Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/ssh agent handshake fails with normally working configuration #29086

Closed
beiriannydd opened this issue Dec 3, 2018 · 1 comment
Closed

Comments

@beiriannydd
Copy link

beiriannydd commented Dec 3, 2018

What version of Go are you using (go version)?

$ go version
go version go1.11.1 linux/amd64

Does this issue reproduce with the latest release?

library issue, shouldn't be related to compiler?

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/fsalwin/.cache/go-build"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/Users/fsalwin/go"
GOPROXY=""
GORACE=""
GOROOT="/usr/local/go"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build670408155=/tmp/go-build -gno-record-gcc-switches"

What did you do?

maybe related to #21793
but I can't bisect back to his version as that is missing some key code.

2018/12/03 12:05:52 reconnecting to ssh-bastion:22
2018/12/03 12:05:52 Agent Public Key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCkvjbv2X10AbAVzXy8FoXs8XBvy+c3Xc0Nbc7saYK+x/UGErBqYoSlmmEzUynEenp7QJdWqKBoW7+cADdj+ZT11B+J/eUqlO2P5QdgFhsytKkK5s+hbSUJ10gqcr8ZCMvaxW4bW4FkfXblonc3HeVgV1dZHtl+ODc6LDUFQjjE/R1ONftAV86WU/Zd+Xj55pTGDCfm3rtTBnNnV94u9UuEANUBeUC3vA6D6uJ2lyAH15bvdBPxHUNs7u8NYNmJHgUqJv8GrKVyPsH6yEVk6ibQlmU5vxkIgsjz8soG9JRvJN3FsblEzqC/4n+mBkrpfz5x0GKOi+SBKJa9AcWbpfHh3moddElBZusbydWHCe8auflezfVQXRxC8gVVVnE3RBZNv96PxIo6O+Ytj152vrtom8MUmCe/XcT+gLe6xHd2XJraQdok0NkY2x1ZukFdwV6fGMaHc5iWeeUYd4YM6xG+uVGlhNuX9uI4VFU+Tuj+ZJOpXP+JPEgyOPQEaUcBNArIBxBZZUVSUQZF+OW3syUfSPzIHQ5rZCQnvrh8/I2DIgWxpB5fVbstcng2AMl4qS8EzbXq/uXGrDYDlvMjAd5EU0g3SEbxvZb4JkXEVr5V7L+NoXMUoZs9NghzsWzjTUigrhFComtaRx1l6BqfKiSB3p/nqysAKG0Lnhg0exJVQ==
2018/12/03 12:05:52 Agent Public Key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdKB7f1qSZkzdN841RbqnqCX04mDoQZlojwitGoe6f06V09YeXBQ+SKzBeHEgs69DBKJTUQy96ihiS9ONkR/pvp1UVr05MaiH7DZw7P8U8qRDsO0NL/P6p/0pyx7wpf1J+E/RAJ3Pnri+oxreVOzfGiAFtltKIEsamHimvaHUwFp6TyPskxYvJ32icJp2wvpwiZQ089qLINuLk4WzMKhlQRXtODn2hF7hEoWLwep4PccXYw9MX0jM3AyPpPIDJS+pd3+41C9S/MxLA7W2l7dZR41YQ1fAJYe3q4Nxi4T0xG0YpBXOI3YGz8uNNdSnu1UqI2VnXOyXyApEEIZ3EUPhH
2018/12/03 12:05:52 Connected to ssh-bastion:22
2018/12/03 12:05:52 client sent *ssh.kexInitMsg &{[8 53 237 2 221 67 108 179 100 95 59 215 60 200 152 245] [curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group14-sha1 diffie-hellman-group1-sha1] [ssh-rsa-cert-v01@openssh.com ssh-dss-cert-v01@openssh.com ecdsa-sha2-nistp256-cert-v01@openssh.com ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521-cert-v01@openssh.com ssh-ed25519-cert-v01@openssh.com ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-rsa ssh-dss ssh-ed25519] [aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com arcfour256 arcfour128] [aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com arcfour256 arcfour128] [hmac-sha2-256-etm@openssh.com hmac-sha2-256 hmac-sha1 hmac-sha1-96] [hmac-sha2-256-etm@openssh.com hmac-sha2-256 hmac-sha1 hmac-sha1-96] [none] [none] [] [] false 0} (<nil>)
2018/12/03 12:05:52 client got *ssh.kexInitMsg &{[248 184 202 175 74 93 51 49 108 88 229 5 158 203 64 52] [curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha1 diffie-hellman-group14-sha1 diffie-hellman-group1-sha1] [ssh-rsa ssh-dss ecdsa-sha2-nistp256 ssh-ed25519] [aes128-ctr aes192-ctr aes256-ctr] [aes128-ctr aes192-ctr aes256-ctr] [hmac-sha1 hmac-ripemd160] [hmac-sha1 hmac-ripemd160] [none zlib@openssh.com] [none zlib@openssh.com] [] [] false 0} (<nil>)
2018/12/03 12:05:52 client entered key exchange
2018/12/03 12:05:53 client exited key exchange (first true), err <nil>
2018/12/03 12:05:53 client sent *ssh.serviceRequestMsg &{ssh-userauth} (<nil>)
2018/12/03 12:05:53 client got *ssh.serviceAcceptMsg &{ssh-userauth} (<nil>)
2018/12/03 12:05:53 client sent *ssh.userAuthRequestMsg &{"xxxx" ssh-connection none []} (<nil>)
