SFTP external storage access | RuntimeException: Invalid size

Server
, ,
1

Steps to reproduce

  1. I use the SFTP option to add external storage; key authenticated > https://doc.owncloud.com/server/admin_manual/configuration/files/external_storage/sftp.html

Expected behaviour

external storage access

Actual behaviour

With the update from 10.6 to 10.7, I no longer have access to my external storage.
This was possible without any problems with 10.6.

Server configuration

Operating system: Ubuntu Server 20.04 LTSR
Web server: nginx/1.18.0
Database: MariaDB 10.3.25
PHP version: PHP 7.4.3
ownCloud version: (see ownCloud admin page)
sudo -u www-data php occ status

  • installed: true
  • first_install_version: unknown
  • version: 10.7.0.4
  • versionstring: 10.7.0
  • edition: Community
    Updated from an older ownCloud :
    10.6
    Where did you install ownCloud from:
    repository

List of activated apps:
Enabled:

  • activity:
    • Version: 2.6.0
    • Path: /var/www/owncloud/apps/activity
  • calendar:
    • Version: 1.6.4
    • Path: /var/www/owncloud/apps/calendar
  • comments:
    • Version: 0.3.0
    • Path: /var/www/owncloud/apps/comments
  • configreport:
    • Version: 0.2.0
    • Path: /var/www/owncloud/apps/configreport
  • contacts:
    • Version: 1.5.5
    • Path: /var/www/owncloud/apps/contacts
  • dav:
    • Version: 0.6.0
    • Path: /var/www/owncloud/apps/dav
  • federatedfilesharing:
    • Version: 0.5.0
    • Path: /var/www/owncloud/apps/federatedfilesharing
  • federation:
    • Version: 0.1.0
    • Path: /var/www/owncloud/apps/federation
  • files:
    • Version: 1.5.2
    • Path: /var/www/owncloud/apps/files
  • files_external:
    • Version: 0.7.1
    • Path: /var/www/owncloud/apps/files_external
  • files_external_ftp:
    • Version: 0.2.1
    • Path: /var/www/owncloud/apps/files_external_ftp
  • files_mediaviewer:
    • Version: 1.0.4
    • Path: /var/www/owncloud/apps/files_mediaviewer
  • files_pdfviewer:
    • Version: 0.12.1
    • Path: /var/www/owncloud/apps/files_pdfviewer
  • files_sharing:
    • Version: 0.14.0
    • Path: /var/www/owncloud/apps/files_sharing
  • files_texteditor:
    • Version: 2.3.0
    • Path: /var/www/owncloud/apps/files_texteditor
  • files_trashbin:
    • Version: 0.9.1
    • Path: /var/www/owncloud/apps/files_trashbin
  • files_versions:
    • Version: 1.3.0
    • Path: /var/www/owncloud/apps/files_versions
  • firstrunwizard:
    • Version: 1.2.0
    • Path: /var/www/owncloud/apps/firstrunwizard
  • gallery:
    • Version: 16.1.1
    • Path: /var/www/owncloud/apps/gallery
  • market:
    • Version: 0.6.0
    • Path: /var/www/owncloud/apps/market
  • notifications:
    • Version: 0.5.2
    • Path: /var/www/owncloud/apps/notifications
  • provisioning_api:
    • Version: 0.5.0
    • Path: /var/www/owncloud/apps/provisioning_api
  • systemtags:
    • Version: 0.3.0
    • Path: /var/www/owncloud/apps/systemtags
  • tasks:
    • Version: 0.9.7
    • Path: /var/www/owncloud/apps/tasks
  • templateeditor:
    • Version: 0.4.0
    • Path: /var/www/owncloud/apps/templateeditor
  • twofactor_totp:
    • Version: 0.7.1
    • Path: /var/www/owncloud/apps/twofactor_totp
  • updatenotification:
    • Version: 0.2.1
    • Path: /var/www/owncloud/apps/updatenotification

Are you using external storage, if yes which one: sftp.

