OpenSSH 8.9 broke agent mode

[Hackerpcs]

I'm on Cygwin with OpenSSH 8.9 that introduced changes to ssh agent functions

https://cygwin.com/pipermail/cygwin/2022-February/250937.html https://www.openssh.com/agent-restrict.html

and seems to have broken Keeagent's Agent mode. Even though I can see my keys from Keeagent with ssh-add -l

4096 SHA256:foo bar (RSA)

when trying to connect, I get agent refused operation

ssh host -vvv
OpenSSH_8.9p1, OpenSSL 1.1.1m  14 Dec 2021
debug1: Reading configuration data /cygdrive/c/Users/user/.ssh/config
debug1: /cygdrive/c/Users/user/.ssh/config line 5: Applying options for host
debug1: /cygdrive/c/Users/user/.ssh/config line 50: Applying options for *
debug3: kex names ok: [curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256]
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 5: Applying options for *
debug3: kex names ok: [curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256]
debug2: resolve_canonicalize: hostname 1.2.3.4 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/cygdrive/c/Users/user/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/cygdrive/c/Users/user/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 1.2.3.4 [1.2.3.4] port 22.
debug3: set_sock_tos: set socket 4 IP_TOS 0x48
debug1: Connection established.
debug1: identity file /cygdrive/c/Users/user/.ssh/id_rsa type -1
debug1: identity file /cygdrive/c/Users/user/.ssh/id_rsa-cert type -1
debug1: identity file /cygdrive/c/Users/user/.ssh/id_ecdsa type -1
debug1: identity file /cygdrive/c/Users/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /cygdrive/c/Users/user/.ssh/id_ecdsa_sk type -1
debug1: identity file /cygdrive/c/Users/user/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /cygdrive/c/Users/user/.ssh/id_ed25519 type -1
debug1: identity file /cygdrive/c/Users/user/.ssh/id_ed25519-cert type -1
debug1: identity file /cygdrive/c/Users/user/.ssh/id_ed25519_sk type -1
debug1: identity file /cygdrive/c/Users/user/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /cygdrive/c/Users/user/.ssh/id_xmss type -1
debug1: identity file /cygdrive/c/Users/user/.ssh/id_xmss-cert type -1
debug1: identity file /cygdrive/c/Users/user/.ssh/id_dsa type -1
debug1: identity file /cygdrive/c/Users/user/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.8
debug1: compat_banner: match: OpenSSH_8.8 pat OpenSSH* compat 0x04000000
debug2: fd 4 setting O_NONBLOCK
debug1: Authenticating to 1.2.3.4:22 as 'user'
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,ext-info-c
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
debug2: MACs ctos: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com,hmac-sha1
debug2: MACs stoc: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
debug2: MACs ctos: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
debug2: MACs stoc: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:foo
debug3: put_host_port: [1.2.3.4]:22
debug3: put_host_port: [1.2.3.4]:22
debug3: record_hostkey: found key type ED25519 in file /cygdrive/c/Users/user/.ssh/known_hosts:2
debug3: load_hostkeys_file: loaded 1 keys from [1.2.3.4]:22
debug1: load_hostkeys: fopen /cygdrive/c/Users/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh_known_hosts2: No such file or directory
debug1: Host '[1.2.3.4]:22' is known and matches the ED25519 host key.
debug1: Found key in /cygdrive/c/Users/user/.ssh/known_hosts:2
debug3: send packet: type 21
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug2: get_agent_identities: ssh_agent_bind_hostkey: agent refused operation
debug1: get_agent_identities: ssh_fetch_identitylist: agent refused operation
debug1: Will attempt key: /cygdrive/c/Users/user/.ssh/id_rsa
debug1: Will attempt key: /cygdrive/c/Users/user/.ssh/id_ecdsa
debug1: Will attempt key: /cygdrive/c/Users/user/.ssh/id_ecdsa_sk
debug1: Will attempt key: /cygdrive/c/Users/user/.ssh/id_ed25519
debug1: Will attempt key: /cygdrive/c/Users/user/.ssh/id_ed25519_sk
debug1: Will attempt key: /cygdrive/c/Users/user/.ssh/id_xmss
debug1: Will attempt key: /cygdrive/c/Users/user/.ssh/id_dsa
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /cygdrive/c/Users/user/.ssh/id_rsa
debug3: no such identity: /cygdrive/c/Users/user/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /cygdrive/c/Users/user/.ssh/id_ecdsa
debug3: no such identity: /cygdrive/c/Users/user/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /cygdrive/c/Users/user/.ssh/id_ecdsa_sk
debug3: no such identity: /cygdrive/c/Users/user/.ssh/id_ecdsa_sk: No such file or directory
debug1: Trying private key: /cygdrive/c/Users/user/.ssh/id_ed25519
debug3: no such identity: /cygdrive/c/Users/user/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /cygdrive/c/Users/user/.ssh/id_ed25519_sk
debug3: no such identity: /cygdrive/c/Users/user/.ssh/id_ed25519_sk: No such file or directory
debug1: Trying private key: /cygdrive/c/Users/user/.ssh/id_xmss
debug3: no such identity: /cygdrive/c/Users/user/.ssh/id_xmss: No such file or directory
debug1: Trying private key: /cygdrive/c/Users/user/.ssh/id_dsa
debug3: no such identity: /cygdrive/c/Users/user/.ssh/id_dsa: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
user@1.2.3.4: Permission denied (publickey).

[ghost]

The new protocol is described here. It looks like the recent SshAgentLib submodule updates have addressed this problem. Although there's no ability to restrict keys based on host (yet), build from master allows my Linux OpenSSH_8.9p1 client to connect to the KeeAgent socket running on Mono. Note that this is related to 296.

[mrMoe]

I seem to have the same problem on Arch linux. Any change anybody would release a new version soon?

[Hackerpcs]

I was able to get around it on Windows/Cygwin by running KeeAgent on Client mode for Pageant https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html and ssh-pageant package from cygwin https://github.com/cuviper/ssh-pageant

Authentication works on both Putty client and openssh 8.9's client from Cygwin

[flameshikari]

Same here. I use MSYS2. Downgrading OpenSSH to 8.8p1 helped me.

[GregThib]

I have that issue too. My personal workaround for now is to not upgrade to OpenSSH 8.9, but I'll have to do something soon. Due to my required statements on security, it is not possible to me to use KeeAgent as a client to some other agent.

Simple question: is anyone managing this project now ? It seems not maintained.

[vbrozik]

@GregThib the project is maintained by its author @dlech He was certainly active here in February,

I think you cannot expect him to be constantly active here as this is a project in his free time. It looks like he updates the code several times in a year. Releases are less frequent.

Also you can probably resolve the problem by recompiling the plugin from master as it was mentioned earlier in this issue.

[GregThib]

I think you cannot expect him to be constantly active here as this is a project in his free time.

Yea, my apologies for wording my question badly ; I'm misunderstood: I do not expect nor require nothing from anyone, but, as you said, releases are rare, so I was confused about that. I didn't realize that there is new fresh commits.

recompiling the plugin

I do not know how to do that, but I discovered there is a Github action to automate this on this project. So I downloaded the latest "pre-release" version and it works perfect!

Thanks for your help.

[Hackerpcs]

I do not know how to do that, but I discovered there is a Github action to automate this on this project. So I downloaded the latest "pre-release" version and it works perfect!

Thanks, this worked for me too. Pageant workaround worked but no need for it now that it works natively. I don't think I should close the issue, maybe it should be closed when a stable release is out

[flameshikari]

I do not know how to do that, but I discovered there is a Github action to automate this on this project. So I downloaded the latest "pre-release" version and it works perfect!

Thanks for info, worked for me.

[jnko]

Running KeePass/KeeAgent under Linux with mono shows an error complaining that the .NET version is too old - which is not true.

The plugin cannot be loaded
A newer .NET framework  is required

KeePass and also KeeAgent plugin checks the .NET version by reading it from registry, which does not exists in Mono. A workaround is to manally create the registry entry in Mono.

As root create the path mkdir -p "/etc/mono/registry/LocalMachine/software/microsoft/net framework setup/ndp/v4/full/"

Inside this path create a file named "values.xml" echo -e "<values>\n<value name="Install" type="string">1</value>\n<value name="Version" type="string">4.8.04084</value>\n</values>\n" > "/etc/mono/registry/LocalMachine/software/microsoft/net framework setup/ndp/v4/full/values.xml"

Content of values.xml

<values>
<value name="Install" type="string">1</value>
<value name="Version" type="string">4.8.04084</value>
</values>

Now the pre-release KeeAgent plugin montioned above will run with OpenSSH 9.x

[JAE-UH]

The "pre-release" artifact will probably become unavailable in less than two days, when it will be 90 days since the action ran. It's probably not very wise to trust any random reuploads so this is a conundrum.

