search for: sign_and_send_pubkey

...private and the cert (also with the private key) loaded together to work. if I try to use just the cert after this commit, I see: debug1: Server accepts key: pkalg ssh-rsa-cert-v01 at openssh.com blen 2769 debug2: input_userauth_pk_ok: fp SHA256:XiFOO+XzZ0m/aWzkQLgxVFI2HJV3abWpNyuIhcEYKuc debug3: sign_and_send_pubkey: RSA-CERT SHA256:XiFOO+XzZ0m/aWzkQLgxVFI2HJV3abWpNyuIhcEYKuc debug1: sign_and_send_pubkey: no private key for certificate "[Valid until Fri 11 Mar 2016 18:10 UTC, Version 2]" if I modify the ca to add both the cert (with private key) and the private key, so my agent looks like this: $ ....

https://bugzilla.mindrot.org/show_bug.cgi?id=2617 Bug ID: 2617 Summary: sign_and_send_pubkey: no separate private key for certificate Product: Portable OpenSSH Version: 7.3p1 Hardware: 68k OS: Mac OS X Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unas...

...lib/pkcs11/opensc-pkcs11.so $ ssh -vv $REMOTEHOST OpenSSH_7.3p1, OpenSSL 1.0.2j 26 Sep 2016 ... debug1: Offering RSA public key: /usr/lib/libykcs11.so debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-rsa blen 279 debug2: input_userauth_pk_ok: fp SHA256:... sign_and_send_pubkey: signing failed: agent refused operation ... debug1: Next authentication method: password $USER@$REMOTEHOST's password: If I remove the library (and keys) and try the connection again: $ ssh-add -e /lib/pkcs11/opensc-pkcs11.so Card removed: /lib/pkcs11/opensc-pkcs11.so $ ssh-add -l The agent...

...e local system window gets the GUI pop-up the 'two ssh' > window asks for the passphrase in the terminal. > I think I have it! I need to unset SSH_AUTH_SOCK, that's all that's needed. See:- chris$ ssh -i backup_id_rsa backup [here the pop-up appears and I cancel it] sign_and_send_pubkey: signing failed for RSA "backup_id_rsa" from agent: agent refused operation chris at backup's password: chris$ env | grep SSH SSH_AUTH_SOCK=/run/user/1000/keyring/ssh SSH_ASKPASS_REQUIRE=never chris$ unset SSH_AUTH_SOCK chris$ ssh -i backup_id_rsa backup...

On 2024/01/02 09:51, Chris Green wrote: > I think I have it! I need to unset SSH_AUTH_SOCK, that's all that's > needed. See:- > > chris$ ssh -i backup_id_rsa backup > [here the pop-up appears and I cancel it] > sign_and_send_pubkey: signing failed for RSA "backup_id_rsa" from > agent: agent refused operation > chris at backup's password: > > chris$ env | grep SSH > SSH_AUTH_SOCK=/run/user/1000/keyring/ssh > SSH_ASKPASS_REQUIRE=never > chris$ unset SSH_AUTH_SOCK >...

...mode() ? SSH_FP_SHA1 : SSH_FP_MD5, ! SSH_FP_HEX); debug2("input_userauth_pk_ok: fp %s", fp); xfree(fp); *************** *** 1204,1210 **** int have_sig = 1; char *fp; ! fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp); xfree(fp); --- 1218,1225 ---- int have_sig = 1; char *fp; ! fp = key_fingerprint(id->key, FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, ! SSH_FP_HEX); debug3("sign_and_send_pubkey: %s %s", key_type(id-&gt...

...erauth_pubkey_agent: testing agent key /root/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 400377a0 hint -1 debug2: input_userauth_pk_ok: fp 7a:44:be:6c:94:18:fb:0c:ff:e5:1a:9a:07:98:a5:27 debug3: sign_and_send_pubkey debug3: clear_auth_state: key_free 400377a0 debug1: ssh-userauth2 successful: method publickey debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug1: send channel open 0 Memory fault(coredump) # ssh -V OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f HP-...

...======================== RCS file: /usr/obsd-repos/src/usr.bin/ssh/sshconnect2.c,v retrieving revision 1.178 diff -u -N -p sshconnect2.c --- sshconnect2.c 11 Jan 2010 04:46:45 -0000 1.178 +++ sshconnect2.c 11 Jan 2010 23:12:38 -0000 @@ -244,7 +244,7 @@ void userauth(Authctxt *, char *); static int sign_and_send_pubkey(Authctxt *, Identity *); static void pubkey_prepare(Authctxt *); static void pubkey_cleanup(Authctxt *); -static Key *load_identity_file(char *); +static Key *load_identity_file(char *, AuthenticationConnection *); static Authmethod *authmethod_get(char *authlist); static Authmethod *authmeth...

https://bugzilla.mindrot.org/show_bug.cgi?id=2890 Bug ID: 2890 Summary: ssh-agent should not fail after removing and inserting smart card Product: Portable OpenSSH Version: 7.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component:

...sh/keys/secret.key debug3: send_pubkey_test debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 60 debug1: Server accepts key: pkalg ssh-rsa blen 535 debug2: input_userauth_pk_ok: fp SHA256:W0A/tu/vWh2vk0zHJUdTsZN9adQmS6x7fEbMbSTayfs debug3: sign_and_send_pubkey: RSA SHA256:W0A/tu/vWh2vk0zHJUdTsZN9adQmS6x7fEbMbSTayfs debug3: send packet: type 50 debug3: receive packet: type 51 Authenticated with partial success. debug1: Authentications that can continue: password,publickey,keyboard-interactive debug1: Offering RSA public key: /ssh/keys/secret.key LOOP

Hello I think I've found a bug but since no one replied to me on comp.security.ssh, I'll try my luck here. On my client, PreferredAuthentications is set to publickey,password. When using the commands option in authorized_keys file like command="ls" ssh-dss <key>... it is supposed to connect using the private key associated with <key>, perform ls and then quits.

