Closed colemickens closed 1 year ago
SchoofsKelvin
commented
2 years ago According to your logs, the extension did attempt to authenticate with the agent's key, but got rejected by the server. Can you access your OpenSSH logs on the server and see if it mentions anything about the failed key authentication?
colemickens
commented
2 years ago Dec 13 21:47:48 xeep sshd[4040551]: Accepted publickey for cole from 100.112.137.125 port 38144 ssh2: RSA SHA256:DRLTqHaHUaiBl7Gql+m7H+FW8+/oyxYeLgQYJyJ43mg
Dec 13 21:47:48 xeep sshd[4040551]: pam_unix(sshd:session): session opened for user cole(uid=1000) by (uid=0)
Dec 13 21:48:00 xeep sshd[4040810]: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
Dec 13 21:48:00 xeep sshd[4040810]: error: PAM: Authentication failure for cole from 100.112.137.125
Dec 13 21:48:00 xeep sshd[4040810]: Received disconnect from 100.112.137.125 port 38146:11: [preauth]
Dec 13 21:48:00 xeep sshd[4040810]: Disconnected from authenticating user cole 100.112.137.125 port 38146 [preauth]ssh-rsa is deprecated in recent openssh.
colemickens
commented
2 years ago It seems like this is https://github.com/mscdex/ssh2/issues/989. :/
SchoofsKelvin
commented
2 years ago We'll have to wait until ssh2 finds a solution. In the meantime, it seems like you should be able to convert your key to another format? unless it's your agent passing an auto-converted key
colemickens
commented
2 years ago Well, it's a Yubikey, so I don't think I can really convert - plus there's nothing really wrong with my key - it works against newer openssh servers just fine, when the ssh client does the right thing.
AFAICT, the workaround is loosening what the server accepts to allow the deprecated 'ssh-rsa' that ssh2 is selecting instead of ssh-rsa-sha512 or whatever it is that's the better option that should be selected.
SchoofsKelvin
commented
2 years ago I might take a look into adding a flag to forcefully set the type to ssh-rsa-sha512 (or any user-defined value) if possible, although that'll require me to poke around and overwrite or interact with ssh2 internal code, so unlikely.
The extension currently still uses ssh2@0.8.9 (with a custom patch) due to major breaking changing when upgrading to 1.0.0, which I also have to solve (quite soon) to enjoy later updates/patches, as the 0.x.y branch is basically deprecated/abandoned.
francoism90
commented
2 years ago @SchoofsKelvin I'm having the issue, how can I solve this?
SchoofsKelvin
commented
2 years ago @francoism90 The fastest/easiest way is probably modifying your server configuration to allow these kind of keys (see above and mscdex/ssh2#989).
Otherwise it's waiting for me to upgrade the extension to ssh2@>=1.0.0 and either me or mscdex fixing the issue in the ssh2 codebase.
dominik-lekse
commented
2 years ago I ran into this issue when evaluating the extension and attempting to connect to a remote ssh host. The remote ssh server used the default sshd_config which ships with the Alpine distribution.
The extension failed to connect using an rsa-4096 private key with error messages like posted earlier in this issue.
The extension successfully connected using an ed25519 private key.
Both public key types were authorized on the remote ssh host. The ssh client is able to connect with both private key type.
@SchoofsKelvin For new adopters like me who attempt to connect using a rsa-4096 private key, the cause of a failed connection is not easy to track given the error message. I suggest to document this e.g. in a known issues section in the README until the extension get the upgrade to ssh2@>=1.0.0.
SchoofsKelvin
commented
2 years ago I've actually upgraded the extension so it now uses ssh2@1.6.0, the latest release of ssh2. Since it's a big change, it's still on the master branch and will take some testing before I'll actually release it. Feel free to try out the latest build, but since mscdex/ssh2#989 is still an open issue, it probably won't solve this issue. At least the upgrade will allow me to pull in the fix as soon as is possible, as well as giving me (and whoever wants to) the opportunity to fix it pre-upstream, although not an easy thing nor something I'm planning on doing soon.
SchoofsKelvin
commented
1 year ago As I've mentioned in the linked issue #375, OpenSSH 8.8+ deprecated ssh-rsa (more specifically using sha-1, which is currently the only one supported by the ssh2 dependency) which l now know more about.
The "best" solution would be waiting for mscdex/ssh2#989 to be solved (e.g. if the author accepts mscdex/ssh2#1200 or a variant), but it doesn't seem like that might happen soon. Worst case, I can stop using the (full) official release of ssh2 and use a (Yarn-)patched version with that pull request included.
Alternatively, after looking around a bit in the source code, I could pre-parse keys and pre-instantiate agents I pass to ssh2 instead of raw keys / agent options that it uses to instantiate them internally, and use that mechanic to add some overrides regarding this issue. Since this would be a bit outside the public API of ssh2, not ideal and still quite a bit of work.
Realistically, I might just go with the patch method right now. I've upgraded my test server to have OpenSSH 8.8+ and am able to reproduce the issue, so I can also immediately verify if the patch works.
SchoofsKelvin
commented
1 year ago I've pushed a fix that should fix this. You can download the .vsix from here (build 120 or later) and test it yourself. Just installing that version of the extension (and reloading VS Code) should enable the fix.
SchoofsKelvin
commented
1 year ago I've published a new version of the extension (v1.26.1) which includes this fix, so it's not necessary anymore to manually install the custom build to test it. If you still encounter this issue, comment on (and reopen) this issue.
warednsour
commented
1 year ago I am facing the same issue But it was working fine on older versions, nothing has changed regarding to the configurations, the pc restarted for a windows update, i can't understand where is the issue, but now it's not working .
I have installed (downgraded ) to the version v1.26.0, and now it's working fine.
The v1.26.1 is causing this.
@theam14
here is how to download another version 👍 :
I have removed all senstive data from the log:
Flag "OPENSSH-SHA1" enabled due to 'missing', including convertSha1 for publickey authentication
[DEBUG] Read private key from
asavochkin
commented
1 year ago Same for me. After upgrading to 1.26.1 i had "All configured authentication methods failed" error for all ssh configs. Downgrading to 1.26.0 fixed the issue.
aespinoza96
commented
1 year ago Same for me and downgrading to 1.26.0 works fine.
ELDiablO59152
commented
1 year ago Same too, downgrading to 1.26.0 have fixed my issue
vgorloff
commented
11 months ago Having the same issue when using newly created AWS EC2 Instance launched with RSA key-pair.
Solved issue by creating new ED25519 key-pair, and attaching the new key-pair to existing EC2 Instance.
Here is a guide: "Add or remove a public key on your instance": https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/replacing-key-pair.html
In short:
ssh-keygen -y -f /path_to_key_pair/my-key-pair.pem | pbcopy~/.ssh/authorized_keys on EC2 instance.ssh -i /path_to_key_pair/my-key-pair.pem ec2-user@xyz.compute.amazonaws.com
Hi.
I can't connect to a remote host with this extension, even though I can from the terminal.
Let's first sanity check in the terminal (in VSCode even):
My sshfs config:
results in: