Bug 612103 – Nautilus should offer solutions to host-key verification failures when browsing remote folders via sftp

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 612103 - Nautilus should offer solutions to host-key verification failures when browsing remote folders via sftp


Summary:	Nautilus should offer solutions to host-key verification failures when browsi...


Status:	RESOLVED OBSOLETE

Product:	nautilus
Classification:	Core
Component:	general
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal enhancement
Target Milestone:	---
Assigned To:	Nautilus Maintainers
QA Contact:	Nautilus Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2010-03-07 17:28 UTC by pablomme
Modified:	2021-06-18 15:30 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description pablomme 2010-03-07 17:28:13 UTC

This is with gvfs 1.5.4 and nautilus 2.29.91 as distributed in Ubuntu 10.04 alpha 3, but the behaviour has been present for a while.

At present, if one tries to log into a machine which has the same IP address but different host key as one of the entries in ~/.ssh/known_hosts, the dialogue nautilus pops up simply states:

"Could not display "sftp://user@host/path/to/folder".
Error: Host key verification failed
Please select another viewer and try again."

This dialogue should offer solutions to the problem, in particular something along the lines of "Remove old key", "Keep old key and connect once" (using ssh's "StrictHostKeyChecking=no" or something), and "Do not connect".

The explanation in the dialogue could also be improved. In the terminal, ssh would warn that:

"@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
b4:12:c0:e2:4f:a6:83:ca:c4:a6:c8:96:2f:d8:5e:d2.
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending key in /home/user/.ssh/known_hosts:1
RSA host key for 192.168.1.2 has changed and you have requested strict checking.
Host key verification failed."

This is perhaps too verbose, but it does contain information which should be given in the nautilus dialogue (man-in-the-middle vs mere key change being the most important piece of information in my opinion).

Comment 1 ville.ranki 2010-11-08 08:30:09 UTC

I can confirm this. User has no way of correcting the situation using GUI if server's host key has changed. This still exists on Gnome 2.32.0 of Ubuntu Maverick.

Comment 2 ville.ranki 2014-03-16 16:16:28 UTC

Still an issue. No user friendly way to solve host key verification failures.

Comment 3 Ross Lagerwall 2014-03-16 20:35:56 UTC

Reassigning to Nautilus since the dialogue is generated by Nautilus, not gvfs.

Although if this were to be implemented , it may require some support from gvfs.

Comment 4 André Klapper 2021-06-18 15:30:26 UTC

GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org.
As part of that, we are mass-closing older open tickets in bugzilla.gnome.org
which have not seen updates for a longer time (resources are unfortunately
quite limited so not every ticket can get handled).

If you can still reproduce the situation described in this ticket in a recent
and supported software version of Files (nautilus), then please follow
  https://wiki.gnome.org/GettingInTouch/BugReportingGuidelines
and create a new ticket at
  https://gitlab.gnome.org/GNOME/nautilus/-/issues/

Thank you for your understanding and your help.