2018/12/03 12:05:53 client got *ssh.userAuthFailureMsg &{[publickey] false} (<nil>)
2018/12/03 12:05:53 client sent *ssh.userAuthRequestMsg &{"xxxx" ssh-connection publickey [0 0 0 0 7 115 115 104 45 114 115 97 0 0 2 23 0 0 0 7 115 115 104 45 114 115 97 0 0 0 3 1 0 1 0 0 2 1 0 194 146 248 219 191 101 245 208 6 192 87 53 242 240 90 23 179 197 193 191 47 156 221 119 52 53 183 59 177 166 10 251 31 212 24 74 193 169 138 18 150 105 132 205 76 167 17 233 233 237 2 93 90 162 129 161 110 254 112 0 221 143 230 83 215 80 126 39 247 148 170 83 182 63 148 29 128 88 108 202 210 164 43 155 62 133 180 148 39 93 32 169 202 252 100 35 47 107 21 184 109 110 5 145 245 219 150 137 220 220 119 149 129 93 93 100 123 101 248 224 220 232 176 212 21 8 227 19 244 117 56 215 237 1 95 58 89 79 217 119 229 227 231 154 83 24 48 159 155 122 237 76 25 205 157 95 120 187 213 46 16 3 84 5 229 2 222 240 58 15 171 137 218 92 128 31 94 91 189 208 79 196 117 13 179 187 188 53 131 102 36 120 20 168 155 252 26 178 149 200 251 7 235 33 21 147 168 155 66 89 148 230 252 100 34 11 35 207 203 40 27 210 81 188 147 119 22 198 229 19 58 130 255 137 254 152 25 43 165 252 249 199 65 138 58 47 146 4 162 90 244 7 22 110 151 199 135 121 168 117 209 37 5 155 172 111 39 86 28 39 188 106 231 229 123 55 213 65 116 113 11 200 21 85 89 196 221 16 89 54 255 122 63 18 40 232 239 152 182 61 121 218 250 237 162 111 12 82 96 158 253 119 19 250 2 222 235 17 221 217 114 107 105 7 104 147 67 100 99 108 117 102 233 5 119 5 122 124 99 26 29 206 98 89 231 148 97 222 24 51 172 70 250 229 70 150 19 110 95 219 136 225 81 84 249 59 163 249 146 78 165 115 254 36 241 32 200 227 208 17 165 28 4 208 43 32 28 65 101 149 21 73 68 25 23 227 150 222 204 148 125 35 243 32 116 57 173 144 144 158 250 225 243 242 54 12 136 22 198 144 121 125 86 236 181 201 224 216 3 37 226 164 188 19 54 215 171 251 151 26 176 216 14 91 204 140 7 121 17 77 32 221 33 27 198 246 91 224 153 23 17 90 249 87 178 254 54 133 204 82 134 108 244 216 33 206 197 179 141 53 34 130 184 69 10 137 173 105 28 117 151 160 106 124 168 146 7 122 127 158 172 172 0 161 180 46 120 96 209 236 73 85]} (<nil>)
2018/12/03 12:05:53 client got *ssh.userAuthFailureMsg &{[publickey] false} (<nil>)
2018/12/03 12:05:53 client sent *ssh.userAuthRequestMsg &{"xxxx" ssh-connection publickey [0 0 0 0 7 115 115 104 45 114 115 97 0 0 1 23 0 0 0 7 115 115 104 45 114 115 97 0 0 0 3 1 0 1 0 0 1 1 0 157 40 30 223 214 164 153 147 55 77 243 141 81 110 169 234 9 125 56 152 58 16 102 90 35 194 43 70 161 238 159 211 165 116 245 135 151 5 15 146 43 48 94 28 72 44 235 208 193 40 148 212 67 47 122 138 24 146 244 227 100 71 250 111 167 85 21 175 78 76 106 33 251 13 156 59 63 197 60 169 16 236 59 67 75 252 254 169 255 74 114 199 188 41 127 82 126 19 244 64 39 115 231 174 47 168 198 183 149 59 55 198 136 1 109 150 210 136 18 198 166 30 41 175 104 117 48 22 158 147 200 251 36 197 139 201 223 104 156 38 157 176 190 156 34 101 13 60 246 162 200 54 226 228 225 108 204 42 25 80 69 123 78 14 125 161 23 184 68 161 98 240 122 158 15 113 197 216 195 211 23 210 51 55 3 35 233 60 128 201 75 234 93 223 238 53 11 212 191 51 18 192 237 109 165 237 214 81 227 86 16 213 240 9 97 237 234 224 220 98 225 61 49 27 70 41 5 115 136 221 129 179 242 227 77 117 41 238 213 74 136 217 89 215 59 37 242 2 145 4 33 157 196 80 248 71]} (<nil>)
2018/12/03 12:05:53 client got *ssh.userAuthFailureMsg &{[publickey] false} (<nil>)
2018/12/03 12:05:53 Failed to create new sshClient: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2018/12/03 12:05:53 Config is: &{Config:{Rand:<nil> RekeyThreshold:0 KeyExchanges:[] Ciphers:[] MACs:[]} User:"xxxx" Auth:[0x13d22f0] HostKeyCallback:0x13cac10 ClientVersion: HostKeyAlgorithms:[] Timeout:10s}
2018/12/03 12:05:53 No SSH, no tunnel.
2018/12/03 12:05:53 Unable to connect to tunneledsite:443
connection refused