[vbrozik]

@JAE-UH I am adding at least hashes of the artifact zip. You can check them now and later they can be used to check a re-upload.

~/tmp$ md5sum -b KeeAgent.plgx.zip
e8ce5ca32cf8b491839a11f96654a67a *KeeAgent.plgx.zip
~/tmp$ sha1sum -b KeeAgent.plgx.zip
ded1fbe4c0317165f5459aeb0ff698d6c03370cb *KeeAgent.plgx.zip
~/tmp$ sha256sum -b KeeAgent.plgx.zip
78888baa56048d2986d7f8379d41c176a0f49e6f7f30b7be28775a4d7da3303c *KeeAgent.plgx.zip

[flameshikari]

The "pre-release" artifact will probably become unavailable in less than two days, when it will be 90 days since the action ran. It's probably not very wise to trust any random reuploads so this is a conundrum.

Anyway, a workflow can be triggered for building KeeAgent.plgx in a fork.

[dlech]

FYI, there is a new CI build at https://github.com/dlech/KeeAgent/suites/6415298584/artifacts/234029997. (Hopefully getting close to beta quality for a proper release.).

[jnko]

FYI, there is a new CI build at https://github.com/dlech/KeeAgent/suites/6415298584/artifacts/234029997. (Hopefully getting close to beta quality for a proper release.).

Thanks, but at least running KeePass/KeeAgent with mono unde Linux I get for everty key to be loaded... (and I've man keys!)

[Hackerpcs]

Same natively on Windows, RSA 4096 keys without passphrase

[dlech]

Thanks, but at least running KeePass/KeeAgent with mono unde Linux I get for everty key to be loaded... (and I've man keys!)

Thanks for reporting. I haven't tried running this on Linux yet and many changes have been made, so there are going to be some issues to work through.

[dlech]

Same natively on Windows, RSA 4096 keys without passphrase

I'm considering dropping support for the older OpenSSH PEM private key format. These files don't include unencrypted public key information like the newer OpenSSH file format, so we would either have to require a separate public key file for these keys or decrypt the private key just to see the public information.

You can open the key in a text editor to see what the format is (the first line of the file).

Assuming that the problem is that this key is the older format, you can work around the issue by using ssh-keygen to convert the private key file to the new OpenSSH file format.

[dlech]

@jnko @Hackerpcs FYI, I just pushed some more changes that should fix the error that you were getting: https://github.com/dlech/KeeAgent/suites/6421651080/artifacts/234533230

[Hackerpcs]

Actually the keys were before the new format (I think around it came out in 2016) but I already went ahead and converted them to the new format and it worked even on the previous 41a0a82 commit so I can't really test the new one, maybe @jnko can

[jnko]

@jnko @Hackerpcs FYI, I just pushed some more changes that should fix the error that you were getting: https://github.com/dlech/KeeAgent/suites/6421651080/artifacts/234533230

Thanks, the "Error while loading key" is gone. However there is another problem using KeeAgent on mono.

As root create the path mkdir -p "/etc/mono/registry/LocalMachine/software/microsoft/net framework setup/ndp/v4/full/"

Inside this path create a file named "values.xml" echo -e "<values>\n<value name="Install" type="string">1</value>\n<value name="Version" type="string">4.8.04084</value>\n</values>\n" > "/etc/mono/registry/LocalMachine/software/microsoft/net framework setup/ndp/v4/full/values.xml"

Content of values.xml

<values>
<value name="Install" type="string">1</value>
<value name="Version" type="string">4.8.04084</value>
</values>

When I do the registry patch KeeAgent is running, but editing any entry isn't possible. Trying to do so will KeePass force save and close.

