search

kryptco / kr

DEPRECATED A dev tool for SSH auth + Git commit/tag signing using a key stored in Krypton.
https://krypt.co/developers/
Other
1.59k stars 109 forks source link

Mojave issues #244

Closed selfagency closed 4 years ago

selfagency commented 5 years ago

Ok, so this is weird:

On my Macbook Pro, I upgraded from High Sierra to Mojave. It still has the PKCS11 identity agent in my ~/.ssh/config file and the /usr/local/bin/krssh proxy command. And it works fine.

However, on my Mac Pro desktop, I installed Mojave fresh and reinstalled all of my apps, including kr. And for some reason, I couldn't connect to any of my servers over SSH. I tried mimicking the configuration from my laptop and was unsuccessful. What did work, however, was disabling the proxy command. Once I commented out ProxyCommand etc., I was able to use SSH again and my computer was able to communicate with my phone to retrieve my private key.

So uh... Huh?

agrinman commented 5 years ago

Thanks for reporting, that's strange behavior. When you re-enable the proxycommand does it still keep working?

selfagency commented 5 years ago

no

selfagency commented 5 years ago

here's my current config

Host *
    IdentityAgent ~/.kr/krd-agent.sock
    #ProxyCommand /usr/local/bin/krssh %h %p
        AddKeysToAgent yes
        ForwardAgent yes
    IdentityFile ~/.ssh/id_krypton
    IdentityFile ~/.ssh/id_ed25519
    IdentityFile ~/.ssh/id_rsa
    IdentityFile ~/.ssh/id_ecdsa
    IdentityFile ~/.ssh/id_dsa
agrinman commented 5 years ago

Thanks. Can you share the output of ssh me.krypt.co -vvv?

selfagency commented 5 years ago 
OpenSSH_7.9p1, OpenSSL 1.0.2p  14 Aug 2018
debug1: Reading configuration data /Users/daniel/.ssh/config
debug1: /Users/daniel/.ssh/config line 3: Applying options for *
debug1: Reading configuration data /usr/local/etc/ssh/ssh_config
debug1: Executing proxy command: exec /usr/local/bin/krssh me.krypt.co 22
debug1: identity file /Users/daniel/.ssh/id_krypton type 3
debug1: identity file /Users/daniel/.ssh/id_krypton-cert type -1
debug1: identity file /Users/daniel/.ssh/id_ed25519 type -1
debug1: identity file /Users/daniel/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/daniel/.ssh/id_rsa type 0
debug1: identity file /Users/daniel/.ssh/id_rsa-cert type -1
debug1: identity file /Users/daniel/.ssh/id_ecdsa type -1
debug1: identity file /Users/daniel/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/daniel/.ssh/id_dsa type -1
debug1: identity file /Users/daniel/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9
debug1: ssh_exchange_identification:

debug1: ssh_exchange_identification: \033[?25l\033[?7l\033[0m\033[31m\033[1m

debug1: ssh_exchange_identification: \033[?25h\033[?7hSSH-2.0-Go

debug1: ssh_exchange_identification:
 ssh_exchange_identification: Connection closed by remote host
selfagency commented 5 years ago

FYI, I upgraded kr on my MacBook Pro, which rewrote my ssh config, and now the same thing is happening as above.

kcking commented 5 years ago

Apologies for the delayed followup on this -- what does kr me output? Also what shell are you using?

selfagency commented 5 years ago

kr me gives me my public key. i'm using fish, but i get the same behavior in bash.

selfagency commented 5 years ago

(and yes, this is still happening with version 2.4.13)

kcking commented 5 years ago

Ok thank you for reporting back -- does toggling either of 

AddKeysToAgent yes
ForwardAgent yes

in your ssh config change the behavior?

selfagency commented 5 years ago

nope, no change

selfagency commented 5 years ago

oooh look

➜ krssh
panic: runtime error: index out of range

goroutine 1 [running]:
main.main()
    /private/tmp/kr-20181207-5954-tidgpv/src/github.com/kryptco/kr/krssh/krssh.go:259 +0xc0b

same thing happens if i completely uninstall and reinstall the package, whether with homebrew or the bash script.

if i run krssh -h mydomain.com -p 22 it just freezes like it does when i have the proxy command thing enabled in the config.

