difference in sshd protocol options

Ruben mail at osfux.nl
Wed Apr 8 08:40:26 UTC 2020

Hi David,

I don't know the answer to your question but I had an "interesting" run 
last year as well. I couldn't distill from your message whether or not 
you got things to work, perhaps my ramblings will save some further 
frustration if you didn't.

The android apps I tried all used a Java library for the actual syncing 
etc, which I only got working after adding this to my "global" sshd config:

ChallengeResponseAuthentication yes

Without it, all auths (by all apps I tried) resulted in:

# sshd[14279]: error: Received disconnect from X.X.X.X port 35190:3: 
com.jcraft.jsch.JSchException: Auth fail [preauth]

My global PasswordAuthentication setting is set to "no".

I also added:

Ciphers aes256-ctr,aes192-ctr,aes128-ctr

to my configuration around that time, can't remember if that was an 
actual attempt to allow apps authenticating against OpenSSH or not.

My individual android devices all have a "match" block:

Match User test123
   ChrootDirectory %h
   ForceCommand internal-sftp
   AllowTcpForwarding no
   PermitTunnel no
   PasswordAuthentication yes

This combination works for all apps i've tried since.

Kind Regards,


On 4/8/20 7:59 AM, David Mehler wrote:
> Hello,
> I just went through an interesting go tonight getting an android file
> manager to connect via sftp to my FreeBSD 12.1 sshd server. I've got
> two questions. Refering to the sshd_config man page the
> HostKeyAlgorithms option and the PubkeyAcceptedKeyTypes options is
> there a difference between the options (both of which appear in the
> default) ssh-rsa and ssh-rsa-cert-v01 at openssh.com?
> Thanks.
> Dave.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list