Skip to content

/x/crypto/ssh : Handshake fails after update of x/crypto/ssh. #21793

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
akshaybahetii opened this issue Sep 7, 2017 · 9 comments
Closed

/x/crypto/ssh : Handshake fails after update of x/crypto/ssh. #21793

akshaybahetii opened this issue Sep 7, 2017 · 9 comments
Labels
FrozenDueToAge

Comments

@akshaybahetii
Copy link

Please answer these questions before submitting your issue. Thanks!

What version of Go are you using (go version)?

go version go1.8.3 darwin/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

GOARCH="amd64"
GOBIN="/Users/akshay/work/bin"
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOOS="darwin"
GOPATH="/Users/akshay/work"
GORACE=""
GOROOT="/usr/local/go"
GOTOOLDIR="/usr/local/go/pkg/tool/darwin_amd64"
GCCGO="gccgo"
CC="clang"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/w7/0b85306d06bfkd6sjzrz8v_80000gq/T/go-build354995448=/tmp/go-build -gno-record-gcc-switches -fno-common"
CXX="clang++"
CGO_ENABLED="1"
PKG_CONFIG="pkg-config"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"

What did you do?

I have a client that does ssh login to a openssh server. Before I updated my x/crypto/ssh the login works fine and the debug logs showed the ssh library using ssh.globalRequestMsg to authenticate. After update the library uses multiple calls of ssh.userAuthRequestMsg. And the login with the same private key fails.

Do I need to update the OpenSSH server as well ?
Any pointer on how I can debug this better ?

If possible, provide a recipe for reproducing the error.
A complete runnable program is good.
A link on play.golang.org is best.

What did you expect to see?

I expected to see a login since I can login with the same key to the same server using an older x/crypto/ssh.

What did you see instead?

I see a unable to authenticate, attempted methods [none publickey], no supported methods remain
@agl
Copy link
Contributor

agl commented Sep 9, 2017

/cc @hanwen

@hanwen
Copy link
Contributor

hanwen commented Sep 11, 2017

please provide a debug dump (set debugHandshake = true)

@akshaybahetii
Copy link
Author

akshaybahetii commented Sep 11, 2017
edited
Loading 

2017/09/06 17:23:25 write client 20
2017/09/06 17:23:25 read client 20
2017/09/06 17:23:25 client got *ssh.kexInitMsg &{[29 148 211 220 160 25 30 226 84 247 205 178 237 213 140 142] [[email protected] ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group14-sha256 diffie-hellman-group14-sha1] [ssh-rsa rsa-sha2-512 rsa-sha2-256] [[email protected] aes128-ctr aes192-ctr aes256-ctr [email protected] [email protected]] [[email protected] aes128-ctr aes192-ctr aes256-ctr [email protected] [email protected]] [[email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] hmac-sha2-256 hmac-sha2-512 hmac-sha1] [[email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] hmac-sha2-256 hmac-sha2-512 hmac-sha1] [none [email protected]] [none [email protected]] [] [] false 0} (<nil>)
2017/09/06 17:23:25 client entered key exchange
2017/09/06 17:23:25 write client 30
2017/09/06 17:23:25 read client 31
2017/09/06 17:23:25 write client 21
2017/09/06 17:23:25 read client 21
2017/09/06 17:23:25 client exited key exchange (first true), err <nil>
2017/09/06 17:23:25 client sent *ssh.serviceRequestMsg &{ssh-userauth} (<nil>)
2017/09/06 17:23:25 write client 5
2017/09/06 17:23:25 read client 6
2017/09/06 17:23:25 client got *ssh.serviceAcceptMsg &{ssh-userauth} (<nil>)
2017/09/06 17:23:25 client sent *ssh.userAuthRequestMsg &{root ssh-connection none []} (<nil>)
2017/09/06 17:23:25 write client 50
2017/09/06 17:23:25 read client 51
e2017/09/06 17:23:25 client sent *ssh.userAuthRequestMsg &{root ssh-connection publickey [0 0 0 0 7 115 115 104 45 114 115 97 0 0 1 23 0 0 0 7 115 115 104 45 114 115 97 0 0 0 3 1 0 1 0 0 1 1 0 169 188 123 186 86 54 223 100 241 100 18 198 93 238 177 67 40 192 113 124 87 127 168 81 85 49 107 198 89 22 192 176 250 196 58 87 76 234 14 165 124 194 34 12 68 162 141 82 28 105 122 14 225 ... 148 78 97]} (<nil>)
2017/09/06 17:23:25 write client 50
2017/09/06 17:23:25 read client 60
2017/09/06 17:23:25 client got *ssh.userAuthPubKeyOkMsg &{ssh-rsa [0 0 0 7 115 115 104 45 114 ... 220 232 0 60 148 78 97]} (<nil>)
2017/09/06 17:23:25 client sent *ssh.userAuthRequestMsg &{root ssh-connection publickey [1 0 0 0 7 115 115 104 45 114 115 97 0 0 1 23 0 0 0 7 115 115 104 45 114 115 97 0 0 0 3 1 0 1 0 0 1 1 0 169 ... 186 121 200]} (<nil>)
2017/09/06 17:23:25 write client 50
2017/09/06 17:23:25 read client 51
2017/09/06 17:23:25 client got *ssh.userAuthFailureMsg &{[publickey] false} (<nil>)
ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
Error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain```

@akshaybahetii
Copy link
Author

The debug dump with the old x/crypto/ssh version ('crypto/' from commit '5c68cfdf2a545b5ff576c075b459d1fc0c606f82'). This are logs for a passing run. Here we see the client uses globalRequestMsg instead of userAuthRequestMsg.

2017/09/06 16:51:06 client entered key exchange
2017/09/06 16:51:06 client exited key exchange, err <nil>
2017/09/06 16:51:06 client got *ssh.serviceAcceptMsg &{ssh-userauth} (<nil>)
2017/09/06 16:51:06 client got *ssh.userAuthFailureMsg &{[publickey] false} (<nil>)
2017/09/06 16:51:06 client got <nil> <nil> (ssh: unexpected message type 52 (expected 0))
2017/09/06 16:51:06 client got *ssh.globalRequestMsg &{[email protected] false [0 0 1 23 0 0 0 7 115 115 104 45 114 115 97 0 0 0 3 1 0 1 0 0 1 1 0 154 12 123 62 115 233 1 141 202 232 110 ... 67 252 47]} (<nil>)

@hanwen
Copy link
Contributor

hanwen commented Sep 11, 2017

can you try to bisect the failure, so we know which commit is causing your problem?

@akshaybahetii
Copy link
Author

The working version is on a commit golang/crypto@5c68cfd from April,2015. There are many commits between then and now. I will try to reproduce the same problem in a sandbox so I can share the code and debug better.

@hanwen
Copy link
Contributor

hanwen commented Sep 12, 2017

there is a 134 commits. With git-bisect, you would be able to track this down in ~8 test runs.

@hanwen
Copy link
Contributor

hanwen commented Oct 2, 2017

ping?

@akshaybahetii
Copy link
Author

I have come to the understanding that this might be an issue with my ssh server. Sorry for bothering the community. Thank you for your input. Once I have fixed the issue. I will update the ticket with my findings for the community.

@golang golang locked and limited conversation to collaborators Oct 2, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@agl @hanwen @akshaybahetii @gopherbot