search for: sign_and_send_pubkey

https://bugzilla.mindrot.org/show_bug.cgi?id=3406 Bug ID: 3406 Summary: RSA key authentication doesn't work with enabled GSSAPIKeyExchange: sign_and_send_pubkey: internal error: initial hostkey not recorded Product: Portable OpenSSH Version: 8.9p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: Kerberos support...

...private and the cert (also with the private key) loaded together to work. if I try to use just the cert after this commit, I see: debug1: Server accepts key: pkalg ssh-rsa-cert-v01 at openssh.com blen 2769 debug2: input_userauth_pk_ok: fp SHA256:XiFOO+XzZ0m/aWzkQLgxVFI2HJV3abWpNyuIhcEYKuc debug3: sign_and_send_pubkey: RSA-CERT SHA256:XiFOO+XzZ0m/aWzkQLgxVFI2HJV3abWpNyuIhcEYKuc debug1: sign_and_send_pubkey: no private key for certificate "[Valid until Fri 11 Mar 2016 18:10 UTC, Version 2]" if I modify the ca to add both the cert (with private key) and the private key, so my agent looks like this: $ ....

...ect using ssh certificates and host constraints. Hi, I've tried using SSH certificates with host constraints in the agent, however I get the following error: in ssh: ``` debug1: Server accepts key: thibault at emil ED25519-CERT SHA256:ieHFl8uwTyPo18egdwxbBq+YqmfN6SyE3cE9Hc5ZxiQ agent debug3: sign_and_send_pubkey: using publickey-hostbound-v00 at openssh.com with ED25519-CERT SHA256:ieHFl8uwTyPo18egdwxbBq+YqmfN6SyE3cE9Hc5ZxiQ debug2: sign_and_send_pubkey: using private key "thibault at emil" from agent for certificate debug3: sign_and_send_pubkey: signing using ssh-ed25519-cert-v01 at openssh.com...

...turn this webauthn signature type for an "sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com" cert. However, this fails with the following output on the client side: ``` debug1: Server accepts key: ECDSA-SK-CERT SHA256:1FFCks/uvL5MVUBOcr8f3mNlLpdaw1Qt1CHA7JNqZp0 authenticator agent debug3: sign_and_send_pubkey: using publickey with ECDSA-SK-CERT SHA256:1FFCks/uvL5MVUBOcr8f3mNlLpdaw1Qt1CHA7JNqZp0 debug1: sign_and_send_pubkey: no separate private key for certificate "" debug3: sign_and_send_pubkey: signing using sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com SHA256:1FFCks/uvL5MVUBOcr8f3mNlLpdaw1Q...

https://bugzilla.mindrot.org/show_bug.cgi?id=2617 Bug ID: 2617 Summary: sign_and_send_pubkey: no separate private key for certificate Product: Portable OpenSSH Version: 7.3p1 Hardware: 68k OS: Mac OS X Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unas...

...lib/pkcs11/opensc-pkcs11.so $ ssh -vv $REMOTEHOST OpenSSH_7.3p1, OpenSSL 1.0.2j 26 Sep 2016 ... debug1: Offering RSA public key: /usr/lib/libykcs11.so debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-rsa blen 279 debug2: input_userauth_pk_ok: fp SHA256:... sign_and_send_pubkey: signing failed: agent refused operation ... debug1: Next authentication method: password $USER@$REMOTEHOST's password: If I remove the library (and keys) and try the connection again: $ ssh-add -e /lib/pkcs11/opensc-pkcs11.so Card removed: /lib/pkcs11/opensc-pkcs11.so $ ssh-add -l The agent...

...ldn?t get this to work. Or rather it seems to work with no error, but doesn?t _actually_ work: This is with Yubikey 5C and certificate in 9a slot (9c does the same) debug1: Server accepts key: id_ecdsa_sk_rk ECDSA-SK SHA256:0dttd879INvMlZ92xl4NOIkJ2AJUksEAsup0UgSqu5k explicit authenticator debug3: sign_and_send_pubkey: using publickey-hostbound-v00 at openssh.com with ECDSA-SK SHA256:0dttd879INvMlZ92xl4NOIkJ2AJUksEAsup0UgSqu5k debug3: sign_and_send_pubkey: signing using sk-ecdsa-sha2-nistp256 at openssh.com SHA256:0dttd879INvMlZ92xl4NOIkJ2AJUksEAsup0UgSqu5k Confirm user presence for key ECDSA-SK SHA256:0dttd879I...

...e local system window gets the GUI pop-up the 'two ssh' > window asks for the passphrase in the terminal. > I think I have it! I need to unset SSH_AUTH_SOCK, that's all that's needed. See:- chris$ ssh -i backup_id_rsa backup [here the pop-up appears and I cancel it] sign_and_send_pubkey: signing failed for RSA "backup_id_rsa" from agent: agent refused operation chris at backup's password: chris$ env | grep SSH SSH_AUTH_SOCK=/run/user/1000/keyring/ssh SSH_ASKPASS_REQUIRE=never chris$ unset SSH_AUTH_SOCK chris$ ssh -i backup_id_rsa backup...

On 2024/01/02 09:51, Chris Green wrote: > I think I have it! I need to unset SSH_AUTH_SOCK, that's all that's > needed. See:- > > chris$ ssh -i backup_id_rsa backup > [here the pop-up appears and I cancel it] > sign_and_send_pubkey: signing failed for RSA "backup_id_rsa" from > agent: agent refused operation > chris at backup's password: > > chris$ env | grep SSH > SSH_AUTH_SOCK=/run/user/1000/keyring/ssh > SSH_ASKPASS_REQUIRE=never > chris$ unset SSH_AUTH_SOCK >...

