Git does not seem to work with the onlykey-agent
Closed this issue · 7 comments
Hey guys,
When changing my git private key to one generated by onlykey I became stuck with the following error message when executing onlykey-agent -v myGithubIdentity git push
2020-05-27 10:53:32,244 INFO getting public key from OnlyKey... [client.py:54]
2020-05-27 10:53:32,244 INFO Trying to read the public key... [client.py:55]
2020-05-27 10:53:32,245 INFO Identity hash ='<long string consisting of mostly \xXX sequences>' [client.py:67]
2020-05-27 10:53:32,747 INFO received= '<long string consisting of mostly \xXX sequences>' [client.py:75]
2020-05-27 10:53:32,748 INFO Received Public Key generated by OnlyKey= '<long string consisting of mostly \xXX sequences>' [client.py:84]
2020-05-27 10:53:32,749 INFO using SSH public key: <Same public key as listed on github.com> [__main__.py:109]
2020-05-27 10:53:32,753 INFO running ['git', 'push'] with {'SSH_AUTH_SOCK': '/tmp/ssh-agent-2bAQGO', 'SSH_AGENT_PID': '10158'} [server.py:140]
2020-05-27 10:53:33,190 ERROR failed to connect [client.py:192]
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/onlykey/client.py", line 184, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
2020-05-27 10:53:34,700 ERROR failed to connect [client.py:192]
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/onlykey/client.py", line 184, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
2020-05-27 10:53:36,209 ERROR failed to connect [client.py:192]
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/onlykey/client.py", line 184, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
2020-05-27 10:53:37,717 ERROR failed to connect [client.py:192]
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/onlykey/client.py", line 184, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
2020-05-27 10:53:39,227 ERROR failed to connect [client.py:192]
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/onlykey/client.py", line 184, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
Traceback (most recent call last):
File "/usr/local/bin/onlykey-agent", line 8, in <module>
sys.exit(run_agent())
File "/usr/local/lib/python2.7/dist-packages/onlykey_agent/__main__.py", line 123, in wrapper
return func(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/onlykey_agent/__main__.py", line 136, in run_agent
with client_factory(curve=args.ecdsa_curve_name) as conn:
File "/usr/local/lib/python2.7/dist-packages/onlykey_agent/client.py", line 28, in __init__
self.ok = OnlyKey()
File "/usr/local/lib/python2.7/dist-packages/onlykey/client.py", line 167, in __init__
raise e
onlykey.client.OnlyKeyUnavailableException
2020-05-27 10:53:40,782 INFO disconnected from OnlyKey [client.py:41]
The strange thing is that when I execute ssh instead of git it works as expected:
$ onlykey-agent -v 192.168.10.51 ssh 192.168.10.51
2020-05-27 10:48:05,362 INFO getting public key from OnlyKey... [client.py:54]
2020-05-27 10:48:05,363 INFO Trying to read the public key... [client.py:55]
2020-05-27 10:48:05,364 INFO Identity hash ='<long string consisting of mostly \xXX sequences>' [client.py:67]
2020-05-27 10:48:05,867 INFO received= '<long string consisting of mostly \xXX sequences>' [client.py:75]
2020-05-27 10:48:05,868 INFO Received Public Key generated by OnlyKey= '<long string consisting of mostly \xXX sequences>' [client.py:84]
2020-05-27 10:48:05,869 INFO using SSH public key: <correct public key> [__main__.py:109]
2020-05-27 10:48:05,876 INFO running ['ssh', '192.168.10.51'] with {'SSH_AUTH_SOCK': '/tmp/ssh-agent-FFHh36', 'SSH_AGENT_PID': '9803'} [server.py:140]
2020-05-27 10:48:06,031 INFO please confirm user "quinten" login to "192.168.10.51" using OnlyKey [client.py:100]
Traceback (most recent call last):
File "/usr/lib/python2.7/logging/__init__.py", line 868, in emit
msg = self.format(record)
File "/usr/lib/python2.7/logging/__init__.py", line 741, in format
return fmt.format(record)
File "/usr/lib/python2.7/logging/__init__.py", line 465, in format
record.message = record.getMessage()
File "/usr/lib/python2.7/logging/__init__.py", line 329, in getMessage
msg = msg % self.args
TypeError: not all arguments converted during string formatting
Logged from file client.py, line 123
2020-05-27 10:48:06,034 INFO Key type P256 [client.py:135]
Please confirm user quinten login to 192.168.10.51 using OnlyKey
Enter the 3 digit challenge code shown below on OnlyKey to authenticate
X X X
2020-05-27 10:48:09,442 INFO received= '<long string consisting of mostly \xXX sequences>' [client.py:149]
2020-05-27 10:48:09,443 INFO disconnected from OnlyKey [client.py:152]
2020-05-27 10:48:09,462 INFO signature status: OK [protocol.py:152]
Welcome to Ubuntu 18.04.4 LTS (GNU/Linux 4.15.0-101-generic x86_64)
I have set my udev rules to use USER and GROUP instead of mode, this does not seem to be the issue however because changing it back to MODE="666" did not change the behaviour.
firmware version of my onlykey: Firmware v0.2-beta.8c (The one it shipped with)
Let me know if I can help by supplying additional information.
