Replies: 2 comments 1 reply
-
|
Thank you for sharing your experience and for your donation, it’s genuinely appreciated. Open-source projects like SFTPGo thrive thanks to users who contribute and who also invest time in understanding how things work under the hood. That said, it’s important to set the right expectations: community support is offered on a best-effort basis. Issues that require deeper debugging, environment-specific investigation, or extended back-and-forth are generally possible only with some form of paid support or by dedicating time to learning and troubleshooting. Regarding your original question: in similar cases, the most common cause is a mismatch between the algorithms supported by the client and those allowed by the server. SFTPGo disables legacy or insecure algorithms by default (for example ssh-rsa), while some older clients still rely on them. This may be what happened in your scenario. Ultimately, you should choose the solution that best fits your business needs. If you require guaranteed assistance for a production environment, a commercial product (whether SFTPGo or another) is likely the most appropriate option. Otherwise, SFTPGo remains a solid choice if you're willing to spend some time learning and debugging, as this is a natural part of working with open-source software. |
Beta Was this translation helpful? Give feedback.
-
|
Hi Nicola,
Thanks for the prompt reply. I appreciate you taking the time to reply to
me.
Two things I would like to discuss here.
First, the problem we are facing with users. If you say it is legacy
algorithm issue, ssh-rsa. I have tested out using ssh-rsa from my few PCs
and they all work. Other users also uses ssh-rsa without problem. Only the
one from our user does not work. And what define it being legacy algorithm?
Where can I read about them? What sort of parameters needed to generate the
ssh key that is compatible?
Second, going into licensing. Due to this incident, we plan to purchase
paid license for SFTP server. I have made a quick check, for WinSSHD it is
USD99 per installation. For SFTPgo, a license for self hosted is USD717.06
/year. Our usage is too low to justify that kind of pricing. Like I
mentioned, we are new startup and not making profit yet. I hope you think
of small companies that cannot afford enterprise level pricing. Maybe it's
just your strategy not to have small companies as your customer (as I know
they are the demanding bunch)? I don't know. You have nothing in
between...hence people have to use your community version without paying. I
remember seeing SFTPgo having something like users buying for support. What
happened to this business model?
I have spent around 1 year testing SFTPgo and customizing it. Also had a
few presentation sessions with users and business owners. They all like the
product but being stuck with not being able to resolve technical issues and
having to pay minimum of USD717.06/year to resolve it is not possible for
us. Really hope you have a tier catered for small time businesses like us.
I understand you have your own priority and business plan. In the end, it's
your product to sell.
Regards.
…On Thu, Nov 27, 2025 at 3:09 PM Nicola Murino ***@***.***> wrote:
Thank you for sharing your experience and for your donation, it’s
genuinely appreciated. Open-source projects like SFTPGo thrive thanks to
users who contribute and who also invest time in understanding how things
work under the hood.
That said, it’s important to set the right expectations: community support
is offered on a best-effort basis. Issues that require deeper debugging,
environment-specific investigation, or extended back-and-forth are
generally possible only with some form of paid support or by dedicating
time to learning and troubleshooting.
Regarding your original question: in similar cases, the most common cause
is a mismatch between the algorithms supported by the client and those
allowed by the server. SFTPGo disables legacy or insecure algorithms by
default (for example ssh-rsa), while some older clients still rely on them.
This may be what happened in your scenario.
Ultimately, you should choose the solution that best fits your business
needs. If you require guaranteed assistance for a production environment, a
commercial product (whether SFTPGo or another) is likely the most
appropriate option. Otherwise, SFTPGo remains a solid choice if you're
willing to spend some time learning and debugging, as this is a natural
part of working with open-source software.
—
Reply to this email directly, view it on GitHub
<#2123 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AQLCIKWOGASVJOLALKKVYPT362PRFAVCNFSM6AAAAACNKP26QCVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTKMBZGM2TCOI>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
It may indeed be related to legacy algorithms, although with the limited information available it's hard to say for sure. https://www.openssh.org/txt/release-8.8 We try to use reasonable secure algorithms by default, but legacy algorithms can be enabled if needed, this way you are aware. of the choices and their implications. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
I was happy when I found SFTPgo and the tons of functions it has. So glad with it that I start using it for my small projects and donated to the cause. I understand from Drakkan about the technical support and demands he is getting from users who does not even pay for the product. Which is the reason I donated from my own pocket to support him. Although it's not a lot of money, it's a lot from where I come from. USD20 can buy us 2 weeks of grocery here.
We had an issue from a user trying to connect to us using SFTP key. There was problems and we went back and forth with making sure keys and ports and all settings are correct. Check firewalls and so on. After a month, user insisted that it was our problem but I kept brushing them off saying our SSH server is working fine. Plus another user have no problem connecting using SSH key.
Eventually, they told us that WinSSHD (now called Bitwise SSH Server) is working fine for them. So I installed WinSSHD to proof them wrong or to see if there are errors in there to show what was the problem. But they connected successfully with WinSSHD. We installed WinSSHD on the same server running SFTPgo without any changes to the firewall. So, what was the problem with SFTPgo? I don't know cause the issue I posted in Q&A section was not answered.
Now, we are in the consideration of dropping SFTPgo in favour of WinSSHD. Cause my boss told me if we are going to pay for support from SFTPgo to fix the issue, might as well use the money to pay for WinSSHD that works. And there are no guarantee that the issue will be fixed whereas WinSSHD just works.
I am in a dilemma here. Cause I like SFTPgo a lot. The extra features like webUI, whitelisting ability, advance security and so on.
Beta Was this translation helpful? Give feedback.
All reactions