Your best friend for file transfer.

Fetch application logoFetch

SFTP Connection Error (5 posts)

  • Started 1 year ago by Michelle
  • Latest reply 12 months ago from Fran
  • Michelle Member

    I am getting an error message when connecting to one of my servers:

    SFTP connection to “ftp2.ftptoyoursite.com” could not be opened because the connection to the SFTP server could not be established or was lost.
    Try again, or contact the server administrator to verify that you have the correct hostname, username, password, and authentication method, and that the server is running.
    Server responded: “Unable to negotiate with XX.XXX.XXX.XXX port XX: no matching host key type found. Their offer: ssh-rsa,ssh-dss”

    The IP and Port are set correctly (I checked with tech support). I am running Ventura on a 27" iMac 2020. I have not made any changes in the settings. The biggest change has been the upgrade to Ventura last week. However, I can get to other servers and other people can get to the server I cannot (from other locations). Suggestions?

    Thank you!

    Edited 1 year ago #

  • Jim Matthews Administrator

    Hi,

    The problem is that by default Ventura does not use the host key algorithm used by your SFTP server (Apple made this change to improve security). You may want to ask your SFTP server administrator to upgrade to allow host key algorithms. Otherwise you can work around this change by doing the following:

    1) Choose Utilities from the Go menu in the Finder
    2) Open Terminal
    3) Enter the following (replacing HOSTNAME with your server's hostname):

    echo -e "\nHost HOSTNAME\nHostkeyAlgorithms +ssh-dss\n" >> ~/.ssh/config

    and press Return.

    Please let me know if that does not work.

    Thanks,

    Jim Matthews
    Fetch Softworks

    Posted 1 year ago #

  • Fran Member

    Jim, is the following related to the above question, or not. I am also on Ventura.

    Keychain shows for my saved Fetch passwords that my SFTP connections are connecting with the ssh protocol, possibly because I have a special ssh port (not the typical one for FTP). The keychain shows along the lines of the following:: ssh://ip_address:special_ssh_port for each of my domains.

    My new server will not recognize the SFTP connections saved for Fetch.

    However, if I use File Zilla, it requires the sftp:// protocol with ip_address and does connect, given the username, password, and (special) port.

    Apparently my new server only accepts the sftp:// protocol not the ssh. Is this a server situation or Fetch? If I try to force that protocol with fetch and select SFTP (and have my special port) then Fetch switches the protocol to ssh://.

    Thanks for any ideas.
    Fran

    Posted 1 year ago #

  • Jim Matthews Administrator

    Hi Fran,

    SFTP is a protocol layered on top of SSH, so the two should be interchangeable where saved passwords in the keychain are concerned. My guess is that the issue is something else. Could you contact me at https://fetchsoftworks.com/fetch/feedback and include the contents of the Fetch Transcript window after you try to connect?

    Thanks,

    Jim Matthews
    Fetch Softworks

    Posted 1 year ago #

  • Fran Member

    Hi Jim and Michelle!
    I posted the original post here. Something you suggested in another thread worked for me before I tried your server hostname solution.

    I went through each of my Fetch saved shortcuts, one by one (and I have many), opened the corresponding fetch login in Mac's Keychain, confirmed the settings (to be on the safe side), then deleted that keychain file, deleted the shortcut saved fetch, then made a new shortcut.

    I made the new shortcuts with the actual domain (host) name. Previously, my shortcut hosts were labeled as the IP addresses of the domain. This has worked for me for years, until my latest server change. The lack of a corresponding Keychain file forced new correspondence with the server. Instead of the server sending back a connection failed type of notice, the server instead confirmed that this is what I wanted. When creating the new shortcuts, I set Fetch to make 2 attempts, in case there was an intervening message that might not be rendered for a single try. The main thing is: toss the old Keychain shortcut and re-establish the Fetch shortcut. If you formerly put IP addresses as the host name, try changing the host input to the actual host (e.g. example.com).

    Thanks, Jim!

    Posted 12 months ago #

Reply

  • Or nickname, if you prefer.
  • This will be kept confidential.
  • This is to ensure that you’re a person, not a spambot.