(mono:1934194): Gtk-WARNING **: 06:43:52.909: Unable to locate theme engine in module_path: "adwaita",
XGetWindowProperty[_NET_ACTIVE_WINDOW] failed (code=1)
xdo_get_active_window reported an error
libpng warning: iCCP: known incorrect sRGB profile
System.DllNotFoundException: Comctl32.dll assembly:<unknown assembly> type:<unknown type> member:(null)
  at (wrapper managed-to-native) KeeAgent.UI.SystemIcon.LoadIconWithScaleDown(intptr,intptr,int,int,intptr&)
  at KeeAgent.UI.SystemIcon.UpdateImage () [0x0002d] in <33d98268998042e59224cd8c761bd039>:0 
  at KeeAgent.UI.SystemIcon..ctor () [0x00035] in <33d98268998042e59224cd8c761bd039>:0 
  at (wrapper remoting-invoke-with-check) KeeAgent.UI.SystemIcon..ctor()
  at KeeAgent.UI.EntryPanel.InitializeComponent () [0x000e7] in <33d98268998042e59224cd8c761bd039>:0 
  at KeeAgent.UI.EntryPanel..ctor (KeeAgent.KeeAgentExt ext) [0x0000d] in <33d98268998042e59224cd8c761bd039>:0 
  at (wrapper remoting-invoke-with-check) KeeAgent.UI.EntryPanel..ctor(KeeAgent.KeeAgentExt)
  at KeeAgent.KeeAgentExt.WindowAddedHandler (System.Object sender, KeePass.UI.GwmWindowEventArgs e) [0x00036] in <33d98268998042e59224cd8c761bd039>:0 
  at (wrapper delegate-invoke) System.EventHandler`1[KeePass.UI.GwmWindowEventArgs].invoke_void_object_TEventArgs(object,KeePass.UI.GwmWindowEventArgs)
  at KeePass.UI.GlobalWindowManager.AddWindow (System.Windows.Forms.Form form, KeePass.UI.IGwmWindow wnd) [0x00079] in <81bcb9a094ab4b40b4a753d6bf1fba1e>:0 
  at KeePass.UI.GlobalWindowManager.AddWindow (System.Windows.Forms.Form form) [0x00000] in <81bcb9a094ab4b40b4a753d6bf1fba1e>:0 
  at KeePass.Forms.PwEntryForm.OnFormLoad (System.Object sender, System.EventArgs e) [0x0005b] in <81bcb9a094ab4b40b4a753d6bf1fba1e>:0 
  at System.Windows.Forms.Form.OnLoad (System.EventArgs e) [0x0001f] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at System.Windows.Forms.Form.OnLoadInternal (System.EventArgs e) [0x00023] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 

At this point KeePass force save and sync. The main window will close.

System.NullReferenceException: Object reference not set to an instance of an object
  at KeePass.Forms.PwEntryForm.HandleFormClosing (System.Windows.Forms.FormClosingEventArgs e) [0x00019] in <81bcb9a094ab4b40b4a753d6bf1fba1e>:0 
  at KeePass.Forms.PwEntryForm.OnFormClosing (System.Object sender, System.Windows.Forms.FormClosingEventArgs e) [0x00010] in <81bcb9a094ab4b40b4a753d6bf1fba1e>:0 
  at System.Windows.Forms.Form.OnFormClosing (System.Windows.Forms.FormClosingEventArgs e) [0x00019] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at System.Windows.Forms.Form.FireClosingEvents (System.Windows.Forms.CloseReason reason, System.Boolean cancel) [0x0001b] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at (wrapper remoting-invoke-with-check) System.Windows.Forms.Form.FireClosingEvents(System.Windows.Forms.CloseReason,bool)
  at System.Windows.Forms.Application.Exit (System.ComponentModel.CancelEventArgs e) [0x0002e] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at System.Windows.Forms.Application.Exit () [0x00005] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at System.Windows.Forms.Application.OnThreadException (System.Exception t) [0x0005e] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at System.Windows.Forms.Form.OnLoadInternal (System.EventArgs e) [0x0002a] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at System.Windows.Forms.Form.OnCreateControl () [0x00024] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at System.Windows.Forms.Control.CreateControl () [0x00082] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at System.Windows.Forms.Control.WmShowWindow (System.Windows.Forms.Message& m) [0x00036] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at System.Windows.Forms.Control.WndProc (System.Windows.Forms.Message& m) [0x00214] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at System.Windows.Forms.ScrollableControl.WndProc (System.Windows.Forms.Message& m) [0x00000] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at System.Windows.Forms.ContainerControl.WndProc (System.Windows.Forms.Message& m) [0x00027] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at System.Windows.Forms.Form.WndProc (System.Windows.Forms.Message& m) [0x00166] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at System.Windows.Forms.Control+ControlWindowTarget.OnMessage (System.Windows.Forms.Message& m) [0x00000] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at System.Windows.Forms.Control+ControlNativeWindow.WndProc (System.Windows.Forms.Message& m) [0x0000b] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at System.Windows.Forms.NativeWindow.WndProc (System.IntPtr hWnd, System.Windows.Forms.Msg msg, System.IntPtr wParam, System.IntPtr lParam) [0x00085] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
System.ObjectDisposedException: Cannot access a disposed object.
Object name: 'KeePass.Forms.PwEntryForm'.
  at System.Windows.Forms.Control.CreateHandle () [0x00013] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at System.Windows.Forms.Form.CreateHandle () [0x00000] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at System.Windows.Forms.Control.get_Handle () [0x00022] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at (wrapper remoting-invoke-with-check) System.Windows.Forms.Control.get_Handle()
  at System.Windows.Forms.Application.RunLoop (System.Boolean Modal, System.Windows.Forms.ApplicationContext context) [0x00090] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at System.Windows.Forms.Form.ShowDialog (System.Windows.Forms.IWin32Window owner) [0x001b7] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at System.Windows.Forms.Form.ShowDialog () [0x00000] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at (wrapper remoting-invoke-with-check) System.Windows.Forms.Form.ShowDialog()
  at KeePass.Forms.MainForm.EditSelectedEntry (KeePass.Forms.PwEntryFormTab eftInit) [0x00078] in <81bcb9a094ab4b40b4a753d6bf1fba1e>:0 
  at KeePass.Forms.MainForm.OnEntryEdit (System.Object sender, System.EventArgs e) [0x00000] in <81bcb9a094ab4b40b4a753d6bf1fba1e>:0 
  at KeePass.Forms.MainForm.PerformDefaultAction (System.Object sender, System.EventArgs e, KeePassLib.PwEntry pe, System.Int32 colID) [0x000f8] in <81bcb9a094ab4b40b4a753d6bf1fba1e>:0 
  at KeePass.Forms.MainForm.OnPwListMouseDoubleClick (System.Object sender, System.Windows.Forms.MouseEventArgs e) [0x00063] in <81bcb9a094ab4b40b4a753d6bf1fba1e>:0 
  at System.Windows.Forms.Control.OnMouseDoubleClick (System.Windows.Forms.MouseEventArgs e) [0x00019] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at System.Windows.Forms.ListView+ItemControl.HandleClicks (System.Windows.Forms.MouseEventArgs me) [0x00019] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at System.Windows.Forms.ListView+ItemControl.ItemsMouseUp (System.Object sender, System.Windows.Forms.MouseEventArgs me) [0x0000d] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at System.Windows.Forms.Control.OnMouseUp (System.Windows.Forms.MouseEventArgs e) [0x00019] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at System.Windows.Forms.Control.WmLButtonUp (System.Windows.Forms.Message& m) [0x00078] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at System.Windows.Forms.Control.WndProc (System.Windows.Forms.Message& m) [0x001b4] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at System.Windows.Forms.ListView+ItemControl.WndProc (System.Windows.Forms.Message& m) [0x00071] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at System.Windows.Forms.Control+ControlWindowTarget.OnMessage (System.Windows.Forms.Message& m) [0x00000] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at System.Windows.Forms.Control+ControlNativeWindow.WndProc (System.Windows.Forms.Message& m) [0x0000b] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 
  at System.Windows.Forms.NativeWindow.WndProc (System.IntPtr hWnd, System.Windows.Forms.Msg msg, System.IntPtr wParam, System.IntPtr lParam) [0x00085] in <c6f7ca72402d44ffad61bbfb1e840a0f>:0 

[dlech]

System.DllNotFoundException: Comctl32.dll assembly:<unknown assembly> type:<unknown type> member:(null)

@jnko, this should be fixed now: https://github.com/dlech/KeeAgent/suites/6440404711/artifacts/235755018

[Hackerpcs]

@jnko, this should be fixed now: https://github.com/dlech/KeeAgent/suites/6440404711/artifacts/235755018

This build broke agent mode (KeePass 2.51.1, Windows 10 21h2 native)

ssh-add -L
error fetching identities: agent refused operation

Same on Putty client. Last working one is e5bd823 https://github.com/dlech/KeeAgent/actions/runs/2290793867

[ST-DDT]

@jnko, this should be fixed now: dlech/KeeAgent/suites/6440404711/artifacts/235755018

I had issues with git 2.36.0 on windows. This version fixed that for me.

[lopsided98]

This build broke agent mode (KeePass 2.51.1, Windows 10 21h2 native)

I can reproduce this on Linux as well.

[FabianMaurerMathema]

For me it also broke due to git 2.36.0. This version works: https://github.com/dlech/KeeAgent/actions/runs/2290793867 The latest commit breaks it again.

[ezaton]

Just a little more info. I have tried one of the newer builds - this: https://github.com/dlech/KeeAgent/actions/runs/2290793867 works BUT - if I double-click on an entry in KeePass2 which has empty password, KeePass crashes its main window (but does not exit), with the following error message:

System.DllNotFoundException: Comctl32.dll assembly:<unknown assembly> type:<unknown type> member:(null)
  at (wrapper managed-to-native) KeeAgent.UI.SystemIcon.LoadIconWithScaleDown(intptr,intptr,int,int,intptr&)
  at KeeAgent.UI.SystemIcon.UpdateImage () [0x0002d] in <a1d5c12400304b27865e128aa1cf63ba>:0 
  at KeeAgent.UI.SystemIcon..ctor () [0x00035] in <a1d5c12400304b27865e128aa1cf63ba>:0 
  at (wrapper remoting-invoke-with-check) KeeAgent.UI.SystemIcon..ctor()
  at KeeAgent.UI.EntryPanel.InitializeComponent () [0x000e7] in <a1d5c12400304b27865e128aa1cf63ba>:0 
  at KeeAgent.UI.EntryPanel..ctor (KeeAgent.KeeAgentExt ext) [0x0000d] in <a1d5c12400304b27865e128aa1cf63ba>:0 
  at (wrapper remoting-invoke-with-check) KeeAgent.UI.EntryPanel..ctor(KeeAgent.KeeAgentExt)
  at KeeAgent.KeeAgentExt.WindowAddedHandler (System.Object sender, KeePass.UI.GwmWindowEventArgs e) [0x00036] in <a1d5c12400304b27865e128aa1cf63ba>:0 
  at KeePass.UI.GlobalWindowManager.AddWindow (System.Windows.Forms.Form form, KeePass.UI.IGwmWindow wnd) [0x00079] in <63d169ac154c43968c13625f65b84848>:0 
  at KeePass.UI.GlobalWindowManager.AddWindow (System.Windows.Forms.Form form) [0x00000] in <63d169ac154c43968c13625f65b84848>:0 
  at KeePass.Forms.PwEntryForm.OnFormLoad (System.Object sender, System.EventArgs e) [0x0005b] in <63d169ac154c43968c13625f65b84848>:0 
  at System.Windows.Forms.Form.OnLoad (System.EventArgs e) [0x00022] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at System.Windows.Forms.Form.OnLoadInternal (System.EventArgs e) [0x00029] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
System.NullReferenceException: Object reference not set to an instance of an object
  at KeePass.Forms.PwEntryForm.HandleFormClosing (System.Windows.Forms.FormClosingEventArgs e) [0x00019] in <63d169ac154c43968c13625f65b84848>:0 
  at KeePass.Forms.PwEntryForm.OnFormClosing (System.Object sender, System.Windows.Forms.FormClosingEventArgs e) [0x00010] in <63d169ac154c43968c13625f65b84848>:0 
  at System.Windows.Forms.Form.OnFormClosing (System.Windows.Forms.FormClosingEventArgs e) [0x0001c] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at System.Windows.Forms.Form.FireClosingEvents (System.Windows.Forms.CloseReason reason, System.Boolean cancel) [0x0001b] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at (wrapper remoting-invoke-with-check) System.Windows.Forms.Form.FireClosingEvents(System.Windows.Forms.CloseReason,bool)
  at System.Windows.Forms.Application.Exit (System.ComponentModel.CancelEventArgs e) [0x00035] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at System.Windows.Forms.Application.Exit () [0x00005] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at System.Windows.Forms.Application.OnThreadException (System.Exception t) [0x0006e] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at System.Windows.Forms.Form.OnLoadInternal (System.EventArgs e) [0x00036] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at System.Windows.Forms.Form.OnCreateControl () [0x00027] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at System.Windows.Forms.Control.CreateControl () [0x000a3] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at System.Windows.Forms.Control.WmShowWindow (System.Windows.Forms.Message& m) [0x00039] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at System.Windows.Forms.Control.WndProc (System.Windows.Forms.Message& m) [0x001cf] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at System.Windows.Forms.ScrollableControl.WndProc (System.Windows.Forms.Message& m) [0x00000] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at