app-crypt/onlykey-agent-1.1.13 does not work with openssh-8.9_p1-r2 server (and client)
Opened this issue · 5 comments
I've added my comment to upstream here:
romanz#387 (comment)
But decided to create this issue so we can keep track of it, the failure is:
File "/usr/lib/python3.9/site-packages/libagent/ssh/protocol.py", line 148, in sign_message
signature = self.conn.sign(blob=blob, identity=key['identity'])
File "/usr/lib/python3.9/site-packages/libagent/ssh/init.py", line 246, in sign
return conn.sign_ssh_challenge(blob=blob, identity=identity)
File "/usr/lib/python3.9/site-packages/libagent/ssh/client.py", line 35, in sign_ssh_challenge
msg = parse_ssh_blob(blob)
File "/usr/lib/python3.9/site-packages/libagent/ssh/client.py", line 84, in parse_ssh_blob
assert not i.read()
AssertionError
sign_and_send_pubkey: signing failed for ED25519 "/tmp/trezor-ssh-pubkey-xvuheqx8" from agent: communication with agent failed
Same there with OpenSSH_9.0p1 (Debian testing/sid)
There is a fix upstream, it worked for me. See the linked thread in the description for more details.
Thanks! onlykey-agent 1.1.14 has been released with this fix.
Working with a warning here :
onlykey-agent user@server -c
2022-05-31 10:36:16,000 WARNING unparsed blob: b'\x00\ ..... REDACTED [client.py:86]'
versions :
onlykey-agent=1.1.14 lib-agent=1.0.5
openssh client : OpenSSH_9.0p1 Debian-1, OpenSSL 1.1.1o 3 May 2022
openssh server 1:8.9p1-3 (ubuntu 22.04)
@euidzero Yes, this was the implemented fix here https://github.com/romanz/trezor-agent/pull/394/files