Thanks for the help in advance!
@quinten1333 You have to specify user@domain, have you tried something like this:
onlykey-agent root@example.com git push
@onlykey Thanks for the fast reply!
Yea I did (removed a little to much haha). The following commands produce the following output:
(The only key was plugged in unlocked the whole duration)
$ onlykey-agent -c git@github.com
Please confirm user git login to git@github.com using OnlyKey
Enter the 3 digit challenge code shown below on OnlyKey to authenticate
3 3 3
PTY allocation request failed on channel 0
Hi quinten1333! You've successfully authenticated, but GitHub does not provide shell access.
Connection to github.com closed.
$ onlykey-agent git@github.com git push
2020-05-28 20:05:59,271 ERROR failed to connect [client.py:192]
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/onlykey/client.py", line 184, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
2020-05-28 20:06:00,778 ERROR failed to connect [client.py:192]
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/onlykey/client.py", line 184, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
2020-05-28 20:06:02,285 ERROR failed to connect [client.py:192]
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/onlykey/client.py", line 184, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
^CTraceback (most recent call last):
File "/usr/local/bin/onlykey-agent", line 8, in <module>
sys.exit(run_agent())
File "/usr/local/lib/python2.7/dist-packages/onlykey_agent/__main__.py", line 123, in wrapper
return func(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/onlykey_agent/__main__.py", line 136, in run_agent
with client_factory(curve=args.ecdsa_curve_name) as conn:
File "/usr/local/lib/python2.7/dist-packages/onlykey_agent/client.py", line 28, in __init__
self.ok = OnlyKey()
File "/usr/local/lib/python2.7/dist-packages/onlykey/client.py", line 164, in __init__
time.sleep(1.5)
KeyboardInterrupt
I made some much needed changes to documentation here -
https://docs.crp.to/onlykey-agent.html
Are you able to do this?
onlykey-agent identity@myhost -- git push
Also should be able to do the things listed here since OnlyKey agent is based on Trezor Agent
https://github.com/romanz/trezor-agent/blob/master/doc/README-SSH.md
@onlykey Nope that does not work either.
$ onlykey-agent git@github.com -- git push
or
$ onlykey-agent -s git@github.com
$ git push
Both result in:
2020-05-28 21:56:12,947 ERROR failed to connect [client.py:192]
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/onlykey/client.py", line 184, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
2020-05-28 21:56:14,454 ERROR failed to connect [client.py:192]
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/onlykey/client.py", line 184, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
2020-05-28 21:56:15,962 ERROR failed to connect [client.py:192]
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/onlykey/client.py", line 184, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
2020-05-28 21:56:17,467 ERROR failed to connect [client.py:192]
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/onlykey/client.py", line 184, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
^CTraceback (most recent call last):
File "/usr/local/bin/onlykey-agent", line 8, in <module>
sys.exit(run_agent())
File "/usr/local/lib/python2.7/dist-packages/onlykey_agent/__main__.py", line 123, in wrapper
return func(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/onlykey_agent/__main__.py", line 136, in run_agent
with client_factory(curve=args.ecdsa_curve_name) as conn:
File "/usr/local/lib/python2.7/dist-packages/onlykey_agent/client.py", line 28, in __init__
self.ok = OnlyKey()
File "/usr/local/lib/python2.7/dist-packages/onlykey/client.py", line 164, in __init__
time.sleep(1.5)
KeyboardInterrupt
I missed the configuration of the trazor agent to be be inbetween all ssh authentication by setting SSH_AUTH_SOCK as described here: https://github.com/romanz/trezor-agent/blob/master/doc/README-SSH.md#start-the-agent-as-a-systemd-unit so haven't tried that yet. But I dont think it will change the error tough since the SSH_AUTH_SOCK is set correclty when using the shell option and when executing a command by appending it.
Is this error specific to me or are you guy's unable to use git with the onlykey-agent as well?
(All ssh using commands from git give this error btw, so fetch and pull as well)
@onlykey any progression?
@quinten1333 I have not been able to replicate your issue. We are close to releasing a new onlykey-agent though I would expect that in the next week
@quinten1333 Are you able to see the issue on the new release - https://docs.crp.to/upgradeguide.html