[jira] [Commented] (SSHD-1270) MINA-SSHD 2.8.0 break Ubuntu 16.04 users connection
[ https://issues.apache.org/jira/browse/SSHD-1270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17555374#comment-17555374 ] CY commented on SSHD-1270: -- Well, After some tries, i cannot find a good solution for disabling gnome-keyring. So i just add `unset SSH_AUTH_SOCK` to ~/.bashrc. So far it works. And i will request user to upgrade to latest Ubuntu ASAP. After all. it's not safe to use ssh without agent > MINA-SSHD 2.8.0 break Ubuntu 16.04 users connection > --- > > Key: SSHD-1270 > URL: https://issues.apache.org/jira/browse/SSHD-1270 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.8.0 >Reporter: CY >Priority: Major > Attachments: 1, image-2022-06-16-23-02-11-970.png > > > steps to reproduce: > 1.upgrade Gerrit to 3.6 (which use 2.8.0 SSHD > 2.Ubuntu 16.04 user try to connect Gerrit via ssh > `ssh -p 29418 usern...@gerrit.mioffice.cn gerrit` > 3.Got "Permission denied (publickey)." > 4.execute eval "$(ssh-agent -s) && ssh-add" > 5.`ssh -p 29418 usern...@gerrit.mioffice.cn gerrit` now can connect to > Gerrit correctly. > 6.Reboot the PC, then cannot connect again, and need to execute "eval > "$(ssh-agent -s) && ssh-add"" again. > > Here is my client log with `ssh -vvv` > There is also a discussion on Gerrit community and there is server side log > on it > https://bugs.chromium.org/p/gerrit/issues/detail?id=15987#c_ts1655281861 -- This message was sent by Atlassian Jira (v8.20.7#820007) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-1270) MINA-SSHD 2.8.0 break Ubuntu 16.04 users connection
[ https://issues.apache.org/jira/browse/SSHD-1270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17555195#comment-17555195 ] CY commented on SSHD-1270: -- Sorry for typo: it's eval "$(ssh-agent -s)" && ssh-add And i think you're right. i never thought there is another thing like "gnome-keyring" could also act as ssh-agent. Before I think "ssh-agent" is the only agent. Now it can explain everything # Ubuntu 16.04 use "gnome-keyring" as default ssh-agent. Which can be check in the screenshot above. When authentication failed, the SSH_AUTH_SOCK is /run/user/1000/keyring/ssh # unset SSH_AUTH_SOCK makes it works again because it doesn't use gnome-keyring anymore # Or relaunch ssh-agent by `eval "ssh-agent" && ssh-add`. It also works because it changed SSH_AUTH_SOCK to ssh-agent. I will make a confirmation tomorrow. If everything is right above. Then the base solution should be disable gnome-keyring as ssh-agent. > MINA-SSHD 2.8.0 break Ubuntu 16.04 users connection > --- > > Key: SSHD-1270 > URL: https://issues.apache.org/jira/browse/SSHD-1270 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.8.0 >Reporter: CY >Priority: Major > Attachments: 1, image-2022-06-16-23-02-11-970.png > > > steps to reproduce: > 1.upgrade Gerrit to 3.6 (which use 2.8.0 SSHD > 2.Ubuntu 16.04 user try to connect Gerrit via ssh > `ssh -p 29418 usern...@gerrit.mioffice.cn gerrit` > 3.Got "Permission denied (publickey)." > 4.execute eval "$(ssh-agent -s) && ssh-add" > 5.`ssh -p 29418 usern...@gerrit.mioffice.cn gerrit` now can connect to > Gerrit correctly. > 6.Reboot the PC, then cannot connect again, and need to execute "eval > "$(ssh-agent -s) && ssh-add"" again. > > Here is my client log with `ssh -vvv` > There is also a discussion on Gerrit community and there is server side log > on it > https://bugs.chromium.org/p/gerrit/issues/detail?id=15987#c_ts1655281861 -- This message was sent by Atlassian Jira (v8.20.7#820007) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-1270) MINA-SSHD 2.8.0 break Ubuntu 16.04 users connection
