SFTP: Device does not mount

[DezValT1r]

⚠️ Please Read ⚠️

Summary: The Android App uses a deprecated ssh-rsa host key (upstream issue)

Workaround: Add an exception to ssh_config (instructions)

Describe the bug

Android devices can not be mounted or browsed via SFTP.

Steps To Reproduce:

Try to mount an Android device using the menu item.

Expected behavior

Device should mount and open in Nautilus.

Support Log

ноя 09 21:21:08 gjs[5495]: JS ERROR: SM-A415F: Gio.IOErrorEnum: Сбой подключения
_handleMount/</<@/home/dez/.local/share/gnome-shell/extensions/[email protected]/service/plugins/sftp.js:253:38
@/home/dez/.local/share/gnome-shell/extensions/[email protected]/service/daemon.js:727:17
ноя 09 21:21:08 org.gnome.Shell.Extensions.GSConnect[5495]: [/service/device.js:sendPacket:446]: SM-A415F: {
"id": 1636482068837,
"type": "kdeconnect.sftp.request",
"body": {
"startBrowsing": true
}
}
ноя 09 21:21:08 org.gnome.Shell.Extensions.GSConnect[5495]: [/service/device.js:_readLoop:338]: SM-A415F: {
"id": 1636482067836,
"type": "kdeconnect.sftp",
"body": {
"ip": "192.168.1.2",
"port": 1741,
"user": "kdeconnect",
"password": "hc1FPbfO0dQ2OwDiUVEb06C3R0jx",
"path": "/",
"multiPaths": [
"/primary"
],
"pathNames": [
"primary"
]
}
}
ноя 09 21:21:09 gjs[5495]: JS ERROR: SM-A415F: Gio.IOErrorEnum: Сбой подключения
_handleMount/</<@/home/dez/.local/share/gnome-shell/extensions/[email protected]/service/plugins/sftp.js:253:38
@/home/dez/.local/share/gnome-shell/extensions/[email protected]/service/daemon.js:727:17

System Details (please complete the following information):

• GSConnect version: 47
  • Installed from: [e.g. GNOME Extensions Website, GitHub, Package Manager, ...]
• GNOME/Shell version: 40,5
• Distro/Release: System: Host: gar-pc Kernel: 5.14.16-zen1-1-zen x86_64 bits: 64 Desktop: GNOME 40.5
  Distro: Garuda Linux

GSConnect environment (if applicable):

• Paired Device(s): samsung a41
• KDE Connect app version: 1.17.0
• Plugin(s): [if the issue only occurs when using certain plugin(s)]

Additional Notes:

Add any additional information about the problem or your system.

[abhaypatil2000]

Here is my log file. Looks pretty similar.
gsconnect.log

[andyholmes]

If the connection is just outright failing, it's probably a network configuration error. Anything else there should be a real error, indicating why the connection failed.

GSConnect should only try to wipe old host keys if the connection fails with a host key error (ie. old host key), so to then find that the file doesn't exist at all seems like this is probably a configuration problem with your distribution.

I'm not familiar with Garuda Linux at all, so I'm not sure I can help much more than that, sorry.

[Noobsai]

Same issue: Gio.IOErrorEnum: Connection failed.
Arch, gnome 41.1, Samsung S20+, App 1.17.0
I don't how to get detailed information

[DezValT1r]

My distribution has been updated to gnome 41.1, I have removed gsconnect on PC and KDE_connect on phone. Installed it again and paired it. But the mounting did not work. I installed Garuda KDE and Manjaro KDE on the same computer - this function works fine there.

[DezValT1r]

Вот мой лог-файл. Выглядит очень похоже. gsconnect.log

is mounting working for you?

[abhaypatil2000]

If the connection is just outright failing, it's probably a network configuration error. Anything else there should be a real error, indicating why the connection failed.

GSConnect should only try to wipe old host keys if the connection fails with a host key error (ie. old host key), so to then find that the file doesn't exist at all seems like this is probably a configuration problem with your distribution.