System.Windows.Forms.ContainerControl.WndProc (System.Windows.Forms.Message& m) [0x0003c] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at System.Windows.Forms.Form.WndProc (System.Windows.Forms.Message& m) [0x0015c] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at System.Windows.Forms.Control+ControlWindowTarget.OnMessage (System.Windows.Forms.Message& m) [0x00000] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at System.Windows.Forms.Control+ControlNativeWindow.WndProc (System.Windows.Forms.Message& m) [0x0000b] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at System.Windows.Forms.NativeWindow.WndProc (System.IntPtr hWnd, System.Windows.Forms.Msg msg, System.IntPtr wParam, System.IntPtr lParam) [0x0008e] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
System.ObjectDisposedException: Cannot access a disposed object.
Object name: 'KeePass.Forms.PwEntryForm'.
  at System.Windows.Forms.Control.CreateHandle () [0x00016] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at System.Windows.Forms.Form.CreateHandle () [0x00000] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at System.Windows.Forms.Control.get_Handle () [0x0002b] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at (wrapper remoting-invoke-with-check) System.Windows.Forms.Control.get_Handle()
  at System.Windows.Forms.Application.RunLoop (System.Boolean Modal, System.Windows.Forms.ApplicationContext context) [0x0009f] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at System.Windows.Forms.Form.ShowDialog (System.Windows.Forms.IWin32Window owner) [0x001fe] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at System.Windows.Forms.Form.ShowDialog () [0x00000] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at (wrapper remoting-invoke-with-check) System.Windows.Forms.Form.ShowDialog()
  at KeePass.Forms.MainForm.EditSelectedEntry (KeePass.Forms.PwEntryFormTab eftInit) [0x00078] in <63d169ac154c43968c13625f65b84848>:0 
  at KeePass.Forms.MainForm.OnEntryEdit (System.Object sender, System.EventArgs e) [0x00000] in <63d169ac154c43968c13625f65b84848>:0 
  at KeePass.Forms.MainForm.OnPwListKeyDown (System.Object sender, System.Windows.Forms.KeyEventArgs e) [0x000b7] in <63d169ac154c43968c13625f65b84848>:0 
  at (wrapper delegate-invoke) <Module>.invoke_void_object_KeyEventArgs(object,System.Windows.Forms.KeyEventArgs)
  at System.Windows.Forms.Control.OnKeyDown (System.Windows.Forms.KeyEventArgs e) [0x0001c] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at KeePass.UI.CustomListViewEx.OnKeyDown (System.Windows.Forms.KeyEventArgs e) [0x00026] in <63d169ac154c43968c13625f65b84848>:0 
  at System.Windows.Forms.Control.ProcessKeyEventArgs (System.Windows.Forms.Message& m) [0x0004e] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at System.Windows.Forms.Control.ProcessKeyMessage (System.Windows.Forms.Message& m) [0x0001e] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at System.Windows.Forms.Control.WmKeys (System.Windows.Forms.Message& m) [0x00000] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at System.Windows.Forms.Control.WndProc (System.Windows.Forms.Message& m) [0x001ff] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at System.Windows.Forms.ListView.WndProc (System.Windows.Forms.Message& m) [0x0006a] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at KeePass.UI.CustomListViewEx.WndProc (System.Windows.Forms.Message& m) [0x000fd] in <63d169ac154c43968c13625f65b84848>:0 
  at System.Windows.Forms.Control+ControlWindowTarget.OnMessage (System.Windows.Forms.Message& m) [0x00000] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at System.Windows.Forms.Control+ControlNativeWindow.WndProc (System.Windows.Forms.Message& m) [0x0000b] in <a3daa9b84fd241a497578a25f68bc3c7>:0 
  at System.Windows.Forms.NativeWindow.WndProc (System.IntPtr hWnd, System.Windows.Forms.Msg msg, System.IntPtr wParam, System.IntPtr lParam) [0x0008e] in <a3daa9b84fd241a497578a25f68bc3c7>:0 

[dlech]

@ezaton if you are using Linux/Mono, please see https://github.com/dlech/KeeAgent/issues/341#issuecomment-1121907213

[ezaton]

This is the build I am using, and while ssh-add -l works well, and so does SSH keys, if double-clicking on an entry without password, Keepass2 crashes.

