search

moose-team / friends

:tv: P2P chat powered by the web.
http://moose-team.github.io/friends/
MIT License
3.17k stars 341 forks source link

SSH Howto #91

Open serapath opened 9 years ago

serapath commented 9 years ago

Took me some time to fix my ssh setup so that DEBUG=* github-current-user could run through successfully. I followed the github article to succeed. I think it's very helpful for people who run into problems, because the current website doesn't tell how to fix that.

serapath commented 9 years ago

Hm, but still, before i start the chat, i have to re-run eval eval "$(ssh-agent -s)" and ssh-add ~/.ssh/id_rsa. Is there a best practice how to deal with that? Or do you guys always re-run it?

bcomnes commented 9 years ago

@serapath what os? Linux? The common practice is to have a passworded ssh key that lives in your ~/.ssh folder and use ssh-agent to decrypt it when its used. Most OSs that I've used will integrate with the system keychain in some way. That way, once you're logged in on your local system, your SSH key is ready to go without additional passwords and the whole experience is decently seamless. Windows has a form of ssh-agent I believe, and pageant and alternative systems are fairly common.

Post a little more details about your system and hopefully we can get you some more specific advice.

tunnckoCore commented 9 years ago

Or do you guys always re-run it?

no

ssh -T git@github.com

This is the magic. Few times I forgot to run it. And of course check the contents of your local public key and that that you set in github.

serapath commented 9 years ago

What does ssh -t git@github.com do? My system is Linux Mint 17 and I use bash and xfce desktop.

Whenever I start npm start in the checked out friends chat repo, it opens and tells me i'm not authed. So I have to close the chat and run eval "$(ssh-agent -s)" and then ssh-add ~/.ssh/id_rsa after which npm start will open the chat and it just works :-)

tunnckoCore commented 9 years ago

it do the auth, you can see in the article u give. so then there's no need to run eval "$(ssh-agent -s)" every time.

serapath commented 9 years ago

I tried ssh -T git@github.com

Warning: Permanently added the RSA host key for IP address '192.30.252.129' to the list of known hosts.

So i did it, but i still get:

We couldn't automatically authenticate you with GitHub credentials!

Other authentication methods will be available but right now GitHub is your only option for signed messages and verifying your username.

Here's what we were able to figure out about who you are:

Username: unknown
Valid SSH key:
We also saw this error:

Error: Encrypted keys not supported. Setup an SSH agent or decrypt it first

Reasons this process can fail:

No user.username or user.email specified in ~/.gitconfig
You only have user.email in ~/.gitconfig and your email address is set to private on GitHub
You don't have any public keys linked to your GitHub account
You don't have a private key for the public keys linked to your GitHub account
Your private key is encrypted but you're not running ssh-agent or your key hasn't been added to the running ssh-agent (try ssh-agent add)
Your private key is a DSA key. Please convert to an RSA key and try again.
You found a new bug!

So now i added something to something permanently, but it did not solve the problem.

bcomnes commented 9 years ago

Something about your ssh config is broked :( Permanently added the RSA host key just means that your computer is pinning the identity of github.com so that it will throw a warning if the host you are connecting to is pretending to be github.com. https://help.github.com/articles/generating-ssh-keys/ is generally a rock solid article for getting up and running with ssh keys.

Try ssh git@github.com -vvvv and see if you spot any specific errors relating to ssh keys.

tunnckoCore commented 9 years ago

No user.username or user.email specified in ~/.gitconfig

setup your config, delete existing key, delete it from github and repeat the steps again.

