ntrippar
commented
5 years ago @fmpomar wrote a new ssh-agent library that we will use for SeKey, I will work on implementing that today and push a new version. one of the main issues with SeKey is on the first version all the error handling was poorly done. With that implemented this issue will be closed.
boardwalk
I'm trying out Pijul and it's sending a sign request to the SSH agent which crashes it.
As far as I can tell, it's sending something other than an ECDSA key and sekey is running off the end of the buffer in EcdsaSha2Nistp256::read and panicking.
From the SSH agent protocol spec, it looks like the agent is expect to just return SSH_AGENT_FAILURE if it doesn't doesn't have a key (regardless of type, etc).
Handler::sign_request() or EcdsaSha2Nistp256::read() could be made a little bit more robust and check the key type.