Pageant failed to answer challenge
NTICompass opened this issue · 4 comments
I have a KeepKey and when I use "Show Public Key", it works - asking for my PIN and showing a public key. But when I open PuTTY and try to connect, it also asks for my PIN, I see the "loading" bar on the device then an error: "Pageant failed to answer challenge".
In the log, I see:
[09.05.2018 00:02:32] INFO: Java version: 1.8.0_121-b13 (64-bit)
[09.05.2018 00:02:32] INFO: Java home: C:\Program Files\Java\jre8
[09.05.2018 00:02:32] INFO: Trezor SSH Agent 1.0.3 started successfully
[09.05.2018 00:02:32] INFO: Existing settings file loaded: C:\Users\NTICompass\Trezor_Agent.properties
[09.05.2018 00:02:33] INFO: KeepKey Service Started
[09.05.2018 00:02:34] INFO: Received USB event: SHOW_DEVICE_READY
[09.05.2018 00:02:38] INFO: Request for operation: SSH2_AGENT_GET_IDENTITIES
[09.05.2018 00:02:38] INFO: Received USB event: SHOW_PIN_ENTRY
[09.05.2018 00:02:53] INFO: Received USB event: PUBLIC_KEY_FOR_IDENTITY
[09.05.2018 00:02:53] INFO: Operation SSH2_AGENT_GET_IDENTITIES executed successfully
[09.05.2018 00:02:54] INFO: Request for operation: SSH2_AGENT_SIGN_REQUEST
[09.05.2018 00:02:54] INFO: Received USB event: SHOW_OPERATION_FAILED
[09.05.2018 00:02:54] INFO: Received USB event: SHOW_DEVICE_READY
[09.05.2018 00:02:54] INFO: Received USB event: SHOW_OPERATION_FAILED
[09.05.2018 00:02:54] SEVERE: Sign operation failed
com.trezoragent.exception.SignFailedException: Sign operation failed on HW.
at com.trezoragent.sshagent.DeviceWrapper.signChallenge(DeviceWrapper.java:123)
at com.trezoragent.sshagent.SSHAgent.processSignRequest(SSHAgent.java:253)
at com.trezoragent.sshagent.SSHAgent.answerMessage(SSHAgent.java:170)
at com.trezoragent.sshagent.SSHAgent.answerIfDevicePresent(SSHAgent.java:224)
at com.trezoragent.sshagent.SSHAgent.processMessage(SSHAgent.java:149)
at com.trezoragent.sshagent.SSHAgent.callback(SSHAgent.java:111)
at sun.reflect.GeneratedMethodAccessor1.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.sun.jna.CallbackReference$DefaultCallbackProxy.invokeCallback(CallbackReference.java:485)
at com.sun.jna.CallbackReference$DefaultCallbackProxy.callback(CallbackReference.java:515)
at com.sun.jna.Native.invokeInt(Native Method)
at com.sun.jna.Function.invoke(Function.java:390)
at com.sun.jna.Function.invoke(Function.java:323)
at com.sun.jna.Library$Handler.invoke(Library.java:236)
at com.sun.proxy.$Proxy0.GetMessage(Unknown Source)
at com.trezoragent.sshagent.SSHAgent.startMainLoop(SSHAgent.java:96)
at com.trezoragent.gui.TrayProcess.start(TrayProcess.java:96)
at com.trezoragent.gui.StartAgentGUI.main(StartAgentGUI.java:50)
Please try:
- Using different curve (nist256p1 | ed25519)
- Authenticate to same SSH server with Putty/Pageant
- Try different SSH server
- I have tested my app on KeepKey device around 2yrs ago (hw, firmware), so maybe there is newer revision...?
- If you are java guy, try running app from IDE and place breakpoint on DeviceWrapper:109 to see what is actually coming to identity variable. Is challenge data (challengeHidden variable) ok? Your device answers with "sign operation failed".
Thanks for the suggestions. I can try these things and see what happens. I was also trying to get SSH via KeepKey to work in Linux using trezor-agent (well, keepkey-agent) and I was also getting an error (but it may've been a different error).
I can SSH to the server with PuTTY, I did so to enter in the public key, and the SSH server should suppot these types of keys, but I haven't checked.
I will troubleshoot/debug a bit and see if I can uncover some more details.
P.S. I just bought this KeepKey and when I initialized it, it updated to firmare 5.1
This was an issue with the KeepKey firmware, which is fixed in the latest beta.
glad thats resolved