serapath commented 9 years ago 
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to github.com [192.30.252.128] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/serapath/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/serapath/.ssh/id_rsa type 1
debug1: identity file /home/serapath/.ssh/id_rsa-cert type -1
debug1: identity file /home/serapath/.ssh/id_dsa type -1
debug1: identity file /home/serapath/.ssh/id_dsa-cert type -1
debug1: identity file /home/serapath/.ssh/id_ecdsa type -1
debug1: identity file /home/serapath/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/serapath/.ssh/id_ed25519 type -1
debug1: identity file /home/serapath/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version libssh-0.6.0
debug1: no match: libssh-0.6.0
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "github.com" from file "/home/serapath/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/serapath/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-dss,ssh-rsa
debug2: kex_parse_kexinit: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc,des-cbc-ssh1
debug2: kex_parse_kexinit: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc,des-cbc-ssh1
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha2-256,hmac-sha2-512
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha2-256,hmac-sha2-512
debug2: kex_parse_kexinit: none,zlib,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: setup hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: setup hmac-sha1
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: RSA 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
debug3: load_hostkeys: loading entries for host "github.com" from file "/home/serapath/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/serapath/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "192.30.252.128" from file "/home/serapath/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/serapath/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /home/serapath/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/serapath/.ssh/id_rsa (0x7f6382197b10),
debug2: key: /home/serapath/.ssh/id_dsa ((nil)),
debug2: key: /home/serapath/.ssh/id_ecdsa ((nil)),
debug2: key: /home/serapath/.ssh/id_ed25519 ((nil)),
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/serapath/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp e4:81:29:7a:d3:ed:56:12:11:c5:cf:bd:05:f5:2b:16
debug3: sign_and_send_pubkey: RSA e4:81:29:7a:d3:ed:56:12:11:c5:cf:bd:05:f5:2b:16
debug1: key_parse_private2: missing begin marker
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/home/serapath/.ssh/id_rsa': 
debug1: key_parse_private2: missing begin marker
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug2: bad passphrase given, try again...
Enter passphrase for key '/home/serapath/.ssh/id_rsa': 
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to github.com ([192.30.252.128]:22).
debug2: fd 5 setting O_NONBLOCK
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug3: Ignored env NVM_RC_VERSION
debug1: Sending env LC_PAPER = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env XDG_VTNR
debug3: Ignored env MANPATH
debug3: Ignored env NVM_IOJS_ORG_VERSION_LISTING
debug1: Sending env LC_ADDRESS = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env SSH_AGENT_PID
debug3: Ignored env XDG_SESSION_ID
debug1: Sending env LC_MONETARY = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env COMP_WORDBREAKS
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env XDG_SESSION_COOKIE
debug3: Ignored env NVM_PATH
debug1: Sending env LC_NUMERIC = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env WINDOWID
debug3: Ignored env OLDPWD
debug3: Ignored env GNOME_KEYRING_CONTROL
debug3: Ignored env NVM_DIR
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug1: Sending env LC_TELEPHONE = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env SESSION_MANAGER
debug3: Ignored env USERNAME
debug3: Ignored env DEFAULTS_PATH
debug3: Ignored env XDG_CONFIG_DIRS
debug3: Ignored env PATH
debug3: Ignored env DESKTOP_SESSION
debug3: Ignored env NVM_NODEJS_ORG_MIRROR
debug1: Sending env LC_IDENTIFICATION = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env GDM_XSERVER_LOCATION
debug3: Ignored env PWD
debug3: Ignored env EDITOR
debug3: Ignored env GNOME_KEYRING_PID
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env MANDATORY_PATH
debug1: Sending env LC_MEASUREMENT = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env MDM_XSERVER_LOCATION
debug3: Ignored env GDMSESSION
debug3: Ignored env SHLVL
debug3: Ignored env XDG_SEAT
debug3: Ignored env HOME
debug3: Ignored env XDG_SESSION_DESKTOP
debug3: Ignored env LOGNAME
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env NVM_BIN
debug3: Ignored env NVM_IOJS_ORG_MIRROR
debug3: Ignored env MDMSESSION
debug3: Ignored env TEXTDOMAIN
debug3: Ignored env WINDOWPATH
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env DISPLAY
debug3: Ignored env MDM_LANG
debug1: Sending env LC_TIME = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env TEXTDOMAINDIR
debug3: Ignored env COLORTERM
debug3: Ignored env XAUTHORITY
debug1: Sending env LC_NAME = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 32000 rmax 35000
debug2: channel_input_status_confirm: type 100 id 0
PTY allocation request failed on channel 0
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
debug2: channel 0: rcvd ext data 90
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: rcvd close
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug3: channel 0: will not send data after close
debug2: channel 0: obuf_empty delayed efd 6/(90)
Hi serapath! You've successfully authenticated, but GitHub does not provide shell access.
debug2: channel 0: written 90 to efd 6
debug3: channel 0: will not send data after close
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
  #0 client-session (t4 r43 i3/0 o3/0 fd -1/-1 cc -1)

debug1: fd 1 clearing O_NONBLOCK
Connection to github.com closed.
Transferred: sent 4176, received 1784 bytes, in 0.3 seconds
Bytes per second: sent 14341.3, received 6126.6
debug1: Exit status 1
bcomnes commented 9 years ago

Hi serapath! You've successfully authenticated, but GitHub does not provide shell access.

Sounds like its working! Or did it still ask you for your password

tunnckoCore commented 9 years ago

Sounds like its working!

:+1: yea

Strange is this debug log, huh.

serapath commented 9 years ago

I did run the command again - same output regarding that log i posted above. Then i started the friends chat again successfully and got the message:

We couldn't automatically authenticate you with GitHub credentials!

Other authentication methods will be available but right now GitHub is your only option for signed messages and verifying your username.

Here's what we were able to figure out about who you are:

Username: loading...
Valid SSH key: loading...
Reasons this process can fail:

No user.username or user.email specified in ~/.gitconfig
You only have user.email in ~/.gitconfig and your email address is set to private on GitHub
You don't have any public keys linked to your GitHub account
You don't have a private key for the public keys linked to your GitHub account
Your private key is encrypted but you're not running ssh-agent or your key hasn't been added to the running ssh-agent (try ssh-agent add)
Your private key is a DSA key. Please convert to an RSA key and try again.
You found a new bug!

Then i executed again the commands: eval "$(ssh-agent -s)" and then ssh-add ~/.ssh/id_rsa and then npm start and the friends chat starts without that message.

bcomnes commented 9 years ago

The quickest work around would be to set that command to run when you start a session in your .bashrc file or something, but it sounds like your agent is configured in a funny way. I'm not familiar enough with Linux Mint 17 to really understand the root cause of this

serapath commented 9 years ago

I actually have a lot of stuff already in that file :-) Is there maybe a cli tool on npm with which i can manage my .bashrc file and "add" or "remove" stuff from it? Because I imagine, given the right npm modules, i can reproduce my environment and installed tools and command line aliases and configurations and i dont know what accross different computers running on different distros. I know about .dotfiles, but I wonder (because i quite often run into little issues that i then solve somehow with google search and hacking around), that it would be great to get a more reproducable approach that would be really lightweight :-)