Closed MikeSchroll closed 6 years ago
Thanks for reporting this.
Could you please share the debug information of sga-guard
(which runs locally) as well (by running it with --debug
and --log=<LOG-FILE>
similarly to sga-ssh
)?
Thanks @dimakogan. Here's what sga-guard shows between a fresh startup and on the jumphost running sga-ssh final-destination-host --debug -p my-nonstandard-port
sga-guard jumphost --debug
Connecting to jumphost to set up forwarding...
2017/12/23 14:46:33 sshfwd.go:90: Listening on: /var/folders/fx/3clzcw097w3bx7j08b1z_msm0000gn/T/618344141/.guard.22946
Forwarding to jumphost setup successfully. Waiting for incoming requests...
2017/12/23 14:47:20 agent.go:93: New incoming connection
Request by jumphost to run '' on user@final-destination-host:my-nonstandard-port AUTO-APPROVED by policy
2017/12/23 14:47:21 proxy.go:42: Read version: "SSH-2.0-OpenSSH_7.2p2" from server
2017/12/23 14:47:21 proxy.go:50: Read version: "SSH-2.0-Go" from client
2017/12/23 14:47:21 handshake.go:355: kex loop
2017/12/23 14:47:21 handshake.go:360: kex inner loop
2017/12/23 14:47:21 handshake.go:355: kex loop
2017/12/23 14:47:21 handshake.go:370: select exit: <-requestKex
2017/12/23 14:47:21 handshake.go:393: !sent: sending kexInit
2017/12/23 14:47:21 handshake.go:360: kex inner loop
2017/12/23 14:47:21 handshake.go:370: select exit: <-requestKex
2017/12/23 14:47:21 handshake.go:393: !sent: sending kexInit
2017/12/23 14:47:21 handshake.go:360: kex inner loop
2017/12/23 14:47:21 handshake.go:360: kex inner loop
2017/12/23 14:47:21 handshake.go:368: select exit: <-t.startKex
2017/12/23 14:47:21 handshake.go:416: entering keyexchange
2017/12/23 14:47:21 common.go:139: host key algorithms: server: [none], client: [none]
2017/12/23 14:47:21 handshake.go:355: kex loop
2017/12/23 14:47:21 handshake.go:360: kex inner loop
2017/12/23 14:47:21 handshake.go:368: select exit: <-t.startKex
2017/12/23 14:47:21 handshake.go:416: entering keyexchange
2017/12/23 14:47:21 common.go:139: host key algorithms: server: [ssh-rsa rsa-sha2-512 rsa-sha2-256 ecdsa-sha2-nistp256 ssh-ed25519], client: []
2017/12/23 14:47:21 handshake.go:365: select exit: <-t.startKex NOT OK
2017/12/23 14:47:21 sshfwd.go:167: Finished copying from client to real agent.
I suspect there might be some error parsing the known_hosts file on your local machine.
I've created a small fix to check my guess. May I ask you to run the patched version either by building from HEAD or by using the prebuilt executables below. Most chances that you only need to update the local sga-guard
.
No change in behavior or output from the new binary -- but I did rename my known_hosts file; and you were correct -- everything works now!
I share my .ssh config across machines via dropbox, and it appears one of them is doing hostname hashing, and one is not; and there were some blank lines in the file; so I'll figure out what is corrupting my file, and get my configs sync'd there.
Thanks for your help!
I'm glad it helped. If you happen to narrow down the problem with your known_hosts file to a particular line, it could be great if you could share the offending line (so I could make our code more robust).
Closing for now. I'll re-open if there's more info.
I have sga-guard setup and running:
I can mosh to jumphost just fine.
Once on jumphost, I can ssh to servers just fine.
If I try to sga-ssh to a server, I get this:
Debug output shows:
And debug server-side on final-destination-host shows:
I tried removing my entry from .ssh/known_hosts on jumphost. No change. I should note that my SSH key is ed25519 I just changed to an RSA key. No change.