Cant sync ssh

[wastez]

Hello,

Everthing should be alright. The keys are in config/keys-sync and config/keys-sync.pub on the server. On the client a user was created with name keys-sync. Strict mode is off and and the AuthorizedKeysFile /var/local/keys-sync/%u ist configured. Also a file /var/local/keys-sync/keys-sync is there with the correct public key in it. I tested it, i can ssh in the bash with the config/keys-sync cert to the client as th euser keys-sync.

I´m using php7.4.

[wastez]

Oct 20 20:52:34 xxx sshd[8135]: Received disconnect from Client-IP port 41336:11: PECL/ssh2 (http://pecl.php.net/packages/ssh2) [preauth] Oct 20 20:52:34 xxx sshd[8135]: Disconnected from authenticating user keys-sync Client-IP port 41336 [preauth] Oct 20 20:52:34 xxx sshd[8137]: Received disconnect from Client-IP port 41338:11: PECL/ssh2 (http://pecl.php.net/packages/ssh2) [preauth] Oct 20 20:52:34 xxx sshd[8137]: Disconnected from authenticating user root Client-IP port 41338 [preauth]

[wastez]

PS: I changed the hostname and replaced the ip by "Client-IP"

[wastez]

Thats interessting, its connecting: debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 358 debug2: parse_server_config: config /etc/ssh/sshd_config len 358 debug3: /etc/ssh/sshd_config:32 setting PermitRootLogin yes debug3: /etc/ssh/sshd_config:33 setting StrictModes no debug3: /etc/ssh/sshd_config:37 setting AuthorizedKeysFile /var/local/keys-sync/%u ~/.ssh/authorized_keys debug3: /etc/ssh/sshd_config:63 setting ChallengeResponseAuthentication no debug3: /etc/ssh/sshd_config:86 setting UsePAM yes debug3: /etc/ssh/sshd_config:91 setting X11Forwarding yes debug3: /etc/ssh/sshd_config:95 setting PrintMotd no debug3: /etc/ssh/sshdconfig:114 setting AcceptEnv LANG LC* debug3: /etc/ssh/sshd_config:117 setting Subsystem sftp /usr/lib/openssh/sftp-server debug1: sshd version OpenSSH_7.7, OpenSSL 1.0.2n 7 Dec 2017 debug1: private host key #0: ssh-rsa SHA256:jG2hrz3YWhQo4XCb0VT9VC8fjJnJv5wQdftfnkgVY/U debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:Y4vBdZemjEOpSuzi+EEwbaEZFOjJoZCUcSHbev19k4Y debug1: private host key #2: ssh-ed25519 SHA256:w1ytvPbM0GFUVZ67t+qVJrnnvnPk2h0b8rP21wM3v/k debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-ddd' debug3: oom_adjust_setup debug1: Set /proc/self/oom_score_adj from 0 to -1000 debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug2: fd 4 setting O_NONBLOCK debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY debug1: Bind to port 22 on ::. Server listening on :: port 22. debug3: fd 5 is not O_NONBLOCK debug1: Server will not fork when running in debugging mode. debug3: send_rexec_state: entering fd = 8 config len 358 debug3: ssh_msg_send: type 0 debug3: send_rexec_state: done debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 debug1: inetd sockets after dupping: 3, 3 Connection from Client-IP port 41364 on Server-IP port 22 debug1: Client protocol version 2.0; client software version libssh2_1.8.0 PHP debug1: no match: libssh2_1.8.0 PHP debug1: Local version string SSH-2.0-OpenSSH_7.7p1 Ubuntu-4ubuntu0.3 debug2: fd 3 setting O_NONBLOCK debug3: ssh_sandbox_init: preparing seccomp filter sandbox debug2: Network child is on pid 8721 debug3: preauth child monitor started debug3: privsep user:group 106:65534 [preauth] debug1: permanently_set_uid: 106/65534 [preauth] debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth] debug3: ssh_sandbox_child: attaching seccomp filter program [preauth] debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] debug3: send packet: type 20 [preauth] debug1: SSH2_MSG_KEXINIT sent [preauth] debug3: receive packet: type 20 [preauth] debug1: SSH2_MSG_KEXINIT received [preauth] debug2: local server KEXINIT proposal [preauth] debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 [preauth] debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth] debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth] debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] debug2: compression ctos: none,zlib@openssh.com [preauth] debug2: compression stoc: none,zlib@openssh.com [preauth] debug2: languages ctos: [preauth] debug2: languages stoc: [preauth] debug2: first_kex_follows 0 [preauth] debug2: reserved 0 [preauth] debug2: peer client KEXINIT proposal [preauth] debug2: KEX algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth] debug2: host key algorithms: ssh-rsa,ssh-dss [preauth] debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc [preauth] debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc [preauth] debug2: MACs ctos: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com [preauth] debug2: MACs stoc: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com [preauth] debug2: compression ctos: none [preauth] debug2: compression stoc: none [preauth] debug2: languages ctos: [preauth] debug2: languages stoc: [preauth] debug2: first_kex_follows 0 [preauth] debug2: reserved 0 [preauth] debug1: kex: algorithm: diffie-hellman-group-exchange-sha256 [preauth] debug1: kex: host key algorithm: ssh-rsa [preauth] debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none [preauth] debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none [preauth] debug1: expecting SSH2_MSG_KEX_DH_GEX_REQUEST [preauth] debug3: receive packet: type 34 [preauth] debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth] debug3: mm_request_send entering: type 0 [preauth] debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI [preauth] debug3: mm_request_receive_expect entering: type 1 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 0 debug3: mm_answer_moduli: got parameters: 2048 2048 2048 debug3: mm_request_send entering: type 1 debug2: monitor_read: 0 used once, disabling now debug3: mm_choose_dh: remaining 0 [preauth] debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth] debug3: send packet: type 31 [preauth] debug2: bits set: 1031/2048 [preauth] debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth] debug3: receive packet: type 32 [preauth] debug2: bits set: 990/2048 [preauth] debug3: mm_key_sign entering [preauth] debug3: mm_request_send entering: type 6 [preauth] debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN [preauth] debug3: mm_request_receive_expect entering: type 7 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 6 debug3: mm_answer_sign debug3: mm_answer_sign: hostkey proof signature 0x55d740eae7e0(271) debug3: mm_request_send entering: type 7 debug2: monitor_read: 6 used once, disabling now debug3: send packet: type 33 [preauth] debug3: send packet: type 21 [preauth] debug2: set_newkeys: mode 1 [preauth] debug1: rekey after 4294967296 blocks [preauth] debug1: SSH2_MSG_NEWKEYS sent [preauth] debug1: expecting SSH2_MSG_NEWKEYS [preauth] debug3: receive packet: type 21 [preauth] debug1: SSH2_MSG_NEWKEYS received [preauth] debug2: set_newkeys: mode 0 [preauth] debug1: rekey after 4294967296 blocks [preauth] debug1: KEX done [preauth] debug3: receive packet: type 5 [preauth] debug3: send packet: type 6 [preauth] debug3: receive packet: type 50 [preauth] debug1: userauth-request for user keys-sync service ssh-connection method publickey [preauth] debug1: attempt 0 failures 0 [preauth] debug3: mm_getpwnamallow entering [preauth] debug3: mm_request_send entering: type 8 [preauth] debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth] debug3: mm_request_receive_expect entering: type 9 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 8 debug3: mm_answer_pwnamallow debug2: parse_server_config: config reprocess config len 358 debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 debug3: mm_request_send entering: type 9 debug2: monitor_read: 8 used once, disabling now debug2: input_userauth_request: setting up authctxt for keys-sync [preauth] debug3: mm_start_pam entering [preauth] debug3: mm_request_send entering: type 100 [preauth] debug3: mm_inform_authserv entering [preauth] debug3: mm_request_send entering: type 4 [preauth] debug2: input_userauth_request: try method publickey [preauth] debug1: userauth_pubkey: test pkalg ssh-rsa pkblob RSA SHA256:ex/+KeRCn/y0U5nm08kg/SMQ50MStNf6LxxNiHQBu/k [preauth] debug3: mm_key_allowed entering [preauth] debug3: mm_request_send entering: type 22 [preauth] debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth] debug3: mm_request_receive_expect entering: type 23 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 100 debug1: PAM: initializing for "keys-sync" debug1: PAM: setting PAM_RHOST to "Client-IP" debug1: PAM: setting PAM_TTY to "ssh" debug2: monitor_read: 100 used once, disabling now debug3: mm_request_receive entering debug3: monitor_read: checking request 4 debug3: mm_answer_authserv: service=ssh-connection, style=, role= debug2: monitor_read: 4 used once, disabling now debug3: mm_request_receive entering debug3: monitor_read: checking request 22 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 0x55d740ec1900 debug1: temporarily_use_uid: 111/65534 (e=0/0) debug1: trying public key file /var/local/keys-sync/keys-sync debug1: fd 4 clearing O_NONBLOCK debug1: /var/local/keys-sync/keys-sync:1: matching key found: RSA SHA256:ex/+KeRCn/y0U5nm08kg/SMQ50MStNf6LxxNiHQBu/k debug1: /var/local/keys-sync/keys-sync:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding Accepted key RSA SHA256:ex/+KeRCn/y0U5nm08kg/SMQ50MStNf6LxxNiHQBu/k found at /var/local/keys-sync/keys-sync:1 debug1: restore_uid: 0/0 debug3: mm_answer_keyallowed: publickey authentication test: RSA key is allowed debug3: mm_request_send entering: type 23 debug3: send packet: type 60 [preauth] debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa [preauth] Postponed publickey for keys-sync from Client-IP port 41364 ssh2 [preauth] debug3: receive packet: type 1 [preauth] Received disconnect from Client-IP port 41364:11: PECL/ssh2 (http://pecl.php.net/packages/ssh2) [preauth] Disconnected from authenticating user keys-sync Client-IP port 41364 [preauth] debug1: do_cleanup [preauth] debug3: PAM: sshpam_thread_cleanup entering [preauth] debug1: monitor_read_log: child log fd closed debug3: mm_request_receive entering debug1: do_cleanup debug1: PAM: cleanup debug3: PAM: sshpam_thread_cleanup entering debug1: Killing privsep child 8721 debug1: audit_event: unhandled event 12

[wastez]

Already found it, it was this: https://github.com/operasoftware/ssh-key-authority/issues/45