I just tried to connect to my homelab over sftp in Dolphin, but it failed with the error, “Authentication failed.” SSH password login is disabled on the server side, and my SSH key uses ED25519-sk cryptography. Here is a screenshot of my connection attempt on Dolphin, and a screenshot of my [successful] connection attempt via Konsole.
Apologies to those without an ultrawide.
Try running dolphin with kio sftp and libssh logging like this
KIO_SFTP_LOG_VERBOSITY=10 KDE_FORK_SLAVES=1 QT_LOGGING_RULES="log_kio_sftp=true;kf.kio.workers.sftp=true;" dolphin --new-window sftp://111.222.333.444
it should show why is failing to authenticate.
Also, what happens if you try to connect using sftp from terminal sftp 111.222.333.444 ?
https://community.kde.org/Guidelines_and_HOWTOs/Debugging/Debugging_IOSlaves/Debugging_kio_sftp
I am encountering a similar issue that just started recently as well, ED25519-sk key too.
Trying your command, I’m seeing that it’s not even attempting to look for the id_ed25519_sk key. It looks for id_ed25519 and can’t find one.
So I generated a new standard id_ed25519 key, added it to my server, and get kf.kio.workers.sftp: [ ssh_userauth_publickey_auto ] ( 3 ) ssh_userauth_publickey_auto: Public key for /home/user/.ssh/id_ed25519 refused by server
But if I specify the id_ed25519 in my config file, I can ssh from konsole just fine.
Sorry, also if I try sftp <server> I get a Permission denied (publickey). in response.
OpenSSH_9.5p1, OpenSSL 3.1.4 24 Oct 2023
debug1: Reading configuration data /home/user/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 2: include /etc/ssh/ssh_config.d/*.conf matched no files
debug2: resolve_canonicalize: hostname 10.1.30.2 is address
debug1: Connecting to 10.1.30.2 [10.1.30.2] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 0
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519 type 3
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519_sk type 12
debug1: identity file /home/user/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/user/.ssh/id_xmss type -1
debug1: identity file /home/user/.ssh/id_xmss-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.2p1 Debian-2
debug1: compat_banner: match: OpenSSH_9.2p1 Debian-2 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.1.30.2:22 as 'user'
debug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: sntrup761x25519-sha512@openssh.com
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:1TaNXxoA81Vlq9124clrUpp8MtUFrcsU74Q8vw9ExOo
debug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '10.1.30.2' is known and matches the ED25519 host key.
debug1: Found key in /home/user/.ssh/known_hosts:6
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/user/.ssh/id_rsa RSA SHA256:o1WQWpgwoumgG+As7IuEqCzcYPst6LSC21ov84mCKpI
debug1: Will attempt key: /home/user/.ssh/id_ecdsa
debug1: Will attempt key: /home/user/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/user/.ssh/id_ed25519 ED25519 SHA256:qyOvLw+mwbb+13m0AxFypM/0OY7TkBM8Z/5KCIL2ABY
debug1: Will attempt key: /home/user/.ssh/id_ed25519_sk ED25519-SK SHA256:RzAdfiDUyUHmxLks+Wsr1DVzcY5w33jMnumT30MO0iY authenticator
debug1: Will attempt key: /home/user/.ssh/id_xmss
debug1: Will attempt key: /home/user/.ssh/id_dsa
debug2: pubkey_prepare: done
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com,ssh-dss,ssh-rsa,rsa-sha2-256,rsa-sha2-512>
debug1: kex_ext_info_check_ver: publickey-hostbound@openssh.com=<0>
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/user/.ssh/id_rsa RSA SHA256:o1WQWpgwoumgG+As7IuEqCzcYPst6LSC21ov84mCKpI
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/user/.ssh/id_ecdsa
debug1: Trying private key: /home/user/.ssh/id_ecdsa_sk
debug1: Offering public key: /home/user/.ssh/id_ed25519 ED25519 SHA256:qyOvLw+mwbb+13m0AxFypM/0OY7TkBM8Z/5KCIL2ABY
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Offering public key: /home/user/.ssh/id_ed25519_sk ED25519-SK SHA256:RzAdfiDUyUHmxLks+Wsr1DVzcY5w33jMnumT30MO0iY authenticator
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/user/.ssh/id_xmss
debug1: Trying private key: /home/user/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
I am using a ed25519 key and I can browse the remote (a vm) from Dolphin using sftp://test@192.168.122.129 and from terminal sftp test@192.168.122.129 on Dolphin it asks me the passphrase and then connects.
