Occasional timeouts for no apparent reason

[StoppingBuck]

I'm using Kryptonite on my iPhone paired with two computers - one MacOS and one Arch Linux.

I've noticed several times now where Krypton seems to time out for no apparent reason with the Krypton ▶ Request timed out. Make sure your phone and workstation are paired and connected to the internet and the Krypton app is running.

In this case, I was using my Mac and had just allowed all requests for the next 3 hours (via push notification on my Apple Watch), and when a few minutes later I again try to use ssh, the request times out with this debug (I've censored the IP):

 ✘ mp@Madss-iMac  ~  ssh white-lies -v
OpenSSH_7.8p1, OpenSSL 1.0.2p  14 Aug 2018
debug1: Reading configuration data /Users/mp/.ssh/config
debug1: /Users/mp/.ssh/config line 1: Applying options for *
debug1: /Users/mp/.ssh/config line 4: Ignored unknown option "usekeychain"
debug1: /Users/mp/.ssh/config line 49: Applying options for white-lies
debug1: /Users/mp/.ssh/config line 55: Applying options for *
debug1: Reading configuration data /usr/local/etc/ssh/ssh_config
debug1: Executing proxy command: exec /usr/local/bin/krssh xx.xxx.xx.xxx 2242
debug1: identity file /Users/mp/.ssh/id_rsa type 0
debug1: identity file /Users/mp/.ssh/id_rsa-cert type -1
debug1: identity file /Users/mp/.ssh/id_krypton type 0
debug1: identity file /Users/mp/.ssh/id_krypton-cert type -1
debug1: identity file /Users/mp/.ssh/id_ed25519 type -1
debug1: identity file /Users/mp/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/mp/.ssh/id_ecdsa type -1
debug1: identity file /Users/mp/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/mp/.ssh/id_dsa type -1
debug1: identity file /Users/mp/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to xx.xxx.xx.xxx:2242 as 'mp'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:t+FgXSactGKwNnqwp6vIUousklj+9By/r6QkzWYNTkM
debug1: Host '[xx.xxx.xx.xxx]:2242' is known and matches the ECDSA host key.
debug1: Found key in /Users/mp/.ssh/known_hosts:7
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:ipJHHPjByN8ItygjZh6GcZi7uUDOKB4PQb1/6z1lbWM /Users/mp/.ssh/id_krypton
debug1: Server accepts key: pkalg rsa-sha2-512 blen 535
Krypton ▶ Requesting SSH authentication from phone
Krypton ▶ Request timed out. Make sure your phone and workstation are paired and connected to the internet and the Krypton app is running.
Krypton ▶ Falling back to local keys.
sign_and_send_pubkey: signing failed: agent refused operation
debug1: Offering public key: RSA SHA256:qjj2ag4hYPXiGKIIECa9OUb5hMUd+UEMqAKPzLMCe7w /Users/mp/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/mp/.ssh/id_ed25519
no such identity: /Users/mp/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /Users/mp/.ssh/id_ecdsa
no such identity: /Users/mp/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /Users/mp/.ssh/id_dsa
no such identity: /Users/mp/.ssh/id_dsa: No such file or directory
debug1: No more authentication methods to try.
mp@xx.xxx.xx.xxx: Permission denied (publickey).

I know from experience that iOS can be a bit iffy about what apps get to run on the background, so my first thought was that perhaps it had suspended the Krypton app, but as mentioned I had just a few minutes before approved another request using my Apple Watch connected to that very same app, so I doubt that can be the case.

Also as mentioned this happens on and off throughout the day, and I haven't been able to find any pattern yet. When I tried the exact same command again a few minutes later everything worked perfectly again.

[StoppingBuck]

I forgot to mention that it seems the push message with 'request approved, etc. etc.' actually arrived on the iPhone (/watch) but several minutes too late (at which point the ssh request has long since timed out)

[neeksor]

I have an android device paired with osx and linux computers. I have experienced the same intermittent issue. I receive an authentication request on my Android, I approve the request. The requesting application continues to wait for response, eventually timing out or my impatience causes me to ^C :boom: I haven't been able to consistently reproduce the issue as it goes away when I retry the same command that triggered the authentication request.

[StoppingBuck]

@neeksor That doesn't sound completely like my issue, as in my case it's more like:

1. I do the ssh command
2. It says Krypton ▶ Requesting SSH authentication from phone
3. (nothing happens)
4. It says Krypton ▶ Request timed out. Make sure your phone and workstation are paired and connected to the internet and the Krypton app is running.
5. After a couple of minutes, I get an authentification request on my iPhone (although by that point, the actual request timed out a long time ago)

[kcking]

@StoppingBuck sorry for the issues you're experiencing. Are you always wearing your watch when this happens? The delayed notification delivery is not something we've seen before. One workaround to try would be to open the app when you make the request.

[kcking]

@neeksor this may have to do with android's doze mode power saving behavior. Have you tried disabling battery optimization for Krypton? There is a guide for how to do so here: https://www.greenbot.com/article/2993199/android/how-to-turn-off-doze-mode-for-specific-apps-in-android-marshmallow.html

[neeksor]

@kcking - I will try that out. Thanks for the help.