSend private messageVisit poster's website


Joined: 12 Jun 2023
Posts: 4
Reply with quote
Okay. I don't know too much about different keys and algos, but you pointed me in the right direction and now it's working [without the dameon tweak]. Many thanks.
View user's profileFind all posts by codepuppySend private message


Joined: 12 Jun 2023
Posts: 4
Reply with quote
I've got it working with another key type (ECDSA).

The original key has a fingerprint that starts with "ssh-rsa 2048 SHA256". Doesn't that make it a SHA-2 RSA key like you mentioned?

And besides, as I mentioned, the same original key (RSA) (fingerprint ssh-rsa 2048 SHA256) works in other apps (FileZilla, Putty VsCode) to connect to the same server without the need for the ssh deamon tweak.

Why can't PhpEd do the same? My Host Key algos for PhpEd are set just like your screenshot.
View user's profileFind all posts by codepuppySend private message
Site Admin

Joined: 13 Jul 2003
Posts: 8338
Reply with quote
You need to check your host keys -- in /etc/ssh/ if under linux. also you need to check if known_hosts is properly configured -- on the page shown on the screenshot above
The other tools may not be strict enough by default and may allow SHA-1 host keys. PhpED can be relaxed if ssh-rsa is permitted above (not recommended!)

_________________
The PHP IDE team
View user's profileFind all posts by dmitriSend private messageVisit poster's website


Joined: 12 Jun 2023
Posts: 4
Reply with quote
"The other tools may not be strict enough by default and may allow SHA-1 host keys"

Even if so, I'm not using SHA-1 keys. I'm using an RSA SHA-2 key. My server doesn't accept RSA SHA-1 [the ssh deamon tweak is now gone]. The other apps connect using the same key file; PhpEd does not.

PhpED does connect using a ECDSA key.

PhpEd 19 connected using the same RSA SHA-2 key; PhpED 20 does not.

It's working for me with the ECDSA key, but it I wonder why not with the RSA SHA-2 key? It's not a question of authorized_keys on the server. The other apps find it, use it, connect. PhpEd 19 finds it, uses it connects. PhpEd 20 for some reason does not. I'm not sure what else to say. Process of elimination says something is happening differently with PhpEd 20 and RSA SHA-2 keys.
View user's profileFind all posts by codepuppySend private message
Site Admin

Joined: 13 Jul 2003
Posts: 8338
Reply with quote
Sorry, you lost me here. Let's start from the beginning. Seems I posted something unrelated, like host key algorithms. They pretty much alike -- same problem with SHA-1 outdated/deprecated and now prohibited by default.

According to your original post you added `PubkeyAcceptedAlgorithms +ssh-rsa` and PhpED started working. It means that you permitted SHA-1 keys -- the keys that you have configured PhpED to work with. Remove this setting and if PhpED stops working, it means that you still have SHA-1 key.
Start with your account. You may have tunnel account, terminal account and file transfer account, all working with the same host. So if you have all 3, you need to re-visit them all. In these accounts you have "SSH settings" dropdown. This is the name for the SSH settings on the Keys tab. Switch over to it. Then remove everything from "Public key files". You don't need them. Enter the only private key in Private key file(s) input. To make sure that this private key has SHA-2 signature, convert it to public key using ssh-keygen utility, like below:
ssh-keygen -f C:\path\to\id_rsa -y
where C:\path\to\id_rsa is your private key that begins with "-----BEGIN OPENSSH PRIVATE KEY-----" at the upper line.
If the produced public key has rsa-sha -- it means it still is SHA-1. You just need another private key. That's it. Generate new, then extract public key like above, append public key at the bottom in ~/.ssh/authorized_keys on your server. That's pretty straightforward, right?

_________________
The PHP IDE team
View user's profileFind all posts by dmitriSend private messageVisit poster's website
After upgrade to PHpEd 20, can't connect for server upload
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT - 5 Hours  
Page 1 of 1  

  
  
 Reply to topic