I'm not familiar with Garuda Linux at all, so I'm not sure I can help much more than that, sorry.

Earlier it worked on arch linux. When I installed another arch linux image on a different partition, it stopped working. Unfortunately I am unable to access the older arch linux installation, so can't comment whether it still works or not.

[Noobsai]

I tried to connect to SFTP via command line
sftp -P 1740 [email protected]
or
ssh [email protected] -p 1740

Unable to negotiate with 192.168.88.245 port 1740: no matching host key type found. Their offer: ssh-rsa
Connection closed.  
Connection closed

I found a solution after some searching:
Add to the ~/.ssh/config this lines:

Host 192.168.*.*
  HostKeyAlgorithms +ssh-rsa

After that the mounting works again.

Update 1:
I have openssh 8.8p1 which has disabled the ssh-rsa.
https://www.openssh.com/txt/release-8.7

OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.

Update 2:
Related bug for KDE Connect Android app
Bug 443155 kdeconnect breaks when openssh is upgraded to version 8.8p1-1

[doppelhelix]

Thank you @Noobsai
This works!

[abhaypatil2000]

I found a solution after some searching: Add to the ~/.ssh/config this lines:

Host 192.168.88.*
  HostKeyAlgorithms +ssh-rsa

After that the mounting works again.

Yeah this works

[DezValT1r]

I tried to connect to SFTP via command line sftp -P 1740 [email protected] or ssh [email protected] -p 1740

Unable to negotiate with 192.168.88.245 port 1740: no matching host key type found. Their offer: ssh-rsa
Connection closed.  
Connection closed

I found a solution after some searching: Add to the ~/.ssh/config this lines:

Host 192.168.88.*
  HostKeyAlgorithms +ssh-rsa

After that the mounting works again.

Update 1: I have openssh 8.8p1 which has disabled the ssh-rsa. https://www.openssh.com/txt/release-8.7

OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.

Update 2: Related bug for KDE Connect Android app Bug 443155 kdeconnect breaks when openssh is upgraded to version 8.8p1-1

Thank you very much for your research! Hooray, the mounting is working again!

[canbeardig]

Didn't work for me. I created the config file and added the lines but still can't mount.

[DezValT1r]

Didn't work for me. I created the config file and added the lines but still can't mount.

No need to create a config file, I just added this:
Host 192.168.x.x
HostKeyAlgorithms +ssh-rsa
to an existing file, which is located here: /etc/ssh/ssh_config

[canbeardig]

Didn't work for me. I created the config file and added the lines but still can't mount.

No need to create a config file, I just added this: Host 192.168.x.x HostKeyAlgorithms +ssh-rsa to an existing file, which is located here: /etc/ssh/ssh_config

By looking at the original solution, I thought I was supposed to edit or create a config file in the home directory. But I did what you suggested and now it works. Thanks a lot.

[DanMeadWasTaken]

I'm not super knowledgeable about this stuff, but I've tried both versions of the solution in this thread, neither have worked for me. i am having the exact same issue. I even figured maybe the host part was supposed to be my IP, so i tried changing it to that, I've tried all four versions (the two above with the original text and with my ip) in the bottom and the towards the top of the config file.

basically, I've tried every version of the solution given i could think of based on my little knowledge gained from playing around with linux this past month. But i haven't been able to fix it, i'm sure i'm just missing something that is probably really obvious to more knowledgeable people. so some help would be much appreciated.

i'm using gnome 41.1 on Manjaro linux 86x_64, openssh8.8p1-1, and gsconnect 48-1

[andyholmes]

The host is the remote host, in this case I would assume your Android phone.

Unless you're worried about someone sneaking a supercomputer onto your LAN I would just use a glob pattern like 192.168.0.* or whatever your subnet is. Picking a specific IP will be problematic if you're letting DHCP choose your IPs for you.

