Bugzilla – Attachment 3553 Details for
Bug 3366
SSH should skip sk-* keys that don't match the connected security key
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
-vvv connection log requiring two touches
connection_log.txt (text/plain), 14.21 KB, created by
Erik Jensen
on 2021-11-22 19:18:29 AEDT
(
hide
)
Description:
-vvv connection log requiring two touches
Filename:
MIME Type:
Creator:
Erik Jensen
Created:
2021-11-22 19:18:29 AEDT
Size:
14.21 KB
patch
obsolete
>OpenSSH_8.6p1, OpenSSL 1.1.1l 24 Aug 2021 >debug1: Reading configuration data /etc/ssh/ssh_config >debug1: /etc/ssh/ssh_config line 5: Applying options for * >debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/rkjnsn/.ssh/known_hosts' >debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/rkjnsn/.ssh/known_hosts2' >debug2: resolving "github.com" port 22 >debug3: ssh_connect_direct: entering >debug1: Connecting to github.com [192.30.255.113] port 22. >debug3: set_sock_tos: set socket 3 IP_TOS 0x48 >debug1: Connection established. >debug1: identity file /home/rkjnsn/.ssh/id_ecdsa_sk type 10 >debug1: identity file /home/rkjnsn/.ssh/id_ecdsa_sk-cert type -1 >debug1: identity file /home/rkjnsn/.ssh/id_ecdsa_sk2 type 10 >debug1: identity file /home/rkjnsn/.ssh/id_ecdsa_sk2-cert type -1 >debug1: Local version string SSH-2.0-OpenSSH_8.6 >debug1: Remote protocol version 2.0, remote software version babeld-a73e1397 >debug1: compat_banner: no match: babeld-a73e1397 >debug2: fd 3 setting O_NONBLOCK >debug1: Authenticating to github.com:22 as 'git' >debug3: record_hostkey: found key type ED25519 in file /home/rkjnsn/.ssh/known_hosts:1 >debug3: record_hostkey: found key type RSA in file /home/rkjnsn/.ssh/known_hosts:2 >debug3: record_hostkey: found key type ECDSA in file /home/rkjnsn/.ssh/known_hosts:3 >debug3: load_hostkeys_file: loaded 3 keys from github.com >debug1: load_hostkeys: fopen /home/rkjnsn/.ssh/known_hosts2: No such file or directory >debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory >debug3: order_hostkeyalgs: have matching best-preference key type ssh-ed25519-cert-v01@openssh.com, using HostkeyAlgorithms verbatim >debug3: send packet: type 20 >debug1: SSH2_MSG_KEXINIT sent >debug3: receive packet: type 20 >debug1: SSH2_MSG_KEXINIT received >debug2: local client KEXINIT proposal >debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c >debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa >debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com >debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com >debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 >debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 >debug2: compression ctos: none,zlib@openssh.com,zlib >debug2: compression stoc: none,zlib@openssh.com,zlib >debug2: languages ctos: >debug2: languages stoc: >debug2: first_kex_follows 0 >debug2: reserved 0 >debug2: peer server KEXINIT proposal >debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256 >debug2: host key algorithms: ssh-ed25519,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa >debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc >debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc >debug2: MACs ctos: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-sha1-etm@openssh.com,hmac-sha1 >debug2: MACs stoc: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-sha1-etm@openssh.com,hmac-sha1 >debug2: compression ctos: none >debug2: compression stoc: none >debug2: languages ctos: >debug2: languages stoc: >debug2: first_kex_follows 0 >debug2: reserved 0 >debug1: kex: algorithm: curve25519-sha256 >debug1: kex: host key algorithm: ssh-ed25519 >debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none >debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none >debug3: send packet: type 30 >debug1: expecting SSH2_MSG_KEX_ECDH_REPLY >debug3: receive packet: type 31 >debug1: SSH2_MSG_KEX_ECDH_REPLY received >debug1: Server host key: ssh-ed25519 SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU >debug3: record_hostkey: found key type ED25519 in file /home/rkjnsn/.ssh/known_hosts:1 >debug3: record_hostkey: found key type RSA in file /home/rkjnsn/.ssh/known_hosts:2 >debug3: record_hostkey: found key type ECDSA in file /home/rkjnsn/.ssh/known_hosts:3 >debug3: load_hostkeys_file: loaded 3 keys from github.com >debug1: load_hostkeys: fopen /home/rkjnsn/.ssh/known_hosts2: No such file or directory >debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory >debug1: Host 'github.com' is known and matches the ED25519 host key. >debug1: Found key in /home/rkjnsn/.ssh/known_hosts:1 >debug3: send packet: type 21 >debug2: set_newkeys: mode 1 >debug1: rekey out after 134217728 blocks >debug1: SSH2_MSG_NEWKEYS sent >debug1: expecting SSH2_MSG_NEWKEYS >debug3: receive packet: type 21 >debug1: SSH2_MSG_NEWKEYS received >debug2: set_newkeys: mode 0 >debug1: rekey in after 134217728 blocks >debug1: Will attempt key: /home/rkjnsn/.ssh/id_ecdsa_sk ECDSA-SK SHA256:RVB8Xv5Uki5+5yVFSM/bs2oWPg4iuMfof5MMwk7bS8Y explicit authenticator >debug1: Will attempt key: /home/rkjnsn/.ssh/id_ecdsa_sk2 ECDSA-SK SHA256:of6fZf87Jtf8BH7SirEOvgvOdbEbIICJcxYeY2xIue0 explicit authenticator >debug2: pubkey_prepare: done >debug3: send packet: type 5 >debug3: receive packet: type 7 >debug1: SSH2_MSG_EXT_INFO received >debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss> >debug3: receive packet: type 6 >debug2: service_accept: ssh-userauth >debug1: SSH2_MSG_SERVICE_ACCEPT received >debug3: send packet: type 50 >debug3: receive packet: type 51 >debug1: Authentications that can continue: publickey >debug3: start over, passed a different list publickey >debug3: preferred publickey,keyboard-interactive,password >debug3: authmethod_lookup publickey >debug3: remaining preferred: keyboard-interactive,password >debug3: authmethod_is_enabled publickey >debug1: Next authentication method: publickey >debug1: Offering public key: /home/rkjnsn/.ssh/id_ecdsa_sk ECDSA-SK SHA256:RVB8Xv5Uki5+5yVFSM/bs2oWPg4iuMfof5MMwk7bS8Y explicit authenticator >debug3: send packet: type 50 >debug2: we sent a publickey packet, wait for reply >debug3: receive packet: type 60 >debug1: Server accepts key: /home/rkjnsn/.ssh/id_ecdsa_sk ECDSA-SK SHA256:RVB8Xv5Uki5+5yVFSM/bs2oWPg4iuMfof5MMwk7bS8Y explicit authenticator >debug3: sign_and_send_pubkey: ECDSA-SK SHA256:RVB8Xv5Uki5+5yVFSM/bs2oWPg4iuMfof5MMwk7bS8Y >debug3: sign_and_send_pubkey: signing using sk-ecdsa-sha2-nistp256@openssh.com SHA256:RVB8Xv5Uki5+5yVFSM/bs2oWPg4iuMfof5MMwk7bS8Y >Confirm user presence for key ECDSA-SK SHA256:RVB8Xv5Uki5+5yVFSM/bs2oWPg4iuMfof5MMwk7bS8Y >debug3: start_helper: started pid=602352 >debug3: ssh_msg_send: type 5 >debug3: ssh_msg_recv entering >debug1: start_helper: starting /nix/store/d8kdwl5k901l6yg67xjaz8vb69p1gnky-openssh-8.6p1/libexec/ssh-sk-helper >debug1: process_sign: ready to sign with key ECDSA-SK, provider internal: msg len 245, compat 0x0 >debug1: sshsk_sign: provider "internal", key ECDSA-SK, flags 0x01 >debug1: sk_probe: 1 device(s) detected >debug1: sk_probe: selecting sk by cred >*** WAITS FOR SK TOUCH HERE *** >debug1: ssh_sk_sign: fido_dev_get_assert: FIDO_ERR_NO_CREDENTIALS >debug1: sshsk_sign: sk_sign failed with code -1 >debug1: ssh-sk-helper: Signing failed: invalid format >debug1: main: reply len 8 >debug3: ssh_msg_send: type 5 >debug1: client_converse: helper returned error -4 >debug3: reap_helper: pid=602352 >debug1: identity_sign: sshkey_sign: invalid format >sign_and_send_pubkey: signing failed for ECDSA-SK "/home/rkjnsn/.ssh/id_ecdsa_sk": invalid format >debug1: Offering public key: /home/rkjnsn/.ssh/id_ecdsa_sk2 ECDSA-SK SHA256:of6fZf87Jtf8BH7SirEOvgvOdbEbIICJcxYeY2xIue0 explicit authenticator >debug3: send packet: type 50 >debug2: we sent a publickey packet, wait for reply >debug3: receive packet: type 60 >debug1: Server accepts key: /home/rkjnsn/.ssh/id_ecdsa_sk2 ECDSA-SK SHA256:of6fZf87Jtf8BH7SirEOvgvOdbEbIICJcxYeY2xIue0 explicit authenticator >debug3: sign_and_send_pubkey: ECDSA-SK SHA256:of6fZf87Jtf8BH7SirEOvgvOdbEbIICJcxYeY2xIue0 >debug3: sign_and_send_pubkey: signing using sk-ecdsa-sha2-nistp256@openssh.com SHA256:of6fZf87Jtf8BH7SirEOvgvOdbEbIICJcxYeY2xIue0 >Confirm user presence for key ECDSA-SK SHA256:of6fZf87Jtf8BH7SirEOvgvOdbEbIICJcxYeY2xIue0 >debug3: start_helper: started pid=602357 >debug3: ssh_msg_send: type 5 >debug3: ssh_msg_recv entering >debug1: start_helper: starting /nix/store/d8kdwl5k901l6yg67xjaz8vb69p1gnky-openssh-8.6p1/libexec/ssh-sk-helper >debug1: process_sign: ready to sign with key ECDSA-SK, provider internal: msg len 245, compat 0x0 >debug1: sshsk_sign: provider "internal", key ECDSA-SK, flags 0x01 >debug1: sk_probe: 1 device(s) detected >debug1: sk_probe: selecting sk by cred >*** WAITS FOR SK TOUCH HERE *** >debug1: main: reply len 127 >debug3: ssh_msg_send: type 5 >debug3: reap_helper: pid=602357 >User presence confirmed >debug3: send packet: type 50 >debug3: receive packet: type 52 >debug1: Authentication succeeded (publickey). >Authenticated to github.com ([192.30.255.113]:22). >debug1: channel 0: new [client-session] >debug3: ssh_session2_open: channel_new: 0 >debug2: channel 0: send open >debug3: send packet: type 90 >debug1: Entering interactive session. >debug1: pledge: filesystem full >debug3: receive packet: type 80 >debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0 >debug3: client_input_hostkeys: received RSA key SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8 >debug3: client_input_hostkeys: received ECDSA key SHA256:p2QAMXNIC1TJYWeIOttrVc98/R1BUFWu3/LiyKgUfQM >debug3: client_input_hostkeys: received ED25519 key SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU >debug1: client_input_hostkeys: searching /home/rkjnsn/.ssh/known_hosts for github.com / (none) >debug3: hostkeys_foreach: reading file "/home/rkjnsn/.ssh/known_hosts" >debug3: hostkeys_find: found ssh-ed25519 key at /home/rkjnsn/.ssh/known_hosts:1 >debug3: hostkeys_find: found ssh-rsa key at /home/rkjnsn/.ssh/known_hosts:2 >debug3: hostkeys_find: found ecdsa-sha2-nistp256 key at /home/rkjnsn/.ssh/known_hosts:3 >debug3: hostkeys_find: found ecdsa-sha2-nistp256 key under different name/addr at /home/rkjnsn/.ssh/known_hosts:4 >debug3: hostkeys_find: found ecdsa-sha2-nistp256 key under different name/addr at /home/rkjnsn/.ssh/known_hosts:5 >debug1: client_input_hostkeys: searching /home/rkjnsn/.ssh/known_hosts2 for github.com / (none) >debug1: client_input_hostkeys: hostkeys file /home/rkjnsn/.ssh/known_hosts2 does not exist >debug3: client_input_hostkeys: 3 server keys: 0 new, 3 retained, 0 incomplete match. 0 to remove >debug1: client_input_hostkeys: no new or deprecated keys from server >debug3: receive packet: type 91 >debug2: channel_input_open_confirmation: channel 0: callback start >debug2: fd 3 setting TCP_NODELAY >debug3: set_sock_tos: set socket 3 IP_TOS 0x48 >debug2: client_session2_setup: id 0 >debug2: channel 0: request pty-req confirm 1 >debug3: send packet: type 98 >debug2: channel 0: request shell confirm 1 >debug3: send packet: type 98 >debug2: channel_input_open_confirmation: channel 0: callback done >debug2: channel 0: open confirm rwindow 32000 rmax 35000 >debug3: receive packet: type 100 >debug2: channel_input_status_confirm: type 100 id 0 >PTY allocation request failed on channel 0 >debug3: receive packet: type 99 >debug2: channel_input_status_confirm: type 99 id 0 >debug2: shell request accepted on channel 0 >debug2: channel 0: rcvd ext data 88 >debug3: receive packet: type 98 >debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 >debug3: receive packet: type 96 >debug2: channel 0: rcvd eof >debug2: channel 0: output open -> drain >debug3: receive packet: type 97 >debug2: channel 0: rcvd close >debug2: chan_shutdown_read: channel 0: (i0 o1 sock -1 wfd 4 efd 6 [write]) >debug2: channel 0: input open -> closed >debug3: channel 0: will not send data after close >debug2: channel 0: obuf_empty delayed efd 6/(88) >Hi rkjnsn! You've successfully authenticated, but GitHub does not provide shell access. >debug2: channel 0: written 88 to efd 6 >debug2: channel 0: rcvd adjust 1248056 >debug3: channel 0: will not send data after close >debug2: channel 0: obuf empty >debug2: chan_shutdown_write: channel 0: (i3 o1 sock -1 wfd 5 efd 6 [write]) >debug2: channel 0: output drain -> closed >debug2: channel 0: almost dead >debug2: channel 0: gc: notify user >debug2: channel 0: gc: user detached >debug2: channel 0: send close >debug3: send packet: type 97 >debug2: channel 0: is dead >debug2: channel 0: garbage collecting >debug1: channel 0: free: client-session, nchannels 1 >debug3: channel 0: status: The following connections are open: > #0 client-session (t4 r43 i3/0 o3/0 e[write]/0 fd -1/-1/6 sock -1 cc -1) > >debug3: send packet: type 1 >debug3: fd 1 is not O_NONBLOCK >Connection to github.com closed. >Transferred: sent 2972, received 2796 bytes, in 0.2 seconds >Bytes per second: sent 18095.1, received 17023.5 >debug1: Exit status 1
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 3366
: 3553 |
3554