What did you expect to see?

The user can authenticate with the same agent settings when using the standard mac openssh client.

What did you see instead?

Public key authentication is presented but fails. handshake debug has been enabled above.
So far, there's a 2 failures to 1 success rate, this is a failing connection

2018/12/03 12:02:43 client sent *ssh.userAuthRequestMsg &{yyyy ssh-connection publickey [1 0 0 0 7 115 115 104 45 114 115 97 0 0 1 23 0 0 0 7 115 115 104 45 114 115 97 0 0 0 3 1 0 1 0 0 1 1 0 213 34 175 132 250 208 230 139 170 192 26 181 77 231 220 83 104 52 83 9 191 78 26 74 221 189 15 127 0 109 158 212 94 155 3 30 75 3 121 108 61 8 10 43 153 80 201 158 187 124 91 155 122 3 240 254 49 27 240 43 89 176 224 33 122 105 234 166 132 213 128 128 223 167 2 85 144 77 237 26 0 97 9 214 16 204 211 16 175 182 140 99 95 62 11 103 171 217 214 85 240 181 232 25 64 147 200 12 40 23 210 4 50 86 188 137 90 166 52 213 105 234 205 71 213 63 209 147 216 197 224 83 106 154 48 94 123 185 97 143 173 180 142 5 236 67 11 26 221 142 252 113 79 77 86 200 23 137 4 176 58 162 97 116 224 56 193 218 146 205 37 106 245 231 167 221 29 146 236 65 176 67 166 245 172 200 223 192 180 173 216 63 113 15 46 122 184 224 235 8 28 11 191 180 128 213 132 97 68 118 50 73 132 55 29 250 87 32 45 252 3 134 75 112 103 203 73 140 153 92 187 190 73 15 95 102 161 153 146 145 110 132 64 251 140 4 226 26 48 166 229 202 244 223 240 243 0 0 1 15 0 0 0 7 115 115 104 45 114 115 97 0 0 1 0 155 15 131 220 83 4 181 199 8 159 12 152 76 157 158 232 66 15 51 217 97 224 220 178 215 120 57 116 141 238 199 156 129 118 52 67 108 151 74 255 252 228 121 130 109 165 208 49 1 96 187 142 246 114 172 72 94 44 162 98 76 88 31 186 149 192 245 185 71 242 218 96 209 59 82 179 53 18 12 245 88 45 65 62 113 205 249 189 106 7 86 69 5 85 65 223 197 198 79 230 10 148 73 129 93 25 123 200 137 122 45 206 191 128 182 247 230 237 0 112 37 88 110 83 233 56 129 229 66 225 95 170 213 147 248 59 146 128 145 125 112 143 198 136 104 11 202 242 230 31 65 82 174 246 242 208 14 190 154 234 115 176 55 200 173 13 23 47 15 212 217 163 148 191 23 146 28 240 8 128 70 77 72 106 183 251 143 24 203 228 89 161 255 254 5 53 37 199 96 199 78 206 68 167 177 133 218 233 204 33 151 25 11 112 214 57 33 32 6 92 205 65 101 116 232 172 172 129 185 231 153 69 102 136 160 23 211 17 235 35 9 92 124 166 171 64 85 63 185 41 233 75 246 3 244 19]} (<nil>)
2018/12/03 12:02:43 client got *ssh.userAuthSuccessMsg &{} (<nil>)

What is really interesting is that the failing username is surrounded by quotes, the succeeding is not. His configuration is not surrounded by quotation marks. We are using the same binary.

@gopherbot gopherbot added this to the Unreleased milestone Dec 3, 2018
@beiriannydd
Copy link
Author

This is a local configuration file issue. Closing.

@golang golang locked and limited conversation to collaborators Dec 3, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

2 participants