Like a lot of software, ssh will check in order the user configuration (~/.ssh/config) then the system configuration (/etc/ssh/ssh_config). You should probably only pick one to add the exception to, so as to avoid any possible conflicts. Personally, I would choose the user configuration file, even though you may have to create it and logout/login for it to take effect. It's up to you though.

[DanMeadWasTaken]

okay, this makes some more sense. So, i had actually tried just searching for the user configuration, but i could find no such file, although i did find the system configuration, and thus had been just adding it to that. Do you possibly have a link to how to find my subnet in the case that the glob pattern doesn't work?

So, probably a stupid question then, but i'm guessing based off past experience that the .ssh folder is supposed to be within the home directory? and if so, if it's not present, should i create the folder then put the config inside? And if it's not supposed to be there, where would i find it? Again, really new to this stuff, I've actually had a lot of fun figuring out Linux, but there are still a lot of things i do not know.

[canbeardig]

okay, this makes some more sense. So, i had actually tried just searching for the user configuration, but i could find no such file, although i did find the system configuration, and thus had been just adding it to that. Do you possibly have a link to how to find my subnet in the case that the glob pattern doesn't work?

So, probably a stupid question then, but i'm guessing based off past experience that the .ssh folder is supposed to be within the home directory? and if so, if it's not present, should i create the folder then put the config inside? And if it's not supposed to be there, where would i find it? Again, really new to this stuff, I've actually had a lot of fun figuring out Linux, but there are still a lot of things i do not know.

The config file didn't exist in my home directory. But adding these lines to /etc/ssh/ssh_config did solve the problem:

Host 192.168.*.*
HostKeyAlgorithms +ssh-rsa

[DanMeadWasTaken]

alright, now a new stupid question... honestly i figured out why i wasn't seeing the other file, it was because i was searching from within something else. so now i did find the etc/ssh/ssh_config vs whatever i was apparently changing before with the same name... now then, how do i use root to add the bit to it? as i have tried to just access root then cd into it, but it keeps tell me the directory doesn't exist

at this point, i'd love it if someone told me step by step... I've done similar stuff before, but those files were a bit easier to find and had a step-by-step guide on how to do it. So treat me like i'm five, just as long as it makes some sense to someone who knows next to nothing

EDIT: to explain the multiple files part, it turns out i was searching from home - which was giving me 2 files within the flatpack folder, which has the same exact text as the one within the /etc/ssh/ folder. but those two did nothing when changed, and I've not much of an idea of how to edit the /etc/ssh/ssh_config one, which seems to be the one i need to edit

[DanMeadWasTaken]

scratch that, a quick google search told me how to edit files as root, thankyou guys though! wish i'd known about gedit before... i wouldn't have had to manually count 123 lines of code that one time for ani-cli

[canbeardig]

alright, now a new stupid question... honestly i figured out why i wasn't seeing the other file, it was because i was searching from within something else. so now i did find the etc/ssh/ssh_config vs whatever i was apparently changing before with the same name... now then, how do i use root to add the bit to it? as i have tried to just access root then cd into it, but it keeps tell me the directory doesn't exist

at this point, i'd love it if someone told me step by step... I've done similar stuff before, but those files were a bit easier to find and had a step-by-step guide on how to do it. So treat me like i'm five, just as long as it makes some sense to someone who knows next to nothing

You can right click and Edit as Root/Administrator. Enter your password, open the file, add the lines and save. Not Save As though just Save.

[DanMeadWasTaken]

i know this is a bit innapropriate to waste space on, but you wouldn't be able to imagine the yell of happiness and the fist pump i just did into the air at finally getting this working.... i've tried other things for accessing my files on android, of which didn't work, so working on this for days... earlier found out that since my pc was plugged into the modem and not the router, they were on different networks... felt like an idiot... now to find out i was editing the wrong file for the past, like 6 or so hours.... god i am so happy to have this working

[andyholmes]

For your future reference the tilde (~) is a "shell expansion" that the shell/terminal will automatically replace with the home directory for the current user (ie. ~/foo will expand to /home/username/foo). It's pretty common for people to just use ~/something to refer to the home directory even when they're not talking about shell commands.