Ah that did it for me. I didn’t specify the user before in dolphin, just used the host alias from my config.
So looks like kio_sftp ignores the User in .ssh/config and tries to use the local user instead?
If so, that’s a recent change. I’ve been using just my config alias for months.
Could be an unintentional regression, we should file a bug report. LMK if you can/want to file it, if not I’ll do it later.
If you don’t mind. Work got busy and I won’t be able to get to it for like 8 hours.
I haven’t had a chance to try this out. If I can reproduce, I would love to file the bug report and maybe even come up with a solution to fix it.
I’ve been having issues with sftp not working. Type in correct info and I get an error that the server I am connecting to only allows secure connections. Yet if I use port 22, which is correct, the connection fails. Other software like solid explorer and directory opus on windows works fine.
My apologies for the late reply. For the record, my system has changed since I originally created this post. I am running KDE Plasma 6 on Fedora 40 now.
So here’s the last part of the output by running dolphin with kio sftp and libssh logging:
kf.kio.workers.sftp: [ ssh_agent_get_ident_count ] ( 1 ) ssh_agent_get_ident_count: Answer type: 12, expected answer: 12
kf.kio.workers.sftp: [ ssh_agent_get_ident_count ] ( 3 ) ssh_agent_get_ident_count: Agent count: 0
kf.kio.workers.sftp: [ ssh_userauth_publickey_auto ] ( 3 ) ssh_userauth_publickey_auto: Trying to authenticate with /home/linuxdragon/.ssh/id_ed25519
kf.kio.workers.sftp: [ ssh_key_algorithm_allowed ] ( 3 ) ssh_key_algorithm_allowed: Checking ssh-ed25519 with list <ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com>
kf.kio.workers.sftp: [ ssh_socket_unbuffered_write ] ( 3 ) ssh_socket_unbuffered_write: Enabling POLLOUT for socket
kf.kio.workers.sftp: [ ssh_socket_unbuffered_write ] ( 4 ) ssh_socket_unbuffered_write: wrote 148
kf.kio.workers.sftp: [ packet_send2 ] ( 3 ) packet_send2: packet: wrote [type=50, len=128, padding_size=9, comp=118, payload=118]
kf.kio.workers.sftp: [ ssh_socket_pollcallback ] ( 4 ) ssh_socket_pollcallback: Poll callback on socket 7 (POLLOUT ), out buffer 0
kf.kio.workers.sftp: [ ssh_socket_pollcallback ] ( 4 ) ssh_socket_pollcallback: sending control flow event
kf.kio.workers.sftp: [ ssh_packet_socket_controlflow_callback ] ( 4 ) ssh_packet_socket_controlflow_callback: sending channel_write_wontblock callback
kf.kio.workers.sftp: [ ssh_socket_pollcallback ] ( 4 ) ssh_socket_pollcallback: Poll callback on socket 7 (POLLIN ), out buffer 0
kf.kio.workers.sftp: [ ssh_socket_unbuffered_read ] ( 4 ) ssh_socket_unbuffered_read: read 84
kf.kio.workers.sftp: [ ssh_packet_socket_callback ] ( 3 ) ssh_packet_socket_callback: packet: read type 51 [len=64,padding=19,comp=44,payload=44]
kf.kio.workers.sftp: [ ssh_packet_process ] ( 3 ) ssh_packet_process: Dispatching handler for packet type 51
