Go to file
Michal Sojka 8303ccaec3 sftpfs: don't set preferred hostkey methods too restrictively.
This fixes "sftp: failure establishing SSH session (-5)" error that
may appear on some systems when using SFTP link feature. The error
appears even when connecting to the same host via the "ssh" command
works. Whether the error appears or not depends on the content of
~/.ssh/known_hosts file.

Problem description:

Midnight Commander uses ~/.ssh/known_hosts for two reasons. Obviously,
one reason is checking for hostkey match after the SSH handshake. The
second reason is to set preferences which host key the remote side
should send us during the SSH handshake. And this is the problematic
place.

Entries in ~/.ssh/known_hosts store host names either in plain text or
in a hashed form. libssh2 does not export host name hashes, only plain
text host names. When mc tries to find a matching entry to set hostkey
preferences, it cannot cannot reliably match the hashed host names.
Before this change, mc assumed that any entry with hashed host name
matches the connecting host and set hostkey preference to the type of
that key. In many cases, this was incorrect. For example, when the
first hashed entry in ~/.ssh/known_hosts appeared before the matching
non-hashed one, and its key type was ssh-rsa, which is disabled by
default since OpenSSH 8.8 (released 2021-09-26), then mc requested
only the ssh-rsa host key from the remote host. Since this host key is
likely disabled these days, no key was sent by the remote host and mc
reported error -5 (LIBSSH2_ERROR_KEX_FAILURE).

Solution:

In this commit, we fix the problem as follows:

1. When finding a matching known_hosts entry in order to set the
   preferred hostkey method, we ignore the entries with hashed host
   names. If we find no matching entry with the plain text host name,
   no preference is set, resulting in the server sending us whatever
   key it wants and our libssh2 supports it. Likely, that key will
   match an entry with hashed host name later during the host key
   check.

2. If, on the other hand, a matching plain text entry is found, we use
   its type as a preference, but newly, we add other methods as a
   fallback. If the matched entry has a server-supported key type, it
   will be used. If it is not supported by the server (e.g. the old
   ssh-rsa type), the added fallback ensures that the server sends us
   some host key, which will likely match an entry with hashed host
   name later during the host key check.

This solution is not ideal, but I think it's good enough. For example,
the following situation is not solved ideally (I think): The
known_hosts file contains a single entry for some server. It has a
hashed host name and key of type B. Since we ignore hashed entries,
the server can send its host key as type A, which is higher on the
preference list. To the user, it will appear as that she has never
connected to that server before. After accepting the new key, it will
be added to known_hosts and the problem disappears.

Ideal solution would IMHO be to create libssh2_knownhost_find()
function in libssh2. It would allow finding all matching entries (even
with hashed host names) in known_hosts. Midnight commander would then
use all key types of found entries as its preference.

Note: Since the code modified by this commit was inspired by code from
curl, curl has the same problem. See
https://github.com/libssh2/libssh2/issues/676#issuecomment-1741877207.

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2023-10-22 18:03:44 +03:00
.github maint: add auto-sync of pot & hints to transifex 2023-01-05 21:38:35 +01:00
contrib Use configure detected or user specified sed in build system 2023-05-20 19:56:53 +03:00
doc Rename FISH VFS to SHELL one. 2023-10-15 16:04:39 +03:00
lib Rename FISH VFS to SHELL one. 2023-10-15 16:04:39 +03:00
m4.include Rename FISH VFS to SHELL one. 2023-10-15 16:04:39 +03:00
maint Make Travis builds fail if tests fail 2023-08-13 20:39:36 +02:00
misc Rename FISH VFS to SHELL one. 2023-10-15 16:04:39 +03:00
po Update translations from Transifex 2023-08-13 20:48:49 +02:00
src sftpfs: don't set preferred hostkey methods too restrictively. 2023-10-22 18:03:44 +03:00
tests Rename FISH VFS to SHELL one. 2023-10-15 16:04:39 +03:00
.gitattributes Preventing po/*.po files in git-diff output 2011-09-09 12:01:55 +03:00
.gitignore Added autogenerated mc-version.h to the list of git-ignored files 2021-09-29 09:49:03 +02:00
.travis.yml maint: fetch tags on Travis before running the build 2016-03-06 13:38:34 +01:00
acinclude.m4 Ticket #4450: support PCRE2 in the search engine. 2023-03-25 10:07:41 +03:00
AUTHORS Ticket #4450: support PCRE2 in the search engine. 2023-03-25 10:07:41 +03:00
autogen.sh Use configure detected or user specified sed in build system 2023-05-20 19:56:53 +03:00
build-glib2.sh build-glib2.sh: fix URLs. 2020-12-26 15:50:04 +03:00
ChangeLog Ticket #2097: ChangeLog in its current form does not strictly make any sense 2010-05-05 16:24:14 +04:00
configure.ac Rename FISH VFS to SHELL one. 2023-10-15 16:04:39 +03:00
COPYING Moved the main help file (xnc.hlp) and translated help files (es, hu, it, pl, ru and sr directories) to doc/hlp 2009-05-26 17:32:32 +03:00
INSTALL Moved the main help file (xnc.hlp) and translated help files (es, hu, it, pl, ru and sr directories) to doc/hlp 2009-05-26 17:32:32 +03:00
Makefile.am Replaced unportable 'inplace' sed command 2023-05-20 19:57:23 +03:00
NEWS Moved the main help file (xnc.hlp) and translated help files (es, hu, it, pl, ru and sr directories) to doc/hlp 2009-05-26 17:32:32 +03:00
README Moved the main help file (xnc.hlp) and translated help files (es, hu, it, pl, ru and sr directories) to doc/hlp 2009-05-26 17:32:32 +03:00
version.sh Use configure detected or user specified sed in build system 2023-05-20 19:56:53 +03:00

Contents
--------

Introduction
Dependencies
Features
Mini-documentation
Where to get more information
Reporting problems


Introduction
------------

GNU Midnight Commander (also referred to as MC) is a user shell with
text-mode full-screen interface.  It can be run on the OS console,
in xterm and other terminal emulators.