[ https://issues.apache.org/jira/browse/SSHD-1270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17555176#comment-17555176 ] Thomas Wolf commented on SSHD-1270: --- Also see [https://bugzilla.mindrot.org/show_bug.cgi?id=2799] . That clearly says if you run gnome-keyring as SSH agent, ssh will send a ssh-rsa signature where it should have sent an rsa-sha2-512 signature. Re-launching ssh-agent would launch the OpenSSH 7.2 ssh-agent, and then the problem might be gone. Which brings me back to my suggestion above: do check what SSH agents are running at the various steps. > MINA-SSHD 2.8.0 break Ubuntu 16.04 users connection > --- > > Key: SSHD-1270 > URL: https://issues.apache.org/jira/browse/SSHD-1270 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.8.0 >Reporter: CY >Priority: Major > Attachments: 1, image-2022-06-16-23-02-11-970.png > > > steps to reproduce: > 1.upgrade Gerrit to 3.6 (which use 2.8.0 SSHD > 2.Ubuntu 16.04 user try to connect Gerrit via ssh > `ssh -p 29418 usern...@gerrit.mioffice.cn gerrit` > 3.Got "Permission denied (publickey)." > 4.execute eval "$(ssh-agent -s) && ssh-add" > 5.`ssh -p 29418 usern...@gerrit.mioffice.cn gerrit` now can connect to > Gerrit correctly. > 6.Reboot the PC, then cannot connect again, and need to execute "eval > "$(ssh-agent -s) && ssh-add"" again. > > Here is my client log with `ssh -vvv` > There is also a discussion on Gerrit community and there is server side log > on it > https://bugs.chromium.org/p/gerrit/issues/detail?id=15987#c_ts1655281861 -- This message was sent by Atlassian Jira (v8.20.7#820007) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-1270) MINA-SSHD 2.8.0 break Ubuntu 16.04 users connection
[ https://issues.apache.org/jira/browse/SSHD-1270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17555165#comment-17555165 ] Thomas Wolf commented on SSHD-1270: --- BTW, you wrote above you executed {code:java} eval "$(ssh-agent -s) && ssh-add" {code} Is that really correct? Is an ssh-agent running after that, and is it indeed being used by ssh? Is SSH_AUTH_SOCK set correctly? Shouldn't that be simply {code:java} eval $(ssh-agent -s) && ssh-add {code} without the double quotes? > MINA-SSHD 2.8.0 break Ubuntu 16.04 users connection > --- > > Key: SSHD-1270 > URL: https://issues.apache.org/jira/browse/SSHD-1270 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.8.0 >Reporter: CY >Priority: Major > Attachments: 1, image-2022-06-16-23-02-11-970.png > > > steps to reproduce: > 1.upgrade Gerrit to 3.6 (which use 2.8.0 SSHD > 2.Ubuntu 16.04 user try to connect Gerrit via ssh > `ssh -p 29418 usern...@gerrit.mioffice.cn gerrit` > 3.Got "Permission denied (publickey)." > 4.execute eval "$(ssh-agent -s) && ssh-add" > 5.`ssh -p 29418 usern...@gerrit.mioffice.cn gerrit` now can connect to > Gerrit correctly. > 6.Reboot the PC, then cannot connect again, and need to execute "eval > "$(ssh-agent -s) && ssh-add"" again. > > Here is my client log with `ssh -vvv` > There is also a discussion on Gerrit community and there is server side log > on it > https://bugs.chromium.org/p/gerrit/issues/detail?id=15987#c_ts1655281861 -- This message was sent by Atlassian Jira (v8.20.7#820007) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-1270) MINA-SSHD 2.8.0 break Ubuntu 16.04 users connection
[ https://issues.apache.org/jira/browse/SSHD-1270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17555132#comment-17555132 ] Thomas Wolf commented on SSHD-1270: --- So, a successful authentication shows "debug2: key: /home/gaowenjun/.ssh/id_rsa (0x55ff7aab1f50)", i.e., the key is not used via ssh-agent. An unsuccessful authentication used the agent. And when you relaunch the agent and re-add the key, it suddenly also works with the agent? No idea why that would happen. Check what agent is running when it doesn't work, and what agent when it does. Perhaps it's different binaries? Or different libraries? After all, if you start it from the shell, LD_LIBRARY_PATH or PATH or other settings might be different. And double-check that after the re-launch of the agent it is actually used. The following might perhaps also be relevant: https://bugzilla.mindrot.org/show_bug.cgi?id=2568 In any case this doesn't look like a problem in Gerrit or in Apache MINA sshd but in OpenSSH 7.2 or in the ssh-agent you're using. > MINA-SSHD 2.8.0 break Ubuntu 16.04 users connection > --- > > Key: SSHD-1270 > URL: https://issues.apache.org/jira/browse/SSHD-1270 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.8.0 >Reporter: CY >Priority: Major > Attachments: 1, image-2022-06-16-23-02-11-970.png > > > steps to reproduce: > 1.upgrade Gerrit to 3.6 (which use 2.8.0 SSHD > 2.Ubuntu 16.04 user try to connect Gerrit via ssh > `ssh -p 29418 usern...@gerrit.mioffice.cn gerrit` > 3.Got "Permission denied (publickey)." > 4.execute eval "$(ssh-agent -s) && ssh-add" > 5.`ssh -p 29418 usern...@gerrit.mioffice.cn gerrit` now can connect to > Gerrit correctly. > 6.Reboot the PC, then cannot connect again, and need to execute "eval > "$(ssh-agent -s) && ssh-add"" again. > > Here is my client log with `ssh -vvv` > There is also a discussion on Gerrit community and there is server side log > on it > https://bugs.chromium.org/p/gerrit/issues/detail?id=15987#c_ts1655281861 -- This message was sent by Atlassian Jira (v8.20.7#820007) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-1270) MINA-SSHD 2.8.0 break Ubuntu 16.04 users connection
[ https://issues.apache.org/jira/browse/SSHD-1270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17555123#comment-17555123 ] CY commented on SSHD-1270: -- BTW, the full successful log is here ``` OpenSSH_7.2p2 Ubuntu-4ubuntu2.10, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: resolving "10.162.55.1" port 29418 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to 10.162.55.1 [10.162.55.1] port 29418. debug1: Connection established. debug1: identity file /home/gaowenjun/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/gaowenjun/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/gaowenjun/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/gaowenjun/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/gaowenjun/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/gaowenjun/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/gaowenjun/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/gaowenjun/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 debug1: Remote protocol version 2.0, remote software version GerritCodeReview_3.6.1 (APACHE-SSHD-2.8.0) debug1: no match: GerritCodeReview_3.6.1 (APACHE-SSHD-2.8.0) debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 10.162.55.1:29418 as 'gaowenjun' debug3: put_host_port: [10.162.55.1]:29418 debug3: hostkeys_foreach: reading file "/home/gaowenjun/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /home/gaowenjun/.ssh/known_hosts:33 debug3: load_hostkeys: loaded 1 keys from [10.162.55.1]:29418 debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-...@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c debug2: host key algorithms: ssh-rsa-cert-...@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ssh-ed25519-cert-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519 debug2: ciphers ctos: chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc debug2: ciphers stoc: chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc debug2: MACs ctos: umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,z...@openssh.com,zlib debug2: compression stoc: none,z...@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha...@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256,ext-info-s debug2: host key algorithms: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc debug2: ciphers stoc: chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc debug2: MACs ctos: hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc:
[jira] [Commented] (SSHD-1270) MINA-SSHD 2.8.0 break Ubuntu 16.04 users connection
