sftp and SMB fail in Dolphin but work from console

0

I'm running KDE on openSUSE Leap 42, and I can connect to an sftp server just fine, from the console:

sftp <user>@<server>

However, when I try the equivalent thing in Dolphin:

sftp://<user>@<server>

I get this message:

kex error : no match for method mac algo client->server: server [hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com,umac-128@openssh.com], client [hmac-sha1]

I have checked that openssh is current, and although I am not quite sure where I would find the quoted sha2 algorithms on my machine, I suppose they must be installed because otherwise the commandline sftp connection could not work. a quick search finds only one provider of /usr/bin/sftp, which is openssh, so it would seem that this is what's running in both cases, and Dolphin is not using a different sftp implementation.

So: Why would Dolphin not be able to use the algorithm that the sftp command seems to happily support? I've not found any place with an sftp configuration that would be exclusive to Dolphin, either.

The server is a Synology NAS device running the latest DSM (6.1) -- and I'm not really in a position to change the configuration.

Update It seems that a very similar problem exists for SAMBA: I'm accessing SAMBA shares (from w Windows server), which have recently been updated to require protocol versions 3.0 and upwards. And wouldn't you know it, all my smb://* shortcuts in dolphin fail now, but mount -t cifs * still works just fine, as long as I specify -o vers=3.0.

This means that dolphin is either using a different implementation of the protocols, or a wrapper on them which removes many of the options which the command line version has (such as access to the latest protocol versions, I assume).

...or maybe there's a way to specify some extra parameters in the URL line in dolphin which I'm not aware of?

Zak

Posted 2017-07-26T11:18:08.557

Reputation: 147

Dolphin is likely using the KDE kio workers under the hood, and maybe they don't support the more recent SSH protocols. What OS is running on he server? – xenoid – 2017-07-26T13:39:34.707

@xenoid: It's a Synology NAS, and it's had the last update today (but the problem has been present before that update, too) -- I added this to the question – Zak – 2017-07-26T13:57:52.047

Can you convince it to use more ancient versions of SSH protocols? – xenoid – 2017-07-26T14:15:02.803

@xenoid: I can set the permitted encryption methods for https but not for sftp from the GUI. I would rather not mess with them, much less start digging through the device's configuration files since it's serving data to about a dozen other people, and it's working fine, except for the ftp issue -- and that problem clearly rests with dolphin's inability to use modern cyphers – Zak – 2017-07-27T13:48:03.367

Answers

0

Partial solution (for SMB only):

According to this bug report, the problem rests with smbhelper, which is still stuck with SMB1 as default and refuses to go higher unless explicitly told to (that seems like a terrible idea to me, but I didn't develop it, so maybe there's a reason that made sense at the time?)

You can tell smbhelper to change its behaviour by creating the file ~/.smb/smb.conf, with the following content:

[global]
    client max protocol = SMB3

After that, all the SMB connections I had bookmarked in Dolphin work without problems.

More things that don't work:

I also tried adding the client max protocol line to the global smb.conf in \etc\samba\ (and removing it from the local one), but weirdly enough, that only worked for a subset of the SAMBA shares I'm trying to access. Since the local solution is fine for me, that's not an issue in this case, though it would be annoying on multi-user machines...

I had previously gotten the advice to add min protocol = SMB3 to the /etc/samba/smb.conf but that did not do anything for me.

And of course, this still leaves the mystery of how to convince Dolphin to use modern sftp cyphers...

Zak

Posted 2017-07-26T11:18:08.557

Reputation: 147

Asked: 2017-07-26T11:18:08.557

Viewed: 1 513 times

Active: 2017-10-09T11:33:33.330