SFTP The authenticity of host 'xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)' can't be established

mebeingken · November 10, 2020, 1:21am

Trying out some new options for hosting and I’m having trouble connecting via SFTP.

Works fine in Filezilla using .pem file.

It is the first connection, so it makes sense that the authenticity error shows up, but how do I get past it?

Thanks!

Testing Connection ...
+ set color:use-color yes
+ set cmd:interactive yes
+ set file:charset utf-8
+ set xfer:clobber on
+ set ftp:timezone 
+ set cmd:show-status yes
+ set cmd:set-term-status yes
+ set ftp:list-options -a
+ set cmd:fail-exit yes
+ set cmd:time-style "%Y-%m-%d %H:%M:%S"
+ set ftp:ssl-allow no
+ set ssl:verify-certificate no
+ set sftp:auto-confirm yes
+ set sftp:connect-program "ssh -a -x -v -i ~/Downloads/**mysite.com**"
+ set net:max-retries 3
+ set net:timeout 20
+ set net:reconnect-interval-base 5
+ set net:reconnect-interval-multiplier 1
+ open -u **user**, sftp://xxx.xxx.xxx.xxx
+ cd /opt/**user**/apache/htdocs
---- Running connect program (ssh -a -x -v -i ~/Downloads/**mysite.com** -s -l **user** xxx.xxx.xxx.xxx sftp)
---> sending a packet, length=5, type=1(INIT), id=0
<--- OpenSSH_8.1p1, LibreSSL 2.7.3
<--- debug1: Reading configuration data /etc/ssh/ssh_config
<--- debug1: /etc/ssh/ssh_config line 47: Applying options for *
<--- debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
<--- debug1: Connection established.             
<--- debug1: identity file /Users/pauka/Downloads/**mysite.com** type -1
<--- debug1: identity file /Users/pauka/Downloads/**mysite.com** type -1
<--- debug1: Local version string SSH-2.0-OpenSSH_8.1
<--- debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9p1 Debian-10+deb10u2
<--- debug1: match: OpenSSH_7.9p1 Debian-10+deb10u2 pat OpenSSH* compat 0x04000000
<--- debug1: Authenticating to xxx.xxx.xxx.xxx:22 as '**user**'
<--- debug1: SSH2_MSG_KEXINIT sent
<--- debug1: SSH2_MSG_KEXINIT received           
<--- debug1: kex: algorithm: curve25519-sha256
<--- debug1: kex: host key algorithm: ecdsa-sha2-nistp256
<--- debug1: kex: server->client cipher: **mysite.com** MAC: <implicit> compression: none
<--- debug1: kex: client->server cipher: **mysite.com** MAC: <implicit> compression: none
<--- debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
<--- debug1: Server host key: ecdsa-sha2-nistp256 SHA256:u4Jc3v8GUNO1diFVbJqX10yUUkXhl1vmdxYHmkZii4g
The authenticity of host 'xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)' can't be established.
<--- ECDSA key fingerprint is SHA256:u4Jc3v8GUNO1diFVbJqX10yUUkXhl1vmdxYHmkZii4g.
**** Timeout - reconnecting                      
---- Disconnecting
---- Running connect program (ssh -a -x -v -i ~/Downloads/**mysite.com** -s -l **user** xxx.xxx.xxx.xxx sftp)
---> sending a packet, length=5, type=1(INIT), id=0
<--- OpenSSH_8.1p1, LibreSSL 2.7.3
<--- debug1: Reading configuration data /etc/ssh/ssh_config
<--- debug1: /etc/ssh/ssh_config line 47: Applying options for *
<--- debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
<--- debug1: Connection established.             
<--- debug1: identity file /Users/pauka/Downloads/**mysite.com** type -1
<--- debug1: identity file /Users/pauka/Downloads/**mysite.com** type -1
<--- debug1: Local version string SSH-2.0-OpenSSH_8.1
<--- debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9p1 Debian-10+deb10u2
<--- debug1: match: OpenSSH_7.9p1 Debian-10+deb10u2 pat OpenSSH* compat 0x04000000
<--- debug1: Authenticating to xxx.xxx.xxx.xxx:22 as '**user**'
