SparkleShare does not work with hosts that do not supply RSA keys

[Aruee]

I use SparkleShare to sync some folders with our work gitlab. Ever since our it staff updated their server some months ago, I couldn't get SparkleShare to work again. I finally found some time to investigate... and it seems that SparkleShare does not work, when the server doesn't use RSA anymore. The IT folks decided to drop RSA support in favour of ECDAS and ED25519, effectively breaking my SparkleShare setup, but are reluctant to re-introduce an algorithm they consider at least deprecated, if not insecure.

I briefly checked the config files, but it seems that RSA usage is hardcoded into SparkleShare's code.

SparkleShare's logs:

12:33:48 Auth | Fetching host key for xxxxxx.xxx.xx
12:33:48 Cmd | ssh-keyscan -t rsa -p 22 xxxxxx.xxx.xx
12:33:48 Auth | Could not fetch host key
12:33:48 Fetcher | Failed

Retrieving host keys manually:

$ ssh-keyscan -p 22 xxxxxx.xxx.xx
# xxxxxx.xxx.xx:22 SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
# xxxxxx.xxx.xx:22 SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
xxxxxx.xxx.xx ecdsa-sha2-nistp256 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# xxxxxx.xxx.xx:22 SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
xxxxxx.xxx.xx ssh-ed25519 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

The RSA algorithm seems to be hardcoded into SSHAuthenticationInfo.cs and SSHFetcher.cs - so I can't configure my way out of this. What would be the best way to introduce support for more key types? I'd argue for something in a config file, but there probably have been reasons to not do this in the first place, right?

[Aruee]

As a side note, I tried building it via the instructions found on https://github.com/hbons/org.sparkleshare.SparkleShare - that doesn't work, though:

$ flatpak --user remote-add --from gnome https://sdk.gnome.org/gnome.flatpakrepo
Can't load uri https://sdk.gnome.org/gnome.flatpakrepo: Fehler beim Auflösen von »sdk.gnome.org«: Der Name oder der Dienst ist nicht bekannt

[orien3243]

I question why your IT people claim RSA is deprecated. (but thats neither here nor there)
RSA 4096 isn't hacked and computationally is still sound so long as you use RSA 2048 at the bare minimum ( https://security.stackexchange.com/questions/90077/ssh-key-ed25519-vs-rsa )

In any case there is an easy work around solution that can be done once you manage to install sparkleshare. (I was able to install it via flatpak by running the command on flathub, https://www.flathub.org/apps/details/org.sparkleshare.SparkleShare )

Now on to making Sparkleshare right now use ed25519.

In Linux when you navigate to ${HOME}/.config/org.sparkleshare.SparkleShare/ssh

You will notice thats where Sparkleshare puts the ssh key that is used and Sparkleshare really only checks that a *.key and *.key.pub file exist there. So its entirely possible to just over write those files with your ed25519 key there. (or other identity file there that your organization opts to use)

And this works in linux. I tested it. Works like a boss.
Ed25519 https://init.joepcs.com/index.php/s/3YXg2m9w6YTZyxG
RSA https://init.joepcs.com/index.php/s/Z4LfTNy9p6n9jg3

May be one day we will need to have sparkleshare move to ed25519 or some other key generation method and I may propose that when its a possibility. (the smaller key size is a nice feature and it seems this is what all the cool kids are using.)

in windows its located under C:\Users\USERNAME\AppData\Roaming\sparkleshare
However when I tested this shorly after making a previous comment, I found a bit of a bug. the version of openssh included in the current windows binary is out of date and thus not only can the windows version of sparkleshare can not generate or even read ed25519 keys. (like the entire mysgit package there is completely out of date it seems)

[orien3243]

when I manually update the msys binarioes (I just dumped all the binaries that the git sdk compiled into the bin folder of sparkleshare's bin folder) #1987 it also becomes able to use ed25519 keys.

https://init.joepcs.com/index.php/s/rKyATWi6idnoPde