Closed colemickens closed 1 year ago
According to your logs, the extension did attempt to authenticate with the agent's key, but got rejected by the server. Can you access your OpenSSH logs on the server and see if it mentions anything about the failed key authentication?
Dec 13 21:47:48 xeep sshd[4040551]: Accepted publickey for cole from 100.112.137.125 port 38144 ssh2: RSA SHA256:DRLTqHaHUaiBl7Gql+m7H+FW8+/oyxYeLgQYJyJ43mg
Dec 13 21:47:48 xeep sshd[4040551]: pam_unix(sshd:session): session opened for user cole(uid=1000) by (uid=0)
Dec 13 21:48:00 xeep sshd[4040810]: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
Dec 13 21:48:00 xeep sshd[4040810]: error: PAM: Authentication failure for cole from 100.112.137.125
Dec 13 21:48:00 xeep sshd[4040810]: Received disconnect from 100.112.137.125 port 38146:11: [preauth]
Dec 13 21:48:00 xeep sshd[4040810]: Disconnected from authenticating user cole 100.112.137.125 port 38146 [preauth]
ssh-rsa is deprecated in recent openssh.
It seems like this is https://github.com/mscdex/ssh2/issues/989. :/
We'll have to wait until ssh2
finds a solution. In the meantime, it seems like you should be able to convert your key to another format? unless it's your agent passing an auto-converted key
Well, it's a Yubikey, so I don't think I can really convert - plus there's nothing really wrong with my key - it works against newer openssh servers just fine, when the ssh client does the right thing.
AFAICT, the workaround is loosening what the server accepts to allow the deprecated 'ssh-rsa' that ssh2
is selecting instead of ssh-rsa-sha512 or whatever it is that's the better option that should be selected.
I might take a look into adding a flag to forcefully set the type to ssh-rsa-sha512
(or any user-defined value) if possible, although that'll require me to poke around and overwrite or interact with ssh2
internal code, so unlikely.
The extension currently still uses ssh2@0.8.9
(with a custom patch) due to major breaking changing when upgrading to 1.0.0, which I also have to solve (quite soon) to enjoy later updates/patches, as the 0.x.y
branch is basically deprecated/abandoned.
@SchoofsKelvin I'm having the issue, how can I solve this?
@francoism90 The fastest/easiest way is probably modifying your server configuration to allow these kind of keys (see above and mscdex/ssh2#989).
Otherwise it's waiting for me to upgrade the extension to ssh2@>=1.0.0
and either me or mscdex fixing the issue in the ssh2
codebase.
I ran into this issue when evaluating the extension and attempting to connect to a remote ssh host. The remote ssh server used the default sshd_config which ships with the Alpine distribution.
The extension failed to connect using an rsa-4096
private key with error messages like posted earlier in this issue.
The extension successfully connected using an ed25519
private key.
Both public key types were authorized on the remote ssh host. The ssh
client is able to connect with both private key type.
@SchoofsKelvin For new adopters like me who attempt to connect using a rsa-4096
private key, the cause of a failed connection is not easy to track given the error message. I suggest to document this e.g. in a known issues section in the README until the extension get the upgrade to ssh2@>=1.0.0
.
I've actually upgraded the extension so it now uses ssh2@1.6.0
, the latest release of ssh2
. Since it's a big change, it's still on the master
branch and will take some testing before I'll actually release it. Feel free to try out the latest build, but since mscdex/ssh2#989 is still an open issue, it probably won't solve this issue. At least the upgrade will allow me to pull in the fix as soon as is possible, as well as giving me (and whoever wants to) the opportunity to fix it pre-upstream, although not an easy thing nor something I'm planning on doing soon.
As I've mentioned in the linked issue #375, OpenSSH 8.8+ deprecated ssh-rsa
(more specifically using sha-1
, which is currently the only one supported by the ssh2
dependency) which l now know more about.
The "best" solution would be waiting for mscdex/ssh2#989 to be solved (e.g. if the author accepts mscdex/ssh2#1200 or a variant), but it doesn't seem like that might happen soon. Worst case, I can stop using the (full) official release of ssh2
and use a (Yarn-)patched version with that pull request included.
Alternatively, after looking around a bit in the source code, I could pre-parse keys and pre-instantiate agents I pass to ssh2
instead of raw keys / agent options that it uses to instantiate them internally, and use that mechanic to add some overrides regarding this issue. Since this would be a bit outside the public API of ssh2
, not ideal and still quite a bit of work.
Realistically, I might just go with the patch method right now. I've upgraded my test server to have OpenSSH 8.8+ and am able to reproduce the issue, so I can also immediately verify if the patch works.
I've pushed a fix that should fix this. You can download the .vsix
from here (build 120 or later) and test it yourself. Just installing that version of the extension (and reloading VS Code) should enable the fix.
I've published a new version of the extension (v1.26.1) which includes this fix, so it's not necessary anymore to manually install the custom build to test it. If you still encounter this issue, comment on (and reopen) this issue.
I am facing the same issue But it was working fine on older versions, nothing has changed regarding to the configurations, the pc restarted for a windows update, i can't understand where is the issue, but now it's not working .
I have installed (downgraded ) to the version v1.26.0, and now it's working fine.
The v1.26.1 is causing this. @theam14 here is how to download another version 👍 :
I have removed all senstive data from the log:
Flag "OPENSSH-SHA1" enabled due to 'missing', including convertSha1 for publickey authentication
[DEBUG] Read private key from
Same for me. After upgrading to 1.26.1 i had "All configured authentication methods failed" error for all ssh configs. Downgrading to 1.26.0 fixed the issue.
Same for me and downgrading to 1.26.0 works fine.
Same too, downgrading to 1.26.0 have fixed my issue
Having the same issue when using newly created AWS EC2 Instance launched with RSA key-pair.
Solved issue by creating new ED25519 key-pair, and attaching the new key-pair to existing EC2 Instance.
Here is a guide: "Add or remove a public key on your instance": https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/replacing-key-pair.html
In short:
ssh-keygen -y -f /path_to_key_pair/my-key-pair.pem | pbcopy
~/.ssh/authorized_keys
on EC2 instance.ssh -i /path_to_key_pair/my-key-pair.pem ec2-user@xyz.compute.amazonaws.com
Hi.
I can't connect to a remote host with this extension, even though I can from the terminal.
Let's first sanity check in the terminal (in VSCode even):
My sshfs config:
results in: