Project

General

Profile

Bug #9953

agent key RSA SHA256:xxxxxxx returned incorrect signature type

Added by Michal Nowak 12 months ago. Updated 10 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
OI-Userland
Target version:
Start date:
2018-11-03
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:

Description

With OpenSSH 7.8p1 I get following warning when public key is in play, which is not present in OpenSSH 7.4p1: agent key RSA SHA256:Kb8rQ2pLD45hNwnJWLG4TQJzKzTv/mMfTPrn/a7dLEA returned incorrect signature type.

I can reproduce when logging to Fedora and openSUSE, which have OpenSSH 7.8p1, however they don't express such problem when logging to OI. Can't reproduce it when logging to OpenSSH 6.7 from Armbian.

Login to localhost with OpenSSH 7.8p1:

{global} newman@lenovo:~ $ ssh -v newman@localhost
OpenSSH_7.8p1, OpenSSL 1.0.2p  14 Aug 2018
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file /export/home/newman/.ssh/id_rsa type -1
debug1: identity file /export/home/newman/.ssh/id_rsa-cert type -1
debug1: identity file /export/home/newman/.ssh/id_dsa type -1
debug1: identity file /export/home/newman/.ssh/id_dsa-cert type -1
debug1: identity file /export/home/newman/.ssh/id_ecdsa type -1
debug1: identity file /export/home/newman/.ssh/id_ecdsa-cert type -1
debug1: identity file /export/home/newman/.ssh/id_ed25519 type -1
debug1: identity file /export/home/newman/.ssh/id_ed25519-cert type -1
debug1: identity file /export/home/newman/.ssh/id_xmss type -1
debug1: identity file /export/home/newman/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.8
debug1: match: OpenSSH_7.8 pat OpenSSH* compat 0x04000000
debug1: Authenticating to localhost:22 as 'newman'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:3nqFrs22bDsEOwLx1xzHHGMkj1YN0SB+iToHyUJT2P0
debug1: Host 'localhost' is known and matches the ECDSA host key.
debug1: Found key in /export/home/newman/.ssh/known_hosts:12
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: No credentials were supplied, or the credentials were unavailable or inaccessible
No credentials cache file found

debug1: No credentials were supplied, or the credentials were unavailable or inaccessible
mech_dh: No secret key

debug1: No credentials were supplied, or the credentials were unavailable or inaccessible
mech_dh: No secret key

debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:Kb8rQ2pLD45hNwnJWLG4TQJzKzTv/mMfTPrn/a7dLEA mnowak@startmail.com
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
agent key RSA SHA256:Kb8rQ2pLD45hNwnJWLG4TQJzKzTv/mMfTPrn/a7dLEA returned incorrect signature type
debug1: Authentication succeeded (publickey).
Authenticated to localhost ([::1]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Remote: /export/home/newman/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Remote: /export/home/newman/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
The Illumos Project     SunOS 5.11      illumos-b75eb7e6b5      November 2018

History

#1

Updated by Alexander Pyhalov 11 months ago

It seems we have to update gnome-keyring to handle new ssh-agent protocol. It requires updated gcr.

#2

Updated by Michal Nowak 10 months ago

  • Assignee changed from OI Userland to Michal Nowak
  • Target version set to Hipster
  • Tags deleted (needs-triage)

Will have a look at gcr.

#3

Updated by Michal Nowak 10 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

This should be fixed now with updated gnome/gnome-keyring and library/gnome/gcr.

Also available in: Atom PDF