[dlech]

This is the build I am using

You said you are using 2290793867 but the build that should fix the specific the crash you shared is 235755018

[ezaton]

It prevents the crash, but ssh-add -l does not work anymore, and SSH cannot make use of the keys inside KeePass. so I have to choose either that or that :-)

[Eveldee]

I can confirm that last commit broke ssh-add -l, I got a "agent refused operation" using ed25519 keys (strangely works when only rsa keys are loaded). It works with this build

[dlech]

The broken ssh-add -l regression should be fixed now.

https://github.com/dlech/KeeAgent/suites/6604109194/artifacts/248173097

[Hackerpcs]

The last build

https://github.com/dlech/KeeAgent/actions/runs/2363636291

works great.

EDIT A small bug, on previous working build https://github.com/dlech/KeeAgent/actions/runs/2290793867 I could see the comments of the keys

on the latest above I can't

[ezaton]

I can confirm that the plugin works well (except for the comments) in this build: https://github.com/dlech/KeeAgent/actions/runs/2363636291. Excellent.

[dlech]

Can you please start a new issue for the comment regression and include detailed information on how to reproduce the problem (OS, agent/client mode, private key file format, etc.).

[massimobalestra]

I tried build 57 ( https://github.com/dlech/KeeAgent/actions/runs/2394202409 ) with Cygwin and "OpenSSH_9.0p1, OpenSSL 1.1.1o 3 May 2022" and it works perfectly. Thank you

[mehrdadn]

In case anyone is stuck on an older version of KeeAgent (for whatever reason): If you want to revert to the old (insecure) behavior and just want compatibility with OpenSSH 8.9, you can add a stub like this to Agent.AnswerMessage():

case Message.SSH_AGENTC_EXTENSION:
  try {
    var extensionType = messageParser.ReadString();
    switch (extensionType) {
      case "session-bind@openssh.com":
        var hostKey = messageParser.ReadBlob();
        var sessionIdentifier = messageParser.ReadBlob();
        var signature = messageParser.ReadBlob();
        var isForwarding = messageParser.ReadBytes(1)[0];
        responseBuilder.InsertHeader(Message.SSH_AGENT_SUCCESS);
        break;
      default:
        throw new NotSupportedException($"unsupported extension: {extensionType}");
    }
  } catch (Exception ex) {
    Debug.Fail(ex.ToString());
  }
  goto default; // failed

[fennibay]

Many thanks for identifying, diagnosing and fixing this issue.

I don't want to cause any stress; just I'd like to ask when we can expect an official KeeAgent release containing this fix.

[filviu]

I hate to be the beared of bad news but something seems broken again.

Build 50 fixed the initial issues for me. But suddenly under load the plugin would just hang. By load I mean multiple ssh connections in quick succession (i.e. when running ansible on more than a few hosts)

I tried build 57 and that seems to improve things but it still hangs. When it does I need to restart KeePass. I don't know if it's me or the plugin, I don't know where to search. ssh connection hangs with:

debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks

Worth mentioning my setup is to forward the ssh-agent with ForwardAgent yes and then run ansible from a bastion host.

[dlech]

Can you please start a new issue with exact steps to reproduce the problem?

[dlech]

https://github.com/dlech/KeeAgent/releases/tag/v0.13.1 has been released. Please open a new issue for any bugs found in that version.

[AdamReece-WebBox]

Just writing in to say that the 0.13.1 update worked when our Ubuntu LTS VMs updated from 20.04 to 22.04. Thank you! We were all getting "get_agent_identities: ssh_fetch_identitylist: agent refused operation" but only via VSCode in Remote (SSH) environment.

[florian-asche]

Just writing in to say that the 0.13.1 update worked when our Ubuntu LTS VMs updated from 20.04 to 22.04. Thank you! We were all getting "get_agent_identities: ssh_fetch_identitylist: agent refused operation" but only via VSCode in Remote (SSH) environment.

but you didnt use the PPA repo right? Because that package seems to be the old version.