app-crypt/onlykey-agent-1.1.13 does not work with openssh-8.9_p1-r2 server (and client)

Question

app-crypt/onlykey-agent-1.1.13 does not work with openssh-8.9_p1-r2 server (and client)

Opened this issue 2 years ago · 5 comments

I've added my comment to upstream here:
romanz#387 (comment)

But decided to create this issue so we can keep track of it, the failure is:

File "/usr/lib/python3.9/site-packages/libagent/ssh/protocol.py", line 148, in sign_message
signature = self.conn.sign(blob=blob, identity=key['identity'])
File "/usr/lib/python3.9/site-packages/libagent/ssh/init.py", line 246, in sign
return conn.sign_ssh_challenge(blob=blob, identity=identity)
File "/usr/lib/python3.9/site-packages/libagent/ssh/client.py", line 35, in sign_ssh_challenge
msg = parse_ssh_blob(blob)
File "/usr/lib/python3.9/site-packages/libagent/ssh/client.py", line 84, in parse_ssh_blob
assert not i.read()
AssertionError
sign_and_send_pubkey: signing failed for ED25519 "/tmp/trezor-ssh-pubkey-xvuheqx8" from agent: communication with agent failed

Answer 1 · 2022-05-25T14:09:12.000Z

Same there with OpenSSH_9.0p1 (Debian testing/sid)

Answer 2 · 2022-05-27T11:59:27.000Z

There is a fix upstream, it worked for me. See the linked thread in the description for more details.

Answer 3 · 2022-05-27T18:07:55.000Z

Thanks! onlykey-agent 1.1.14 has been released with this fix.

Answer 4 · 2022-05-31T08:40:06.000Z

Working with a warning here :

onlykey-agent user@server -c
2022-05-31 10:36:16,000 WARNING      unparsed blob: b'\x00\ ..... REDACTED [client.py:86]'

versions :
onlykey-agent=1.1.14 lib-agent=1.0.5
openssh client : OpenSSH_9.0p1 Debian-1, OpenSSL 1.1.1o 3 May 2022
openssh server 1:8.9p1-3 (ubuntu 22.04)

Answer 5 · 2022-06-02T14:57:23.000Z

@euidzero Yes, this was the implemented fix here https://github.com/romanz/trezor-agent/pull/394/files