kf.kio.workers.sftp: [ ssh_packet_userauth_failure ] ( 1 ) ssh_packet_userauth_failure: Access denied for 'publickey'. Authentication that can continue: publickey,gssapi-keyex,gssapi-with-mic
kf.kio.workers.sftp: [ ssh_packet_userauth_failure ] ( 2 ) ssh_packet_userauth_failure: Access denied for 'publickey'. Authentication that can continue: publickey,gssapi-keyex,gssapi-with-mic
kf.kio.workers.sftp: [ ssh_userauth_publickey_auto ] ( 3 ) ssh_userauth_publickey_auto: Public key for /home/linuxdragon/.ssh/id_ed25519 refused by server
kf.kio.workers.sftp: [ ssh_userauth_publickey_auto ] ( 3 ) ssh_userauth_publickey_auto: Trying to authenticate with /home/linuxdragon/.ssh/id_ecdsa
kf.kio.workers.sftp: [ ssh_pki_import_pubkey_file ] ( 1 ) ssh_pki_import_pubkey_file: Error opening /home/linuxdragon/.ssh/id_ecdsa.pub: No such file or directory
kf.kio.workers.sftp: [ ssh_pki_import_privkey_file ] ( 1 ) ssh_pki_import_privkey_file: Error opening /home/linuxdragon/.ssh/id_ecdsa: No such file or directory
kf.kio.workers.sftp: [ ssh_userauth_publickey_auto ] ( 3 ) ssh_userauth_publickey_auto: Private key /home/linuxdragon/.ssh/id_ecdsa doesn't exist.
kf.kio.workers.sftp: [ ssh_userauth_publickey_auto ] ( 3 ) ssh_userauth_publickey_auto: Trying to authenticate with /home/linuxdragon/.ssh/id_rsa
kf.kio.workers.sftp: [ ssh_pki_import_pubkey_file ] ( 1 ) ssh_pki_import_pubkey_file: Error opening /home/linuxdragon/.ssh/id_rsa.pub: No such file or directory
kf.kio.workers.sftp: [ ssh_pki_import_privkey_file ] ( 1 ) ssh_pki_import_privkey_file: Error opening /home/linuxdragon/.ssh/id_rsa: No such file or directory
kf.kio.workers.sftp: [ ssh_userauth_publickey_auto ] ( 3 ) ssh_userauth_publickey_auto: Private key /home/linuxdragon/.ssh/id_rsa doesn't exist.
kf.kio.workers.sftp: [ ssh_userauth_publickey_auto ] ( 2 ) ssh_userauth_publickey_auto: Tried every public key, none matched
kf.kio.workers.sftp: Trying to authenticate with GSSAPI
kf.kio.workers.sftp: [ ssh_userauth_gssapi ] ( 2 ) ssh_userauth_gssapi: Authenticating with gssapi-with-mic
kf.kio.workers.sftp: [ ssh_gssapi_auth_mic ] ( 2 ) ssh_gssapi_auth_mic: Authenticating with gssapi to host 192.168.57.3 with user linuxdragon
kf.kio.workers.sftp:
kf.kio.workers.sftp: [ ssh_socket_unbuffered_write ] ( 3 ) ssh_socket_unbuffered_write: Enabling POLLOUT for socket
kf.kio.workers.sftp: [ ssh_socket_unbuffered_write ] ( 4 ) ssh_socket_unbuffered_write: wrote 52
kf.kio.workers.sftp: [ packet_send2 ] ( 3 ) packet_send2: packet: wrote [type=1, len=32, padding_size=11, comp=20, payload=20]
It doesn’t seem to be trying my id_ed25519_sk key.
So I have switched back to the venerable PCManFM. I’ve kept dolphin on my system, but having a File Manager that just works is honestly a necessity for me and it’s the biggest reason I switched from Gnome to KDE and refuse to use Gnome now. At least with KDE, I can easily switch my default File Manager.