...f method pubkey failed. the reasion is identity_sign() used the id_rsa2.pub as pubkey, and signed it by id_rsa1 private key. that sshd verify signature failed. but, if you remove ~/.ssh/id_rsa.pub, ssh client will used full ~/.ssh/id_rsa (extract pubkey,privatekey) through userauth_pubkey() -->sign_and_send_pubkey() -->identity_sign() and login success. i think ssh designed to login use pubkey as possible we you can. and if id_rsa unmatch id_rsa.pub, ssh should trust id_rsa and drop the rsa.pub file, try do login again as id_rsa.pub not exist. -- You are receiving this mail because: You are watchi...

...ect to the target server from the test client: $ ssh -vvv -Y -p 2022 -l test 172.31.44.115 There is verbose output, which mostly seems right until (on the client): debug1: ssh_rsa_verify: signature correct debug2: input_userauth_pk_ok: fp c9:42:44:91:48:04:45:b2:ee:93:12:3f:e5:89:13:ab debug3: sign_and_send_pubkey: RSA-CERT c9:42:44:91:48:04:45:b2:ee:93:12:3f:e5:89:13:ab debug1: read PEM private key begin debug1: key_parse_private_pem: PEM_read_PrivateKey failed debug1: read PEM private key done: type <unknown> Enter passphrase for key '/home/test/.ssh/id_rsa': ...and, correspondingly on the s...

...authentication method: publickey debug1: Offering public key: /home/phk/.ssh/id_dsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-dss blen 433 debug2: input_userauth_pk_ok: fp a1:04:99:61:03:22:7e:79:20:fd:57:57:2c:7c:a8:98 debug3: sign_and_send_pubkey debug1: PEM_read_PrivateKey failed debug1: read PEM private key done: type <unknown> Enter passphrase for key '/home/phk/.ssh/id_dsa': ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...EGmNZHHSpDoD9Hppg+YzU+O0 agent > debug3: send packet: type 50 > debug2: we sent a publickey packet, wait for reply > debug3: receive packet: type 60 > debug1: Server accepts key: id_dtacld_shortlived_rsa RSA-CERT > SHA256:AeEypypDIQ7DXiFtXfpEGmNZHHSpDoD9Hppg+YzU+O0 agent > debug3: sign_and_send_pubkey: RSA-CERT > SHA256:AeEypypDIQ7DXiFtXfpEGmNZHHSpDoD9Hppg+YzU+O0 > debug1: sign_and_send_pubkey: no separate private key for certificate > "id_dtacld_shortlived_rsa" > debug3: sign_and_send_pubkey: signing using ssh-rsa-cert-v01 at openssh.com > debug3: send packet: type 50 &...

...ot;); + if (authctxt->sent_signed_id != NULL) { + debug3("Marking key %s as successful", + authctxt->sent_signed_id->filename); + authctxt->sent_signed_id->tried = IDENTITY_SUCCESSFUL; + } /* reset state */ pubkey_reset(authctxt); } @@ -1168,6 +1175,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) packet_put_raw(buffer_ptr(&b), buffer_len(&b)); buffer_free(&b); packet_send(); + authctxt->sent_signed_id = id; return 1; } @@ -1422,6 +1430,7 @@ pubkey_cleanup(Authctxt *authctxt) free(id->filename); free(id); } + authctxt-&gt...

...thentication with +the identity. .It Cm IgnoreUnknown Specifies a pattern-list of unknown options to be ignored if they are encountered in configuration parsing. diff --git a/sshconnect2.c b/sshconnect2.c index 34dbf9a..fb24b5e 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1016,6 +1016,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) u_int skip = 0; int ret = -1; int have_sig = 1; + int i; char *fp; if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash, @@ -1053,6 +1054,33 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) } buffer_put_string(&b, blob, blo...

...od: publickey debug1: Offering RSA public key: /usr/src/INET/openssh/regress/rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-rsa blen 279 debug2: input_userauth_pk_ok: fp SHA256:9nhdTr/rVwghJZfRSbSVGw1Rb7TuhygvZoYal45dJ98 debug3: sign_and_send_pubkey: RSA SHA256:9nhdTr/rVwghJZfRSbSVGw1Rb7TuhygvZoYal45dJ98 debug1: Authentications that can continue: publickey,password,keyboard-interactive debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey,password,keyboard-interactive). FAI...

...ethod to try is publickey debug1: try pubkey: //.ssh/id_dsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: input_userauth_pk_ok: pkalg ssh-dss blen 434 lastkey 10ae98 hint 1 debug2: input_userauth_pk_ok: fp b2:48:f6:61:cd:b8:d0:b5:58:85:95:be:7e:20:68:a8 debug3: sign_and_send_pubkey debug1: read PEM private key done: type DSA debug1: sig size 20 20 debug1: ssh-userauth2 successful: method publickey debug1: fd 6 setting O_NONBLOCK debug1: channel 0: new [client-session] debug1: channel_new: 0 debug1: send channel open 0 debug1: Entering interactive session. debug2: callback sta...

On 2019-11-14, Damien Miller <djm at mindrot.org> wrote: > Please give this a try - security key support is a substantial change and > it really needs testing ahead of the next release. Hi Damien, Thanks for working on security key support, this is a really nice feature to have in openssh. My non-FIDO2 security key (YubiKey NEO) doesn't work with the latest changes to openssh