I just tried to connect to my homelab over sftp in Dolphin, but it failed with the error, “Authentication failed.” SSH password login is disabled on the server side, and my SSH key uses ED25519-sk cryptography. Here is a screenshot of my connection attempt on Dolphin, and a screenshot of my [successful] connection attempt via Konsole.
Apologies to those without an ultrawide.
Try running dolphin with kio sftp and libssh logging like this
KIO_SFTP_LOG_VERBOSITY=10 KDE_FORK_SLAVES=1 QT_LOGGING_RULES="log_kio_sftp=true;kf.kio.workers.sftp=true;" dolphin --new-window sftp://111.222.333.444
it should show why is failing to authenticate.
Also, what happens if you try to connect using sftp from terminal sftp 111.222.333.444 ?
https://community.kde.org/Guidelines_and_HOWTOs/Debugging/Debugging_IOSlaves/Debugging_kio_sftp
I am encountering a similar issue that just started recently as well, ED25519-sk key too.
Trying your command, I’m seeing that it’s not even attempting to look for the id_ed25519_sk key. It looks for id_ed25519 and can’t find one.
So I generated a new standard id_ed25519 key, added it to my server, and get kf.kio.workers.sftp: [ ssh_userauth_publickey_auto ] ( 3 ) ssh_userauth_publickey_auto: Public key for /home/user/.ssh/id_ed25519 refused by server
But if I specify the id_ed25519 in my config file, I can ssh from konsole just fine.
Sorry, also if I try sftp <server> I get a Permission denied (publickey). in response.
OpenSSH_9.5p1, OpenSSL 3.1.4 24 Oct 2023
debug1: Reading configuration data /home/user/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 2: include /etc/ssh/ssh_config.d/*.conf matched no files
debug2: resolve_canonicalize: hostname 10.1.30.2 is address
debug1: Connecting to 10.1.30.2 [10.1.30.2] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 0
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519 type 3
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519_sk type 12
debug1: identity file /home/user/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/user/.ssh/id_xmss type -1
debug1: identity file /home/user/.ssh/id_xmss-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.2p1 Debian-2
debug1: compat_banner: match: OpenSSH_9.2p1 Debian-2 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.1.30.2:22 as 'user'
debug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: sntrup761x25519-sha512@openssh.com
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:1TaNXxoA81Vlq9124clrUpp8MtUFrcsU74Q8vw9ExOo
debug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '10.1.30.2' is known and matches the ED25519 host key.
debug1: Found key in /home/user/.ssh/known_hosts:6
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/user/.ssh/id_rsa RSA SHA256:o1WQWpgwoumgG+As7IuEqCzcYPst6LSC21ov84mCKpI
debug1: Will attempt key: /home/user/.ssh/id_ecdsa
debug1: Will attempt key: /home/user/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/user/.ssh/id_ed25519 ED25519 SHA256:qyOvLw+mwbb+13m0AxFypM/0OY7TkBM8Z/5KCIL2ABY
debug1: Will attempt key: /home/user/.ssh/id_ed25519_sk ED25519-SK SHA256:RzAdfiDUyUHmxLks+Wsr1DVzcY5w33jMnumT30MO0iY authenticator
debug1: Will attempt key: /home/user/.ssh/id_xmss
debug1: Will attempt key: /home/user/.ssh/id_dsa
debug2: pubkey_prepare: done
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com,ssh-dss,ssh-rsa,rsa-sha2-256,rsa-sha2-512>
debug1: kex_ext_info_check_ver: publickey-hostbound@openssh.com=<0>
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/user/.ssh/id_rsa RSA SHA256:o1WQWpgwoumgG+As7IuEqCzcYPst6LSC21ov84mCKpI
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/user/.ssh/id_ecdsa
debug1: Trying private key: /home/user/.ssh/id_ecdsa_sk
debug1: Offering public key: /home/user/.ssh/id_ed25519 ED25519 SHA256:qyOvLw+mwbb+13m0AxFypM/0OY7TkBM8Z/5KCIL2ABY
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Offering public key: /home/user/.ssh/id_ed25519_sk ED25519-SK SHA256:RzAdfiDUyUHmxLks+Wsr1DVzcY5w33jMnumT30MO0iY authenticator
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/user/.ssh/id_xmss
debug1: Trying private key: /home/user/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
I am using a ed25519 key and I can browse the remote (a vm) from Dolphin using sftp://test@192.168.122.129 and from terminal sftp test@192.168.122.129 on Dolphin it asks me the passphrase and then connects.
Ah that did it for me. I didn’t specify the user before in dolphin, just used the host alias from my config.
So looks like kio_sftp ignores the User in .ssh/config and tries to use the local user instead?
If so, that’s a recent change. I’ve been using just my config alias for months.
Could be an unintentional regression, we should file a bug report. LMK if you can/want to file it, if not I’ll do it later.
If you don’t mind. Work got busy and I won’t be able to get to it for like 8 hours.
I haven’t had a chance to try this out. If I can reproduce, I would love to file the bug report and maybe even come up with a solution to fix it.