<--- debug1: SSH2_MSG_KEXINIT sent
<--- debug1: SSH2_MSG_KEXINIT received           
<--- debug1: kex: algorithm: curve25519-sha256
<--- debug1: kex: host key algorithm: ecdsa-sha2-nistp256
<--- debug1: kex: server->client cipher: **mysite.com** MAC: <implicit> compression: none
<--- debug1: kex: client->server cipher: **mysite.com** MAC: <implicit> compression: none
<--- debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
<--- debug1: Server host key: ecdsa-sha2-nistp256 SHA256:u4Jc3v8GUNO1diFVbJqX10yUUkXhl1vmdxYHmkZii4g
The authenticity of host 'xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)' can't be established.
<--- ECDSA key fingerprint is SHA256:u4Jc3v8GUNO1diFVbJqX10yUUkXhl1vmdxYHmkZii4g.
**** Timeout - reconnecting                      
---- Disconnecting
---- Running connect program (ssh -a -x -v -i ~/Downloads/**mysite.com** -s -l **user** xxx.xxx.xxx.xxx sftp)
---> sending a packet, length=5, type=1(INIT), id=0
<--- OpenSSH_8.1p1, LibreSSL 2.7.3
<--- debug1: Reading configuration data /etc/ssh/ssh_config
<--- debug1: /etc/ssh/ssh_config line 47: Applying options for *
<--- debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
<--- debug1: Connection established.             
<--- debug1: identity file /Users/pauka/Downloads/**mysite.com** type -1
<--- debug1: identity file /Users/pauka/Downloads/**mysite.com** type -1
<--- debug1: Local version string SSH-2.0-OpenSSH_8.1
<--- debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9p1 Debian-10+deb10u2
<--- debug1: match: OpenSSH_7.9p1 Debian-10+deb10u2 pat OpenSSH* compat 0x04000000
<--- debug1: Authenticating to xxx.xxx.xxx.xxx:22 as '**user**'
<--- debug1: SSH2_MSG_KEXINIT sent
<--- debug1: SSH2_MSG_KEXINIT received           
<--- debug1: kex: algorithm: curve25519-sha256
<--- debug1: kex: host key algorithm: ecdsa-sha2-nistp256
<--- debug1: kex: server->client cipher: **mysite.com** MAC: <implicit> compression: none
<--- debug1: kex: client->server cipher: **mysite.com** MAC: <implicit> compression: none
<--- debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
<--- debug1: Server host key: ecdsa-sha2-nistp256 SHA256:u4Jc3v8GUNO1diFVbJqX10yUUkXhl1vmdxYHmkZii4g
The authenticity of host 'xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)' can't be established.
<--- ECDSA key fingerprint is SHA256:u4Jc3v8GUNO1diFVbJqX10yUUkXhl1vmdxYHmkZii4g.
**** Timeout - reconnecting                      
---- Disconnecting
cd: Fatal error: max-retries exceeded

George · November 10, 2020, 8:37am

Maybe check the right key format:

bpj · November 10, 2020, 11:50am

If you’re on Mac, start an SSH connection to the IP address in Terminal and you’ll be asked if you want to add the fingerprint. Once, that’s done you should be able to connect fine.

George · November 10, 2020, 12:35pm

Seems there are some new SSH options to allow automatic fingerprint accepts, not sure if those work on the Mac yet:

mebeingken · November 10, 2020, 2:03pm

Thanks Ben for the reminder. I forgot about the known_hosts file! But ultimately, I didn’t need to add to that (using a terminal ssh connection like you suggested.) You’re solution would obviously work as well.

I sat down to take Ben’s advice, but tried one more time in Wappler to check the logs – this time, it was the typical error about loose permissions on the file. Once I chmod to 600, then it worked directly in Wappler. It’s so strange that this didn’t show up in the first logs I posted.

Oh well, the joy of computing.

Onward.