GNU Midnight Commander allows you to manage files while making the most of
your screen and giving you a clear representation of the filesystem, yet
it's simple enough to be run over a telnet or ssh session.

GNU Midnight Commander is released under the GNU General Public
License version 3 or any later version.  A copy of the file is
included with this distribution package.


Dependencies
------------

Please read the file INSTALL for installation instructions
and full list of dependencies.


Features
--------

GNU Midnight Commander was conceived as a free clone of John Socha's
Norton Commander (TM).  It also takes the best from more recent software
with similar interfaces.  GNU Midnight Commander comes with mouse support
on xterm and optionally on the Linux console.

Some features are specific to the POSIX environment MC runs on, some are
familiar to the users of similar software for other operating systems.
The features include:

	* Built in Virtual File System: manipulate remote file systems
          through the FTP and SFTP protocols or over secure shell, browse
          contents of tar, ar, rpm, zip, cpio, lha and rar archives just
	  like local files.

	* Almost all operations work with the virtual file system,
	  enabling you to do complex tasks, like viewing files in
	  archives on an FTP server.

	* Mouse support on most terminal emulators for X Window System
	  as well as on the Linux console.

	* Learn Keys: GNU Midnight Commander may be configured at run
	  time to support any kind of input keys for a given terminal,
	  making its operation possible even on most weird terminals.

	* Text and hex editors are available for you to use (hex editor
	  is a part of the viewer).

	* Hotlist allows you to keep a list of common visited locations,
	  including remote sites and directories inside archives.

	* Command completion: By pressing Alt-Tab in any place where a
	  filename or an executable are expected, GNU Midnight Commander
	  will complete the name for you.  If you press Alt-Tab for the
	  second time, you get a list box with all possible completions.

	* Subshell support: Run your commands by a real shell
	  interpreter.  GNU Midnight Commander interacts with bash,
	  tcsh and zsh to provide you with all of the facilities
	  available in your preferred shell.

	* Find file command can search for the file contents.

	* Background operations allow you to copy or move files from
	  any virtual file system while you do other tasks (i.e., you
	  can do background FTP copies).

	* FTP proxy is supported.

	* Linux file recovery: If you are using Linux, you can recover
	  deleted files from an ext2 or ext3 partition with the undelete
	  file system.  This is a low level file recovery function that
	  can recover files deleted by any program on Linux.

	* External panelization: You can run any arbitrary external
	  command and GNU Midnight Commander will display the output
	  generated as a file listing that can be manipulated as a
	  regular directory.

	* Emacs-like key bindings are used in all widgets.

	* Context dependent actions (open, view, edit) are available.

	* The built-in file viewer, together with the context dependent
	  actions is used to format man pages on the fly, coloring mail
	  messages and more.

	* The built-in editor supports syntax highlighting and external
	  actions, such as spell checking and formatting.


Mini-documentation
------------------

These are hints for the text mode edition:

* Use the F-Keys for invoking the commands in the function key bar.
  If your terminal doesn't support F-keys, you can use the <ESC digit>
  sequence to invoke the corresponding F-digit key.

* Tab changes the current panel.

* All input lines have emacs-like key-bindings (command history is
  accessed through the M-p and M-n keys).

* The panels accept C-n, C-p for browsing the panel (like in Emacs).

* M-Enter copies the currently selected file name to the input line.

* M-Tab completes the current word (or tries to).

* The Virtual File System is a cute addition to the project, you may
  browse in tar and compressed tar files as well as browsing remote
  machines with the shell file system.

* Please read the manual page.

You can access the whole documentation online with the F1 key,
although it's not as nice as the groff printed manual page :-)


Where to get more information
-----------------------------

There is a webpage for GNU Midnight Commander at

https://www.midnight-commander.org/

This page also has current information about mailing lists and some
useful advices how to report bugs.

You can download the latest version of GNU Midnight Commander from

https://www.midnight-commander.org/downloads/


Reporting problems
------------------

You can report bug on our site, please read 

https://www.midnight-commander.org/wiki/doc/reportDefects

Also you can use mc mailing lists to discuss problems.

There are two mailing lists:

  - mc@lists.midnight-commander.org
  - mc-devel@lists.midnight-commander.org

Use mc-devel@ if you are prepared for a more technical discussion
with the developers of the package, otherwise use mc@.

Please don't sent HTML e-mail to either of those mailing lists.

Include the output of "mc --version", the operating system and the
distribution (if applicable) you are using, the compiler and the
configure flags used to compile the program (if you know them).

If the program crashed and produced a core dump, please provide a
stack trace of the program.

You can do this by running gdb like this:

gdb mc core
(gdb) where