[ericktucto]

I tried to connect to SFTP via command line sftp -P 1740 [email protected] or ssh [email protected] -p 1740

Unable to negotiate with 192.168.88.245 port 1740: no matching host key type found. Their offer: ssh-rsa
Connection closed.  
Connection closed

I found a solution after some searching: Add to the ~/.ssh/config this lines:

Host 192.168.88.*
  HostKeyAlgorithms +ssh-rsa

After that the mounting works again.

Update 1: I have openssh 8.8p1 which has disabled the ssh-rsa. https://www.openssh.com/txt/release-8.7

OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.

Update 2: Related bug for KDE Connect Android app Bug 443155 kdeconnect breaks when openssh is upgraded to version 8.8p1-1

It doesn't work for me, I have the following error

[ericktucto]

the ip of my cell phone was 192.168.0.15, for that reason it did not work for me, to know the ip of your cell phone it is necessary to go to the settings and look for the IP address option

[jvalecillos]

I stumbled on this issue today after reading the whole thread, the comments above and the latest entries in the bug report here, it looks like the problem will persist until it is fixed on the Android app.

Perhaps this PR upstream will solve the problem: Draft: Use Elliptic Curve encryption instead of RSA

Food for thought: If GSConnect is a full re-implementation for the Desktop app, someone might as well create their own Android app with the updated dependencies.

[rockiger]

Food for thought: If GSConnect is a full re-implementation for the Desktop app, someone might as well create their own Android app with the updated dependencies.

Please don't. Forking should only be a last resort. Better try to help KDE Connect's mobile app.

[pvagner]

Hello,
It turns out this issue has changed.
I have installed KDE Connect 1.29.0 from F-Droid, paired the devices and now when trying to mount I do receive error saying You don't have permission to access files on sftp://192.168.0.140:1740/ If I run ssh [email protected] -p 1740 I am not receiving host key verification error, instead I am prompted for the password. So it appears host verification is working however I don't know how to debug it further. On android side all the permissions are granted.

[joshcangit]

@pvagner
Reason why it says "You don't have permission to access" is because it is accessing / instead of /storage/emulated/0.
Have to type in the path manually to get it to work.
Maybe a different issue since this is after successfully mounting the device.

[danroxha]

I've read the KDE Connection Android app code, and I noticed that KDE Connection sends multiple paths, but GSConnect only mounts the root directory; Here:

gnome-shell-extension-gsconnect/src/service/plugins/sftp.js

Line 228 in d2a865a

const uri = `sftp://${host}:${packet.body.port}/`;

KDE Connection Android: https://github.com/KDE/kdeconnect-android/blob/6e4a5c367b330dfd90868d9729f8bdeef8a3902f/src/org/kde/kdeconnect/Plugins/SftpPlugin/SftpPlugin.java#L168

As this is my first contact with these code bases, I haven't gone any further, I may be wrong on the points I mentioned.

[pvagner]

The FTP plugin of the android app has no settings since android 10. Thus at the android side of the setup it is not possible to configure SFTP server path.
If the device has more than a single storage it returns multiple paths.
For clients that don't support multiple paths it falls back to the single path "/". And I guess this is a GSConnect situation here.
What the GSConnect response to this might look like? Should it attempts mounting all the paths?
Perhaps more sane default at the android app side of things would be to expose the internal storage path as the single path fallback rather than plain "/".

[danroxha]

I understood.

A solution a little outside the scope of this issue:

The possibility of listing paths to mount in nautilus. Something similar to a list of devices that can be connected to Wi-Fi or Bluetooth instead of just a push button to mount the root volume.