I’ve been having issues with sftp not working. Type in correct info and I get an error that the server I am connecting to only allows secure connections. Yet if I use port 22, which is correct, the connection fails. Other software like solid explorer and directory opus on windows works fine.
My apologies for the late reply. For the record, my system has changed since I originally created this post. I am running KDE Plasma 6 on Fedora 40 now.
So here’s the last part of the output by running dolphin with kio sftp and libssh logging:
kf.kio.workers.sftp: [ ssh_agent_get_ident_count ] ( 1 ) ssh_agent_get_ident_count: Answer type: 12, expected answer: 12
kf.kio.workers.sftp: [ ssh_agent_get_ident_count ] ( 3 ) ssh_agent_get_ident_count: Agent count: 0
kf.kio.workers.sftp: [ ssh_userauth_publickey_auto ] ( 3 ) ssh_userauth_publickey_auto: Trying to authenticate with /home/linuxdragon/.ssh/id_ed25519
kf.kio.workers.sftp: [ ssh_key_algorithm_allowed ] ( 3 ) ssh_key_algorithm_allowed: Checking ssh-ed25519 with list <ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com>
kf.kio.workers.sftp: [ ssh_socket_unbuffered_write ] ( 3 ) ssh_socket_unbuffered_write: Enabling POLLOUT for socket
kf.kio.workers.sftp: [ ssh_socket_unbuffered_write ] ( 4 ) ssh_socket_unbuffered_write: wrote 148
kf.kio.workers.sftp: [ packet_send2 ] ( 3 ) packet_send2: packet: wrote [type=50, len=128, padding_size=9, comp=118, payload=118]
kf.kio.workers.sftp: [ ssh_socket_pollcallback ] ( 4 ) ssh_socket_pollcallback: Poll callback on socket 7 (POLLOUT ), out buffer 0
kf.kio.workers.sftp: [ ssh_socket_pollcallback ] ( 4 ) ssh_socket_pollcallback: sending control flow event
kf.kio.workers.sftp: [ ssh_packet_socket_controlflow_callback ] ( 4 ) ssh_packet_socket_controlflow_callback: sending channel_write_wontblock callback
kf.kio.workers.sftp: [ ssh_socket_pollcallback ] ( 4 ) ssh_socket_pollcallback: Poll callback on socket 7 (POLLIN ), out buffer 0
kf.kio.workers.sftp: [ ssh_socket_unbuffered_read ] ( 4 ) ssh_socket_unbuffered_read: read 84
kf.kio.workers.sftp: [ ssh_packet_socket_callback ] ( 3 ) ssh_packet_socket_callback: packet: read type 51 [len=64,padding=19,comp=44,payload=44]
kf.kio.workers.sftp: [ ssh_packet_process ] ( 3 ) ssh_packet_process: Dispatching handler for packet type 51
kf.kio.workers.sftp: [ ssh_packet_userauth_failure ] ( 1 ) ssh_packet_userauth_failure: Access denied for 'publickey'. Authentication that can continue: publickey,gssapi-keyex,gssapi-with-mic
kf.kio.workers.sftp: [ ssh_packet_userauth_failure ] ( 2 ) ssh_packet_userauth_failure: Access denied for 'publickey'. Authentication that can continue: publickey,gssapi-keyex,gssapi-with-mic
kf.kio.workers.sftp: [ ssh_userauth_publickey_auto ] ( 3 ) ssh_userauth_publickey_auto: Public key for /home/linuxdragon/.ssh/id_ed25519 refused by server
kf.kio.workers.sftp: [ ssh_userauth_publickey_auto ] ( 3 ) ssh_userauth_publickey_auto: Trying to authenticate with /home/linuxdragon/.ssh/id_ecdsa
kf.kio.workers.sftp: [ ssh_pki_import_pubkey_file ] ( 1 ) ssh_pki_import_pubkey_file: Error opening /home/linuxdragon/.ssh/id_ecdsa.pub: No such file or directory
kf.kio.workers.sftp: [ ssh_pki_import_privkey_file ] ( 1 ) ssh_pki_import_privkey_file: Error opening /home/linuxdragon/.ssh/id_ecdsa: No such file or directory
kf.kio.workers.sftp: [ ssh_userauth_publickey_auto ] ( 3 ) ssh_userauth_publickey_auto: Private key /home/linuxdragon/.ssh/id_ecdsa doesn't exist.
kf.kio.workers.sftp: [ ssh_userauth_publickey_auto ] ( 3 ) ssh_userauth_publickey_auto: Trying to authenticate with /home/linuxdragon/.ssh/id_rsa
kf.kio.workers.sftp: [ ssh_pki_import_pubkey_file ] ( 1 ) ssh_pki_import_pubkey_file: Error opening /home/linuxdragon/.ssh/id_rsa.pub: No such file or directory
kf.kio.workers.sftp: [ ssh_pki_import_privkey_file ] ( 1 ) ssh_pki_import_privkey_file: Error opening /home/linuxdragon/.ssh/id_rsa: No such file or directory
kf.kio.workers.sftp: [ ssh_userauth_publickey_auto ] ( 3 ) ssh_userauth_publickey_auto: Private key /home/linuxdragon/.ssh/id_rsa doesn't exist.