Are you using encryption: no

Logs

auth.log

Apr 22 15:00:11 4bob sshd[194986]: error: Received disconnect from 192.168.0.69 port 35256:9:  [preauth]
Apr 22 15:00:11 4bob sshd[194986]: Disconnected from 192.168.0.69 port 35256 [preauth]
Apr 22 15:00:11 4bob sshd[194989]: padding error: need 1580 block 8 mod 4 [preauth]
Apr 22 15:00:11 4bob sshd[194989]: ssh_dispatch_run_fatal: Connection from 192.168.0.69 port 35258: message authentication code incorrect [preauth]

ownCloud log (data/owncloud.log)

{"reqId":"OQqTxyuVTGFWuglFJvk9","level":3,"time":"2021-04-22T15:00:11+02:00","remoteAddr":"192.168.0.95","user":"4bob","app":"files_external","method":"GET","url":"\/owncloud\/index.php\/apps\/files_external\/userstorages\/7?testOnly=true","message":"Exception: {\"Exception\":\"RuntimeException\",\"Message\":\"Invalid size\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud\\\/apps\\\/files_external\\\/3rdparty\\\/phpseclib\\\/phpseclib\\\/phpseclib\\\/Net\\\/SSH2.php(3283): phpseclib3\\\\Net\\\\SSH2->read_remaining_bytes()\\n#1 \\\/var\\\/www\\\/owncloud\\\/apps\\\/files_external\\\/3rdparty\\\/phpseclib\\\/phpseclib\\\/phpseclib\\\/Net\\\/SSH2.php(1462): phpseclib3\\\\Net\\\\SSH2->get_binary_packet()\\n#2 \\\/var\\\/www\\\/owncloud\\\/apps\\\/files_external\\\/3rdparty\\\/phpseclib\\\/phpseclib\\\/phpseclib\\\/Net\\\/SSH2.php(1338): phpseclib3\\\\Net\\\\SSH2->key_exchange()\\n#3 \\\/var\\\/www\\\/owncloud\\\/apps\\\/files_external\\\/3rdparty\\\/phpseclib\\\/phpseclib\\\/phpseclib\\\/Net\\\/SSH2.php(2090): phpseclib3\\\\Net\\\\SSH2->connect()\\n#4 \\\/var\\\/www\\\/owncloud\\\/apps\\\/files_external\\\/3rdparty\\\/phpseclib\\\/phpseclib\\\/phpseclib\\\/Net\\\/SSH2.php(2068): phpseclib3\\\\Net\\\\SSH2->sublogin(*** sensitive parameters replaced ***)\\n#5 \\\/var\\\/www\\\/owncloud\\\/apps\\\/files_external\\\/3rdparty\\\/phpseclib\\\/phpseclib\\\/phpseclib\\\/Net\\\/SFTP.php(441): phpseclib3\\\\Net\\\\SSH2->login(*** sensitive parameters replaced ***)\\n#6 \\\/var\\\/www\\\/owncloud\\\/apps\\\/files_external\\\/lib\\\/Lib\\\/Storage\\\/SFTP.php(140): phpseclib3\\\\Net\\\\SFTP->login(*** sensitive parameters replaced ***)\\n#7 \\\/var\\\/www\\\/owncloud\\\/apps\\\/files_external\\\/lib\\\/Lib\\\/Storage\\\/SFTP.php(156): OCA\\\\Files_External\\\\Lib\\\\Storage\\\\SFTP->getConnection()\\n#8 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/External\\\/LegacyUtil.php(207): OCA\\\\Files_External\\\\Lib\\\\Storage\\\\SFTP->test()\\n#9 \\\/var\\\/www\\\/owncloud\\\/apps\\\/files_external\\\/lib\\\/Controller\\\/StoragesController.php(254): OC\\\\Files\\\\External\\\\LegacyUtil::getBackendStatus()\\n#10 \\\/var\\\/www\\\/owncloud\\\/apps\\\/files_external\\\/lib\\\/Controller\\\/StoragesController.php(303): OCA\\\\Files_External\\\\Controller\\\\StoragesController->updateStorageStatus()\\n#11 \\\/var\\\/www\\\/owncloud\\\/apps\\\/files_external\\\/lib\\\/Controller\\\/UserStoragesController.php(105): OCA\\\\Files_External\\\\Controller\\\\StoragesController->show()\\n#12 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(153): OCA\\\\Files_External\\\\Controller\\\\UserStoragesController->show()\\n#13 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(85): OC\\\\AppFramework\\\\Http\\\\Dispatcher->executeController()\\n#14 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/AppFramework\\\/App.php(100): OC\\\\AppFramework\\\\Http\\\\Dispatcher->dispatch()\\n#15 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/AppFramework\\\/Routing\\\/RouteActionHandler.php(47): OC\\\\AppFramework\\\\App::main()\\n#16 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Route\\\/Router.php(341): OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler->__invoke()\\n#17 \\\/var\\\/www\\\/owncloud\\\/lib\\\/base.php(915): OC\\\\Route\\\\Router->match()\\n#18 \\\/var\\\/www\\\/owncloud\\\/index.php(54): OC::handleRequest()\\n#19 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud\\\/apps\\\/files_external\\\/3rdparty\\\/phpseclib\\\/phpseclib\\\/phpseclib\\\/Net\\\/SSH2.php\",\"Line\":3440}"}