...mode() ? SSH_FP_SHA1 : SSH_FP_MD5, ! SSH_FP_HEX); debug2("input_userauth_pk_ok: fp %s", fp); xfree(fp); *************** *** 1204,1210 **** int have_sig = 1; char *fp; ! fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp); xfree(fp); --- 1218,1225 ---- int have_sig = 1; char *fp; ! fp = key_fingerprint(id->key, FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, ! SSH_FP_HEX); debug3("sign_and_send_pubkey: %s %s", key_type(id-&gt...

...erauth_pubkey_agent: testing agent key /root/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 400377a0 hint -1 debug2: input_userauth_pk_ok: fp 7a:44:be:6c:94:18:fb:0c:ff:e5:1a:9a:07:98:a5:27 debug3: sign_and_send_pubkey debug3: clear_auth_state: key_free 400377a0 debug1: ssh-userauth2 successful: method publickey debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug1: send channel open 0 Memory fault(coredump) # ssh -V OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f HP-...

...ithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com or HostkeyAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa PubkeyAcceptedAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa to my .ssh/config and still receive an error message of: agent key RSA-CERT SHA256:..... returned incorrect signature type sign_and_send_pubkey: no mutual signature supported if I update-crpyto-policies to the DEFAULT policy, the connectivity works correctly. I'm a bit confused as to why openssh isn't using my personal config settings to override the system wide settings or am I not setting the necessary or is this by design? --...

...======================== RCS file: /usr/obsd-repos/src/usr.bin/ssh/sshconnect2.c,v retrieving revision 1.178 diff -u -N -p sshconnect2.c --- sshconnect2.c 11 Jan 2010 04:46:45 -0000 1.178 +++ sshconnect2.c 11 Jan 2010 23:12:38 -0000 @@ -244,7 +244,7 @@ void userauth(Authctxt *, char *); static int sign_and_send_pubkey(Authctxt *, Identity *); static void pubkey_prepare(Authctxt *); static void pubkey_cleanup(Authctxt *); -static Key *load_identity_file(char *); +static Key *load_identity_file(char *, AuthenticationConnection *); static Authmethod *authmethod_get(char *authlist); static Authmethod *authmeth...

https://bugzilla.mindrot.org/show_bug.cgi?id=2890 Bug ID: 2890 Summary: ssh-agent should not fail after removing and inserting smart card Product: Portable OpenSSH Version: 7.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component:

...sh.com > or > HostkeyAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa > PubkeyAcceptedAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa > > to my .ssh/config and still receive an error message of: > > agent key RSA-CERT SHA256:..... returned incorrect signature type > sign_and_send_pubkey: no mutual signature supported > > if I update-crpyto-policies to the DEFAULT policy, the connectivity works > correctly. I'm a bit confused as to why openssh isn't using my personal > config settings to override the system wide settings or am I not setting > the necessary...

...lgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa > > PubkeyAcceptedAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa > > > > to my .ssh/config and still receive an error message of: > > > > agent key RSA-CERT SHA256:..... returned incorrect signature type > > sign_and_send_pubkey: no mutual signature supported > > > > if I update-crpyto-policies to the DEFAULT policy, the connectivity works > > correctly. I'm a bit confused as to why openssh isn't using my personal > > config settings to override the system wide settings or am I not setting...

...sh/keys/secret.key debug3: send_pubkey_test debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 60 debug1: Server accepts key: pkalg ssh-rsa blen 535 debug2: input_userauth_pk_ok: fp SHA256:W0A/tu/vWh2vk0zHJUdTsZN9adQmS6x7fEbMbSTayfs debug3: sign_and_send_pubkey: RSA SHA256:W0A/tu/vWh2vk0zHJUdTsZN9adQmS6x7fEbMbSTayfs debug3: send packet: type 50 debug3: receive packet: type 51 Authenticated with partial success. debug1: Authentications that can continue: password,publickey,keyboard-interactive debug1: Offering RSA public key: /ssh/keys/secret.key LOOP

Hello I think I've found a bug but since no one replied to me on comp.security.ssh, I'll try my luck here. On my client, PreferredAuthentications is set to publickey,password. When using the commands option in authorized_keys file like command="ls" ssh-dss <key>... it is supposed to connect using the private key associated with <key>, perform ls and then quits.

...f method pubkey failed. the reasion is identity_sign() used the id_rsa2.pub as pubkey, and signed it by id_rsa1 private key. that sshd verify signature failed. but, if you remove ~/.ssh/id_rsa.pub, ssh client will used full ~/.ssh/id_rsa (extract pubkey,privatekey) through userauth_pubkey() -->sign_and_send_pubkey() -->identity_sign() and login success. i think ssh designed to login use pubkey as possible we you can. and if id_rsa unmatch id_rsa.pub, ssh should trust id_rsa and drop the rsa.pub file, try do login again as id_rsa.pub not exist. -- You are receiving this mail because: You are watchi...

...ect to the target server from the test client: $ ssh -vvv -Y -p 2022 -l test 172.31.44.115 There is verbose output, which mostly seems right until (on the client): debug1: ssh_rsa_verify: signature correct debug2: input_userauth_pk_ok: fp c9:42:44:91:48:04:45:b2:ee:93:12:3f:e5:89:13:ab debug3: sign_and_send_pubkey: RSA-CERT c9:42:44:91:48:04:45:b2:ee:93:12:3f:e5:89:13:ab debug1: read PEM private key begin debug1: key_parse_private_pem: PEM_read_PrivateKey failed debug1: read PEM private key done: type <unknown> Enter passphrase for key '/home/test/.ssh/id_rsa': ...and, correspondingly on the s...