ed25519 signature verification error

[rpwoodbu]

I have one report that libssh 0.7.1 cannot validate ed25519 host keys.

Loading NaCl module (takes a while the first time after an update).
[...............]
Loaded.
Could not connect via ssh: ed25519 signature verification error

SSH Login failed.

Mosh has exited.
Press "x" to close the window.

This may be a bug in libssh, but I should try to repro just to be sure.

[rpwoodbu]

There's now a second report of this issue, in Issue #100. @d4l3k, are you suggesting that you can connect with ed25519 with the stable Mosh for Chrome, just not the dev version? If so, this may be a regression from libssh 0.6.0 to 0.7.1.

[rpwoodbu]

For my reference: It seems like ed25519 was added to libssh in 0.7.0: https://www.libssh.org/2015/05/11/libssh-0-7-0/

I hypothesize that this key type was skipped in 0.6.0 as it wasn't supported, and now that it is supported, buggy support causes failure.

[d4l3k]

I'm not completely sure what is happening with regards to ed25519. The stable version doesn't throw that error and lets me connect to my server without any problems, however the dev version now throws it. When I first tried out the dev version it was working just fine until a few days ago when it stopped working.

I'm fairly confident that the key I'm using isn't ed25519 but is instead RSA.

$ ssh-keygen -l -f id_rsa
4096 b1:56:f0:fe:c5:7e:c1:ec:cb:31:15:a9:2b:f3:1b:7b  rice@fn.lc (RSA)

I'm not sure the exact command I used to create it, but it was likely the standard github one:

ssh-keygen -t rsa -b 4096 -C "rice@fn.lc"

App Versions:

• Mosh 0.2.12.91
• Mosh (dev) 0.2.12.246

[rpwoodbu]

Thanks for the details, @d4l3k. I updated the dev channel just a few days ago to libssh 0.7.1, which is why the behavior changed recently.

The issue is with the host keys, not your account keys. Look in /etc/ssh to see what keys you have. As a quick experiment, you might try temporarily moving out the ed25519 key file and bouncing sshd, then seeing if you can connect.

I will be experimenting with this when I get a moment, probably this weekend.

[d4l3k]

Ah. Yeah, there is a ed25519 key.

rice [05:44:07] [/etc/ssh] 
-> % ls
moduli  ssh_config  ssh_host_dsa_key  ssh_host_dsa_key.pub  ssh_host_ecdsa_key  ssh_host_ecdsa_key.pub  ssh_host_ed25519_key  ssh_host_ed25519_key.pub  ssh_host_rsa_key  ssh_host_rsa_key.pub  sshd_config

Removing ssh_host_ed25519_key* from /etc/ssh fixes the issue for Mosh (dev).

[rpwoodbu]

Upon close observation of the build-time messages, I noticed this at link-time:

error: ../build/libssh-0.7.1/build/src/libssh.a: multiple definition of 'crypto_sign_ed25519_ref_ge25519_base'

I looked, and indeed libssh.a has that symbol in it twice. I'm a tad surprised that this didn't result in the linker returning a non-zero exit code. I am not sure if the problem is with libssh or with the way I'm configuring/building it. But for expedience, I have made Mosh for Chrome simply skip this host key type, as I suspect most systems have other host keys to fall back on.

I will create another issue to track supporting ed25519 in the future.