Could someone please help me out?

Thank you.

2
  1. start a second ssh server instance in debug mode: /usr/sbin/sshd -ddd -p 2222
  2. connect with your owncloud, follow the process (add external stoarge) dontā€™t forget to add the debug port >> host:2222
  3. validate the output; note that this process will stop after contact.

In my case only ssh-rsa was configured, that was working fine all the time. After extending with ecdsa-sha2-nistp256 and ssh-ed25519 the connection with onwcloud 10.7 works again.

What options do I have to increase debugging on the Owncloud apps?

3

Found this pull request to add modern EC-Ciphers (Ed25519 / Ed449 / Curve25519 / Curve449, ECDSA / ECDH)

That changed a lot inside /var/www/owncloud/apps/files_external/3rdparty/phpseclib/phpseclib/phpseclib/Net/SSH2.php

10.6

use phpseclib\Crypt\Base;
use phpseclib\Crypt\Blowfish;
use phpseclib\Crypt\Hash;
use phpseclib\Crypt\Random;
use phpseclib\Crypt\RC4;
use phpseclib\Crypt\Rijndael;
use phpseclib\Crypt\RSA;
use phpseclib\Crypt\TripleDES;
use phpseclib\Crypt\Twofish;
use phpseclib\Math\BigInteger; // Used to do Diffie-Hellman key exchange and DSA/RSA signature verification.
use phpseclib\System\SSH\Agent;

to 10.7

use phpseclib3\Crypt\Blowfish;
use phpseclib3\Crypt\Hash;
use phpseclib3\Crypt\Random;
use phpseclib3\Crypt\RC4;
use phpseclib3\Crypt\Rijndael;
use phpseclib3\Crypt\Common\PrivateKey;
use phpseclib3\Crypt\RSA;
use phpseclib3\Crypt\DSA;
use phpseclib3\Crypt\EC;
use phpseclib3\Crypt\DH;
use phpseclib3\Crypt\TripleDES;
use phpseclib3\Crypt\Twofish;
use phpseclib3\Crypt\ChaCha20;
use phpseclib3\Math\BigInteger; // Used to do Diffie-Hellman key exchange and DSA/RSA signature verification.
use phpseclib3\System\SSH\Agent;
use phpseclib3\System\SSH\Agent\Identity as AgentIdentity;
use phpseclib3\Exception\NoSupportedAlgorithmsException;
use phpseclib3\Exception\UnsupportedAlgorithmException;
use phpseclib3\Exception\UnsupportedCurveException;
use phpseclib3\Exception\ConnectionClosedException;
use phpseclib3\Exception\UnableToConnectException;
use phpseclib3\Exception\InsufficientSetupException;
use phpseclib3\Common\Functions\Strings;

But RSA is now broken; You can reproduce it very easy:

  1. download Ubuntu Server 20.04.2 https://ubuntu.com/download/server
  2. Install it, add only the open ssh server as additional package option
  3. login; change the ssh server configuration under /etc/ssh/sshd_config
    uncomment > #HostKey /etc/ssh/ssh_host_rsa_key
    restart the service > systemctl restart sshd.service
  4. start owncloud > docker run -e OWNCLOUD_DOMAIN=localhost:8080 -p 8080:8080 owncloud/server:10.7.0
  5. add new installed Server as the external storage
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 461
debug2: parse_server_config_depth: config /etc/ssh/sshd_config len 461
debug2: /etc/ssh/sshd_config line 13: new include /etc/ssh/sshd_config.d/*.conf
debug2: /etc/ssh/sshd_config line 13: no match for /etc/ssh/sshd_config.d/*.conf
debug3: /etc/ssh/sshd_config:20 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:34 setting PermitRootLogin yes
debug3: /etc/ssh/sshd_config:39 setting PubkeyAuthentication yes
debug3: /etc/ssh/sshd_config:42 setting AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
debug3: /etc/ssh/sshd_config:63 setting ChallengeResponseAuthentication yes
debug3: /etc/ssh/sshd_config:86 setting UsePAM yes
debug3: /etc/ssh/sshd_config:91 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:95 setting PrintMotd no
debug3: /etc/ssh/sshd_config:113 setting AcceptEnv LANG LC_*
debug3: /etc/ssh/sshd_config:116 setting Subsystem sftp	/usr/lib/openssh/sftp-server
debug3: /etc/ssh/sshd_config:124 setting PasswordAuthentication yes
debug1: sshd version OpenSSH_8.2, OpenSSL 1.1.1f  31 Mar 2020
debug1: private host key #0: ssh-rsa SHA256:lPNFOpxrU2DezYbhV/c3BIrHdQuKHQJuuHi1YWy9gXU
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='2222'
debug3: oom_adjust_setup
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 2222 on 0.0.0.0.
Server listening on 0.0.0.0 port 2222.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 2222 on ::.
Server listening on :: port 2222.
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 461
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug3: recv_rexec_state: entering fd = 5
debug3: ssh_msg_recv entering
debug3: recv_rexec_state: done
debug2: parse_server_config_depth: config rexec len 461
debug2: parse_server_config_depth: config  len 0
debug3: rexec:20 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: rexec:34 setting PermitRootLogin yes
debug3: rexec:39 setting PubkeyAuthentication yes
debug3: rexec:42 setting AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
debug3: rexec:63 setting ChallengeResponseAuthentication yes
debug3: rexec:86 setting UsePAM yes
debug3: rexec:91 setting X11Forwarding yes
debug3: rexec:95 setting PrintMotd no
debug3: rexec:113 setting AcceptEnv LANG LC_*
debug3: rexec:116 setting Subsystem sftp	/usr/lib/openssh/sftp-server
debug3: rexec:124 setting PasswordAuthentication yes
debug1: sshd version OpenSSH_8.2, OpenSSL 1.1.1f  31 Mar 2020
debug1: private host key #0: ssh-rsa SHA256:lPNFOpxrU2DezYbhV/c3BIrHdQuKHQJuuHi1YWy9gXU
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.0.42 port 44116 on 192.168.100.23 port 2222 rdomain ""
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.2
debug1: Remote protocol version 2.0, remote software version phpseclib_3.0 (libsodium, openssl, gmp)
debug1: no match: phpseclib_3.0 (libsodium, openssl, gmp)
debug2: fd 3 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing seccomp filter sandbox
debug2: Network child is on pid 2342
debug3: preauth child monitor started
debug3: privsep user:group 111:65534 [preauth]
debug1: permanently_set_uid: 111/65534 [preauth]
debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa [preauth]
debug3: send packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug3: receive packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: local server KEXINIT proposal [preauth]
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 [preauth]
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa [preauth]
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: compression ctos: none,zlib@openssh.com [preauth]
debug2: compression stoc: none,zlib@openssh.com [preauth]
debug2: languages ctos:  [preauth]
debug2: languages stoc:  [preauth]
debug2: first_kex_follows 0  [preauth]
debug2: reserved 0  [preauth]
debug2: peer client KEXINIT proposal [preauth]
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group1-sha1 [preauth]
debug2: host key algorithms: ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512,ssh-rsa,ssh-dss [preauth]
debug2: ciphers ctos: aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,twofish128-ctr,twofish192-ctr,twofish256-ctr,twofish128-cbc,twofish192-cbc,twofish256-cbc,twofish-cbc [preauth]
debug2: ciphers stoc: aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,twofish128-ctr,twofish192-ctr,twofish256-ctr,twofish128-cbc,twofish192-cbc,twofish256-cbc,twofish-cbc [preauth]
debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,umac-64@openssh.com,umac-128@openssh.com,hmac-sha1-96,hmac-sha1,hmac-md5-96,hmac-md5 [preauth]
debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,umac-64@openssh.com,umac-128@openssh.com,hmac-sha1-96,hmac-sha1,hmac-md5-96,hmac-md5 [preauth]
debug2: compression ctos: none [preauth]
debug2: compression stoc: none [preauth]
debug2: languages ctos:  [preauth]
debug2: languages stoc:  [preauth]
debug2: first_kex_follows 0  [preauth]
debug2: reserved 0  [preauth]
debug1: kex: algorithm: curve25519-sha256 [preauth]
debug1: kex: host key algorithm: rsa-sha2-256 [preauth]
debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth]
debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug3: receive packet: type 30 [preauth]
debug3: mm_sshkey_sign entering [preauth]
debug3: mm_request_send entering: type 6 [preauth]
debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
debug3: mm_request_receive_expect entering: type 7 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 6
debug3: mm_answer_sign
debug3: mm_answer_sign: KEX signature 0x557fd86dcb20(404)
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling now
debug3: send packet: type 31 [preauth]
debug3: send packet: type 21 [preauth]
debug2: set_newkeys: mode 1 [preauth]
debug1: rekey out after 4294967296 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug3: receive packet: type 21 [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug2: set_newkeys: mode 0 [preauth]
debug1: rekey in after 4294967296 blocks [preauth]
debug1: KEX done [preauth]
debug3: receive packet: type 1 [preauth]
Received disconnect from 192.168.0.42 port 44116:9:  [preauth]
Disconnected from 192.168.0.42 port 44116 [preauth]
debug1: do_cleanup [preauth]
debug3: PAM: sshpam_thread_cleanup entering [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive entering
debug1: do_cleanup
debug3: PAM: sshpam_thread_cleanup entering
debug1: Killing privsep child 2342
debug1: audit_event: unhandled event 12

