Closed c-george closed 3 years ago
Nikratio
commented
3 years ago Thanks for the report! I'm not sure what's going on there, but here's a few ideas to debug it:
SSHFS is starting an actual SSH process to communicate with the server. I'd enable debugging options and/or use ps to determine the exact commandline being used. Then, run that command by hand and figure out what you need to change to make it work with yubikey.
c-george
commented
3 years ago Thanks for the direction, Nikolaus. It'll be another few weeks until I can look into it properly and I'll update this issue with what I find out then. Cheers.
c-george
commented
3 years ago Additional notes
This problem still exists on fedora 34/gnome
Initial investigation
I used multiple debugging techniques in addition to those suggested by nikratio, and cannot see anything obviously incorrect with what sshfs is passing to ssh.
I did a lot of internet searching, experimenting and testing and found that there is one alternate workaround (originally specified for other yubikey/security card issues) that does seem to resolve this issue with sshfs, even if I couldn't find a satisfactory explanation of why.
REBOOT & LOGIN
$ sudo systemctl restart pcscd
$ sshfs user@10.0.0.1:/remote /local #### this succeeds!
It appears that the pcscd service is somehow partially-initialized (or initialized at the wrong time) leaving it in a state that is somehow incompatible with sshfs. This is strange, given that it seems to be compatible with ssh by itself.
I'm not a big fan of the "just cycle power and it will magically work again" approach to fixing bugs, so I plan on trying to find a proper solution.
Next steps (in order of priority)
I'll try to do more investigating during the next week or two when I can find some free time. Hopefully then this issue can be closed with a successful resolution.
c-george
commented
3 years ago Closing comments
I have spent quite a few hours looking into this issue, and I don't believe it should be attributed to sshfs. sshfs is merely a user of the services that have issues.
The following two workarounds are functional (albeit somewhat annoying at times):
a) $ sudo systemctl restart pcscd or b) $ ssh (address) # use regular ssh to get the yubikey connection working $ sshfs (address)
As such, I feel it is best to simply close the issue here.
Once again, thanks to everyone who is developing this software. I still use it every day without problems.
Initial comment Thanks to all who helped create this FANTASTIC piece of interface software. It has made my life so much simpler!!!
Setup
Problem observed
Commands entered on cli $ sshfs user@10.0.0.1:/remote /local #### no prompt to insert yubikey read: Connection reset by peer #### sshfs connection failed (understandably) $ ssh user@10.0.0.1 #### prompts to insert yubikey as expected Last login: Mon May 3 10:04:25 2021 from 10.0.0.200 $ sshfs user@10.0.0.1:/remote /local #### this succeeds!
Criticality
Request If this is not an easy fix (i.e. add a flag when calling the ssh library or something like that), I will happily delve into the source code myself (researching ssh/gpg/yubikey API connectivity) and try to experiment and figure out the issue in a month or so. Any advice as to which source files contain the ssh connectivity would be helpful (if they aren't obvious).