selfagency commented 5 years ago

here are some log traces

Dec 12 16:35:32 selfagency-macpro krssh[12078]: 16:35:32.224 NOTICE ▶ Checked for update recently, falling back to latest version cache.
Dec 12 16:35:43 selfagency-macpro krssh[12392]: 16:35:43.328 NOTICE ▶ Checked for update recently, falling back to latest version cache.
Dec 12 16:35:55 selfagency-macpro krssh[12708]: 16:35:55.683 NOTICE ▶ Checked for update recently, falling back to latest version cache.
Dec 12 16:40:27 selfagency-macpro krd[566]: 16:40:27.705 NOTICE ▶ stopping with signal terminated
Dec 12 16:40:27 selfagency-macpro krd[18047]: 16:40:27.980 NOTICE ▶ krd launched and listening on UNIX socket
Dec 12 16:41:01 selfagency-macpro krssh[18493]: 16:41:01.479 NOTICE ▶ Checked for update recently, falling back to latest version cache.
Dec 12 16:41:32 selfagency-macpro krd[18047]: 16:41:32.395 WARNIN ▶ no hostname found for session
Dec 12 16:41:33 selfagency-macpro krd[18047]: 16:41:33.088 NOTICE ▶ response took 567 ms
Dec 12 16:41:33 selfagency-macpro krd[18047]: 16:41:33.088 NOTICE ▶ sign response: &{Signature:0xc00000c6c0 Error:<nil>}
Dec 12 16:41:33 selfagency-macpro krd[18047]: 16:41:33.212 NOTICE ▶ Using Public Key Signature Digest Algorithm: ssh-ed25519
Dec 12 16:43:02 selfagency-macpro krssh[20589]: 16:43:02.739 NOTICE ▶ Checked for update recently, falling back to latest version cache.
Dec 12 16:43:43 selfagency-macpro krssh[21774]: 16:43:43.326 NOTICE ▶ Checked for update recently, falling back to latest version cache.
Dec 12 16:43:59 selfagency-macpro krssh[22348]: 16:43:59.437 NOTICE ▶ Checked for update recently, falling back to latest version cache.
Dec 12 16:46:51 selfagency-macpro krssh[23713]: 16:46:51.242 NOTICE ▶ Checked for update recently, falling back to latest version cache.
Dec 12 16:49:50 selfagency-macpro krssh[23990]: 16:49:50.606 NOTICE ▶ Checked for update recently, falling back to latest version cache.
Dec 12 16:50:38 selfagency-macpro krssh[24101]: 16:50:38.541 NOTICE ▶ Checked for update recently, falling back to latest version cache.
Dec 12 16:50:54 selfagency-macpro krd[18047]: 16:50:54.803 WARNIN ▶ no hostname found for session
Dec 12 16:50:55 selfagency-macpro krd[18047]: 16:50:55.324 NOTICE ▶ response took 396 ms
Dec 12 16:50:55 selfagency-macpro krd[18047]: 16:50:55.324 NOTICE ▶ sign response: &{Signature:0xc0004af000 Error:<nil>}
Dec 12 16:50:55 selfagency-macpro krd[18047]: 16:50:55.445 NOTICE ▶ Using Public Key Signature Digest Algorithm: ssh-ed25519
Dec 12 16:51:01 selfagency-macpro krssh[24520]: 16:51:01.350 NOTICE ▶ Checked for update recently, falling back to latest version cache.
Dec 12 16:54:10 selfagency-macpro krd[18047]: 16:54:10.319 WARNIN ▶ no hostname found for session
Dec 12 16:54:10 selfagency-macpro krd[18047]: 16:54:10.750 NOTICE ▶ response took 305 ms
Dec 12 16:54:10 selfagency-macpro krd[18047]: 16:54:10.750 NOTICE ▶ sign response: &{Signature:0xc0004a8f60 Error:<nil>}
Dec 12 16:54:10 selfagency-macpro krd[18047]: 16:54:10.875 NOTICE ▶ Using Public Key Signature Digest Algorithm: ssh-ed25519
Dec 12 16:54:19 selfagency-macpro krssh[24807]: 16:54:19.046 NOTICE ▶ Checked for update recently, falling back to latest version cache.
Dec 12 16:54:32 selfagency-macpro krssh[24918]: 16:54:32.023 NOTICE ▶ Checked for update recently, falling back to latest version cache.
Dec 12 16:55:00 selfagency-macpro krssh[25019]: 16:55:00.159 NOTICE ▶ Checked for update recently, falling back to latest version cache.

the logs in my ~/.kr folder are all empty

kcking commented 5 years ago

The panic is just because krssh is expecting args, and the hang is because it is expecting input on stdin to forward to the server.

Could you post (or send to support@krypt.co) any non-sensitive env vars you have set? (Printed with the env command)

selfagency commented 5 years ago

Here ya go https://gist.github.com/selfagency/35c107ab5bcece50d416c9c2aa38ade3

kcking commented 5 years ago

Hmm nothing stands out there. Are you using a proxy by any chance?

Also I misspoke on the previous comment. The reason krssh isn't printing anything is because it should be invoked with arguments instead of flags -- running krssh me.krypt.co 22 should print SSH-2.0-Go

selfagency commented 5 years ago

i am not using a proxy, no. i use dns over https, but that's it.

selfagency commented 5 years ago

Oh and

➜ krssh me.krypt.co 22
SSH-2.0-Go
selfagency commented 5 years ago

have you really not gotten this complaint from any other mojave user? because it's just plain odd that it would affect two of my computers and no one else's.

selfagency commented 5 years ago

hey, just wanted to ping this as it's still an issue.

FernandoMiguel commented 5 years ago

not helpful, but i'm on mojave and everything works out of the box for me 10.14.5 Beta (18F108f)

selfagency commented 5 years ago

Yeah I dunno, I formatted my desktop HD and installed Mac OS from scratch and I have the same problem as on my laptop HD that I upgraded from High Sierra.

sumanthratna commented 5 years ago

This is also happening on MacOS Catalina.

selfagency commented 5 years ago

I am having this issue, still, in Catalina as well. What's interesting is that it seems to work until you reboot, and then you need to comment out the Proxy Command again.

selfagency commented 4 years ago

I have a brand new Macbook Pro running Catalina and am still having this same problem

kex_exchange_identification: banner line contains invalid characters

selfagency commented 4 years ago

Waaaaaaaaait I just figured it out.

I ran ssh me.krypt.co -vvv again and it's working after I disabled a command, neofetch, that I had running when I opened a new shell.