Apr 24 08:30:40 c5-demo sshd[2369]: error: Received disconnect from 192.168.0.42 port 41074:9: [preauth]
Apr 24 08:30:40 c5-demo sshd[2369]: Disconnected from 192.168.0.42 port 41074 [preauth]
Apr 24 08:30:40 c5-demo sshd[2371]: padding error: need 1580 block 8 mod 4 [preauth]
Apr 24 08:30:40 c5-demo sshd[2371]: ssh_dispatch_run_fatal: Connection from 192.168.0.42 port 41076: message authentication code incorrect [preauth]

1 Like
4

Same issue here. I use a storage box from Hetzner via SFTP, so i donā€™t have access to the logs on their side, but after their last maintanence I have the same issue with the error code for occ files_external verify X

- message: RuntimeException: Invalid size

5

I found a note here: https://www.openssh.com/txt/release-8.2; ssh-rsa key (2048-bit) using weak hashing algorithm; Which pointed me to this: https://www.ssh-audit.com/hardening_guides.html
I followed this guide to secure my ssh server, after that, there were no more problems. You should also move to modern Ciphers if ssh-rsa is the problem.

Do you have console access?

1 Like
6

Unfortuatley not. Perhaps I write a support ticket fo that. Anyhow, thanks for your efforts @4bob

7

@4bob Is this issue got resolved

8

I am not using ssh i am just trying to connect in sftp username and password is there any way to resolve the same issue

9

I canā€™t tell you that, an Owncloud developer would have to comment on this.
But you should also give more details, look at this post starting form the beginningā€¦

1 Like
10

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.