kf.kio.workers.sftp: [ ssh_userauth_publickey_auto ] ( 2 ) ssh_userauth_publickey_auto: Tried every public key, none matched
kf.kio.workers.sftp: Trying to authenticate with GSSAPI
kf.kio.workers.sftp: [ ssh_userauth_gssapi ] ( 2 ) ssh_userauth_gssapi: Authenticating with gssapi-with-mic
kf.kio.workers.sftp: [ ssh_gssapi_auth_mic ] ( 2 ) ssh_gssapi_auth_mic: Authenticating with gssapi to host 192.168.57.3 with user linuxdragon
kf.kio.workers.sftp:
kf.kio.workers.sftp: [ ssh_socket_unbuffered_write ] ( 3 ) ssh_socket_unbuffered_write: Enabling POLLOUT for socket
kf.kio.workers.sftp: [ ssh_socket_unbuffered_write ] ( 4 ) ssh_socket_unbuffered_write: wrote 52
kf.kio.workers.sftp: [ packet_send2 ] ( 3 ) packet_send2: packet: wrote [type=1, len=32, padding_size=11, comp=20, payload=20]
It doesn’t seem to be trying my id_ed25519_sk key.
So I have switched back to the venerable PCManFM. I’ve kept dolphin on my system, but having a File Manager that just works is honestly a necessity for me and it’s the biggest reason I switched from Gnome to KDE and refuse to use Gnome now. At least with KDE, I can easily switch my default File Manager.
I’m going to try to look more into this, and fix this issue. I do believe it is a bug in dolphin, but also I think it is as good as any of a place for me to get started with code contributions to the KDE project.
Hello, I’ve been trying to connect to my home server using sftp://ggg@shiro.lan/.
I’ve enabled the verbose logging and curiously found the following:
kf.kio.workers.sftp: [ ssh_packet_userauth_failure ] ( 3 ) ssh_packet_userauth_failure: Access denied for 'none'. Authentication that can continue: publickey,password,keyboard-interactive
kf.kio.workers.sftp: Trying to authenticate with public key
kf.kio.workers.sftp: [ ssh_userauth_publickey_auto ] ( 3 ) ssh_userauth_publickey_auto: Trying to authenticate with /home/ggg/.ssh/id_ed25519
kf.kio.workers.sftp: [ pki_private_key_from_base64 ] ( 4 ) pki_private_key_from_base64: Error parsing private key: error:1E08010C:DECODER routines::unsupported
kf.kio.workers.sftp: Public key authentication failed: "Failed to import public key: /home/ggg/.ssh/id_ed25519.pub"
From what was being said above, it should work with ed25519 keys, but it seems like it doesn’t?
I’m unsure if it’s related to the following:
kf.kio.workers.sftp: [ ssh_client_select_hostkeys ] ( 3 ) ssh_client_select_hostkeys: Order of wanted host keys: "ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256"
kf.kio.workers.sftp: [ ssh_key_cmp ] ( 3 ) ssh_key_cmp: key types don't match!
kf.kio.workers.sftp: [ ssh_client_select_hostkeys ] ( 3 ) ssh_client_select_hostkeys: Algorithms found in known_hosts files: "ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa"
kf.kio.workers.sftp: [ ssh_client_select_hostkeys ] ( 3 ) ssh_client_select_hostkeys: Changing host key method to "ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com"
What are your version numbers?
Access denied for 'none'
Seems like Dolphin is not taking into account, the username that you gave.
Then, it is somehow not able to understand the private key, so another question would be: what did you use to make the key?
I have added the host-name, user-name and identity-file-location in an ssh config file and it seems to work well for me. And I use ed25519 too.
Can you try using the “Add Network Folder” dialog for once, instead of directly adding the thing to the Address bar? Maybe the problem is just with the address bar implementation?
What are your version numbers?
I’m on 25.08.0
To make the key I used ssh-keygen -t ed25519 like usual…
I tried to use the “Add Network Folder” dialog but it reported “Unable to connect to server” and nothing was output to the console (even though the env vars were set):
Maybe the problem is just with the address bar implementation?
Doesn’t seem to be, considering that further up in the logs it reports the user correctly:
kf.kio.workers.sftp: username= "ggg" , host= "shiro.lan" , port= 22
In my SSH config these are the settings I have:
Host shiro.lan
HostName shiro.lan
User ggg
IdentityFile ~/.ssh/id_ed25519
IdentitiesOnly yes
I am on the same version, so tried it out…
I have been unable to reproduce this, even after trying adding a ‘.’ in the name of the "Host field.
It really does seem to be a problem related to the error messages you gave on top.
Just to be sure, you are able to use it with the terminal, right?
Could it be a Flatpak/Snap thing, where Dolphin may be using a different version of ssh, which for some reason is unable to use the keys that you have generated?
Just to be sure, you are able to use it with the terminal, right?
Yes, it works normally.
Could it be a Flatpak/Snap thing
I’m not on flatpak/snap, I’m using it native from NixOS, I’ll check if it’s using the correct ssh library