[n6koma7a]

FYI,

i have got sftp connection manually while having adjusted HostKeyAlgorithms

sftp -i ~/.config/kdeconnect/privateKey.pem -P 1740 [email protected]

works but.:

and.. if i do manually: ls /storage/emulated/0

so it is not only SSH/key problem but also GSConnect tries to access "/" and fails at SFTP level,
while should it try other path - it would work.

[knirirr]

If I try connecting to SFTP on my Android phone then the connection is refused:

[I] /v/log ❯❯❯ ssh [email protected] -p 1740
ssh: connect to host 192.168.178.1 port 1740: Connection refused

According to nmap, there isn't anything on that port:

[I] /v/log ❯❯❯ nmap -sT 192.168.178.1  
Starting Nmap 7.94 ( https://nmap.org ) at 2024-04-21 15:12 BST
Nmap scan report for fritz.box (192.168.178.1)
Host is up (0.0080s latency).
Not shown: 991 closed tcp ports (conn-refused)
PORT     STATE SERVICE
21/tcp   open  ftp
53/tcp   open  domain
80/tcp   open  http
139/tcp  open  netbios-ssn
443/tcp  open  https
445/tcp  open  microsoft-ds
5060/tcp open  sip
5357/tcp open  wsdapi
8089/tcp open  unknown

I can't connect on port 21 as I don't know the password.
This is on a Bazzite system (Fedora 39) with a Pixel 6a running GrapheneOS.

[pvagner]

Nmap scan report for fritz.box (192.168.178.1)

I think you might be connecting to a different IP addres not to your phone. Or are you sure your phone has assigned an ipv4 address 192.168.178.1?

[knirirr]

Nmap scan report for fritz.box (192.168.178.1)
I think you might be connecting to a different IP addres not to your phone.

You're quite right; clearly I mistyped the IP address and failed to notice my mistake.
The correct IP address doesn't show any open ports at all.

[Malix-off]

I tried to connect to SFTP via command line sftp -P 1740 [email protected] or ssh [email protected] -p 1740

Unable to negotiate with 192.168.88.245 port 1740: no matching host key type found. Their offer: ssh-rsa
Connection closed.  
Connection closed

I found a solution after some searching: Add to the ~/.ssh/config this lines:

Host 192.168.*.*
  HostKeyAlgorithms +ssh-rsa

After that the mounting works again.

Update 1: I have openssh 8.8p1 which has disabled the ssh-rsa. openssh.com/txt/release-8.7

OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.

Update 2: Related bug for KDE Connect Android app Bug 443155 kdeconnect breaks when openssh is upgraded to version 8.8p1-1

This doesn't seem to work anymore (fedora 40 gnome 46)

[joshcangit]

I think the relevant code is in this file.
src/service/init.js
It's the Gio subprocess to run a openssl req command to generate a rsa:4096 ssh key pair.

I think this needs to be rewritten to multiple commands to instead generate a ed25519 ssh key pair.
I don't think it'll be easy as it's not a single command.

But, the rewrite if it's tested and works, then it might just solve this issue.

[Malix-off]

@DezValT1r does it still work for you?
If not, can you reopen this issue please ?

[khaled-0]

Borked again recently?
sftp -P 1740 [email protected]
asks for password
Mount does nothing

 nmap -p 0-65535 192.168.10.3
Starting Nmap 7.95 ( https://nmap.org ) at 2024-06-16 17:28 +06
Nmap scan report for 192.168.10.3
Host is up (0.010s latency).
Not shown: 65529 closed tcp ports (conn-refused)
PORT     STATE SERVICE
1716/tcp open  xmsg
1739/tcp open  webaccess
1740/tcp open  encore
1741/tcp open  cisco-net-mgmt
1742/tcp open  3Com-nsd
1743/tcp open  cinegrfx-lm
1744/tcp open  ncpm-ft

[Malix-off]

Mount does nothing for me too, clicking simply does nothing

Never used the CLI for it so idk about what's causing the issue