[ https://issues.apache.org/jira/browse/SSHD-1270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17555122#comment-17555122 ] CY commented on SSHD-1270: -- Here is the experiment: # it seems that ssh on Ubuntu 16.04 is too old, IdentityAgent is not a valid option here. # I verified `ssh-add -l`. it does have the key (Though i don't know where the second key come from) # But unset SSH_AUTH_SOCK (which i suppose also means auth without agent) works. So is that mean it's an agent BUG? However it doesn't explain why "$(ssh-agent -s) && ssh-add" work? !image-2022-06-16-23-02-11-970.png! > MINA-SSHD 2.8.0 break Ubuntu 16.04 users connection > --- > > Key: SSHD-1270 > URL: https://issues.apache.org/jira/browse/SSHD-1270 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.8.0 >Reporter: CY >Priority: Major > Attachments: 1, image-2022-06-16-23-02-11-970.png > > > steps to reproduce: > 1.upgrade Gerrit to 3.6 (which use 2.8.0 SSHD > 2.Ubuntu 16.04 user try to connect Gerrit via ssh > `ssh -p 29418 usern...@gerrit.mioffice.cn gerrit` > 3.Got "Permission denied (publickey)." > 4.execute eval "$(ssh-agent -s) && ssh-add" > 5.`ssh -p 29418 usern...@gerrit.mioffice.cn gerrit` now can connect to > Gerrit correctly. > 6.Reboot the PC, then cannot connect again, and need to execute "eval > "$(ssh-agent -s) && ssh-add"" again. > > Here is my client log with `ssh -vvv` > There is also a discussion on Gerrit community and there is server side log > on it > https://bugs.chromium.org/p/gerrit/issues/detail?id=15987#c_ts1655281861 -- This message was sent by Atlassian Jira (v8.20.7#820007) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-1270) MINA-SSHD 2.8.0 break Ubuntu 16.04 users connection
[ https://issues.apache.org/jira/browse/SSHD-1270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17555102#comment-17555102 ] Thomas Wolf commented on SSHD-1270: --- You are using OpenSSH_7.2p2, which is very old, and AFAIK was the first version with rsa-sha2-512 signature support. There were bugs in OpenSSH when the SHA-2 signatures were introduced, and AFAIK there was also a bug concerning the ssh-agent. The Gerrit server log posted at the Gerrit bug tracker shows that the signature verification failed. Perhaps the OpenSSH 7.2 client actually sent a ssh-rsa signature instead of rsa-sha-512? The client log file you posted at the Gerrit bug tracker shows only the failed authentication. But it shows "debug2: key: /home/gaowenjun/.ssh/id_rsa (0x556e3270a720), agent", so I presume that run used the agent. # Verify that you can connect without using the agent. Specify the {{IdentityFile}} explicitly in {{{}~/.ssh/config{}}}, set {{{}IdentitiesOnly yes{}}}, and set {{IdentityAgent none.}} # Verify what keys the ssh-agent contains initially. Does it run initially? Does it contain the correct key? # Make sure the agent contains the correct key, undo the changes from (1), and try to connect. Logs for both cases (successful _and_ unsuccessful attempts) would be helpful. > MINA-SSHD 2.8.0 break Ubuntu 16.04 users connection > --- > > Key: SSHD-1270 > URL: https://issues.apache.org/jira/browse/SSHD-1270 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.8.0 >Reporter: CY >Priority: Major > Attachments: 1 > > > steps to reproduce: > 1.upgrade Gerrit to 3.6 (which use 2.8.0 SSHD > 2.Ubuntu 16.04 user try to connect Gerrit via ssh > `ssh -p 29418 usern...@gerrit.mioffice.cn gerrit` > 3.Got "Permission denied (publickey)." > 4.execute eval "$(ssh-agent -s) && ssh-add" > 5.`ssh -p 29418 usern...@gerrit.mioffice.cn gerrit` now can connect to > Gerrit correctly. > 6.Reboot the PC, then cannot connect again, and need to execute "eval > "$(ssh-agent -s) && ssh-add"" again. > > Here is my client log with `ssh -vvv` > There is also a discussion on Gerrit community and there is server side log > on it > https://bugs.chromium.org/p/gerrit/issues/detail?id=15987#c_ts1655281861 -- This message was sent by Atlassian Jira (v8.20.7#820007) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org