SFTP uses deprecated ssh_rsa instead of rsa-sha2-256 for signature algorithm

[zhanghai]

What version of RCX are you using (About -> App version)?

RCX 1.12.2 (F-Droid) with Rclone v1.55.1-rcx

What is your Android version, phone model and manufacturer?

OxygenOS 13.0 (Android 13) on OnePlus 10 Pro by OnePlus

Which steps are required to reproduce this issue?

Connect to an SFTP remote with a (4096-bit) RSA key_pem.

The Rclone process from RCX will try to authenticate with the ssh_rsa signature algorithm instead of rsa-sha2-256, which results in a rejection from recent OpenSSH server due to its deprecation. The server side log shows:

openssh-server_1  | userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]

Whereas using the same rclone config on desktop (with Rclone v1.61.1 on Arch Linux), it does use rsa-sha2-256 and succeeds. The server side log shows:

openssh-server_1  | Accepted publickey for [redacted] from [redacted] port [redacted] ssh2: RSA SHA256:[redacted]

According to the OpenSSH release notes linked in https://security.stackexchange.com/a/226133:

The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These algorithms have the advantage of using the same key type as "ssh-rsa" but use the safe SHA-2 hash algorithms. These have been supported since OpenSSH 7.2 and are already used by default if the client and server support them.

(Not sure if this is related to golang/go#56342 , but the Rclone version shipped with RCX is older instead of newer than the desktop version that's working fine.)

What is your configuration (rclone.conf)?

[xyz]
type = sftp
host = [redacted]
user = [redacted]
port = [redacted]
key_pem = [redacted]
key_file_pass = [redacted]
shell_type = unix
md5sum_command = md5sum
sha1sum_command = sha1sum
chunk_size = 252Ki

Does the same issue also occur when using the same configuration on a PC or in Termux?

No.

What are the contents of Android/data/io.github.x0b.rcx/files/logs/log.txt?

log.txt (click to expand)

2023-03-03 15:40:20 - 2023/03/03 23:40:08 DEBUG : Using config file from "/data/user/0/io.github.x0b.rcx/files/rclone.conf"
2023/03/03 23:40:08 DEBUG : rclone: Version "v1.55.1-rcx" starting with parameters ["/data/app/~~OKy0Mg39FCKyLZaiOAxU0A==/io.github.x0b.rcx-OApgq20GRaTe9QmlezaKwg==/lib/arm64/librclone.so" "--cache-chunk-path" "/data/user/0/io.github.x0b.rcx/cache" "--cache-db-path" "/data/user/0/io.github.x0b.rcx/cache" "--config" "/data/user/0/io.github.x0b.rcx/files/rclone.conf" "-vvv" "lsjson" "xyz:/"]
2023/03/03 23:40:08 DEBUG : Creating backend with remote "xyz:/"
2023/03/03 23:40:09 DEBUG : pacer: low level retry 1/10 (error couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain)
2023/03/03 23:40:09 DEBUG : pacer: Rate limited, increasing sleep to 200ms
2023/03/03 23:40:09 DEBUG : pacer: low level retry 2/10 (error couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain)
2023/03/03 23:40:09 DEBUG : pacer: Rate limited, increasing sleep to 400ms
2023/03/03 23:40:09 DEBUG : pacer: low level retry 3/10 (error couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain)
2023/03/03 23:40:09 DEBUG : pacer: Rate limited, increasing sleep to 800ms
2023/03/03 23:40:10 DEBUG : pacer: low level retry 4/10 (error couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain)
2023/03/03 23:40:10 DEBUG : pacer: Rate limited, increasing sleep to 1.6s
2023/03/03 23:40:10 DEBUG : pacer: low level retry 5/10 (error couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain)
2023/03/03 23:40:10 DEBUG : pacer: Rate limited, increasing sleep to 2s
2023/03/03 23:40:12 DEBUG : pacer: low level retry 6/10 (error couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain)
2023/03/03 23:40:14 DEBUG : pacer: low level retry 7/10 (error couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain)
2023/03/03 23:40:16 DEBUG : pacer: low level retry 8/10 (error couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain)
2023/03/03 23:40:18 DEBUG : pacer: low level retry 9/10 (error couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain)
2023/03/03 23:40:20 DEBUG : pacer: low level retry 10/10 (error couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain)
2023/03/03 23:40:20 Failed to create file system for "xyz:/": NewFs: couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

[zhanghai]

Notet that a workaround is to use a ed25519 key.