search

tavrez / openssh-sk-winhello

A helper for OpenSSH to interact with FIDO2 and U2F security keys through native Windows Hello API
GNU Lesser General Public License v3.0
184 stars 14 forks source link

C:/cygwin/usr/sbin/ssh-sk-helper.exe errors out if C:\cygwin\bin is not in PATH #7

Closed ivan closed 3 years ago

ivan commented 3 years ago

Thank you for this very useful helper program. I have noticed a potential issue when built for cygwin. I followed https://github.com/tavrez/openssh-sk-winhello#install and added SecurityKeyProvider /usr/lib/winhello.dll to my ~/.ssh/config. Everything works fine when ssh is run inside a proper Cygwin shell with C:\cygwin\bin in PATH, but does not work (ssh-sk-helper.exe errors out as seen below) when ssh.exe is run outside a Cygwin shell, e.g. a C:\cygwin\bin\ssh.exe shortcut or from vscode.

C:\Users\at>C:\cygwin\bin\ldd /usr/lib/winhello.dll
        ntdll.dll => /cygdrive/c/WINDOWS/SYSTEM32/ntdll.dll (0x7ff808c10000)
        KERNEL32.DLL => /cygdrive/c/WINDOWS/System32/KERNEL32.DLL (0x7ff808710000)
        KERNELBASE.dll => /cygdrive/c/WINDOWS/System32/KERNELBASE.dll (0x7ff8065c0000)
        winhello.dll => /usr/lib/winhello.dll (0x4580c0000)
        user32.dll => /cygdrive/c/Windows/System32/user32.dll (0x7ff8087d0000)
        win32u.dll => /cygdrive/c/Windows/System32/win32u.dll (0x7ff806540000)
        gdi32.dll => /cygdrive/c/Windows/System32/gdi32.dll (0x7ff807e30000)
        gdi32full.dll => /cygdrive/c/Windows/System32/gdi32full.dll (0x7ff8069c0000)
        msvcp_win.dll => /cygdrive/c/Windows/System32/msvcp_win.dll (0x7ff806be0000)
        ucrtbase.dll => /cygdrive/c/Windows/System32/ucrtbase.dll (0x7ff806890000)

C:\Users\at>c:\cygwin\bin\ssh at@ra
Confirm user presence for key ED25519-SK SHA256:[...]
ssh_msg_recv: read header: Connection reset by peer
client_converse: receive: unexpected internal error
C:/cygwin/usr/sbin/ssh-sk-helper.exe: error while loading shared libraries: ?: cannot open shared object file: No such file or directory
reap_helper: helper exited with non-zero exit status
sign_and_send_pubkey: signing failed for ED25519-SK "/cygdrive/c/home/.ssh/id_ed25519-sk": unexpected internal error
at@[...]: Permission denied (publickey).
C:\Users\at>set PATH=C:\cygwin\bin;%PATH%

C:\Users\at>C:\cygwin\bin\ldd /usr/lib/winhello.dll
        ntdll.dll => /cygdrive/c/WINDOWS/SYSTEM32/ntdll.dll (0x7ff808c10000)
        KERNEL32.DLL => /cygdrive/c/WINDOWS/System32/KERNEL32.DLL (0x7ff808710000)
        KERNELBASE.dll => /cygdrive/c/WINDOWS/System32/KERNELBASE.dll (0x7ff8065c0000)
        USER32.dll => /cygdrive/c/WINDOWS/System32/USER32.dll (0x7ff8087d0000)
        win32u.dll => /cygdrive/c/WINDOWS/System32/win32u.dll (0x7ff806540000)
        GDI32.dll => /cygdrive/c/WINDOWS/System32/GDI32.dll (0x7ff807e30000)
        gdi32full.dll => /cygdrive/c/WINDOWS/System32/gdi32full.dll (0x7ff8069c0000)
        msvcp_win.dll => /cygdrive/c/WINDOWS/System32/msvcp_win.dll (0x7ff806be0000)
        cygwin1.dll => /usr/bin/cygwin1.dll (0x180040000)
        cygcrypto-1.1.dll => /usr/bin/cygcrypto-1.1.dll (0x3ff910000)
        ucrtbase.dll => /cygdrive/c/WINDOWS/System32/ucrtbase.dll (0x7ff806890000)
        cygz.dll => /usr/bin/cygz.dll (0x3fcd40000)
        advapi32.dll => /cygdrive/c/WINDOWS/System32/advapi32.dll (0x7ff808b00000)
        msvcrt.dll => /cygdrive/c/WINDOWS/System32/msvcrt.dll (0x7ff807270000)
        sechost.dll => /cygdrive/c/WINDOWS/System32/sechost.dll (0x7ff807370000)
        RPCRT4.dll => /cygdrive/c/WINDOWS/System32/RPCRT4.dll (0x7ff8089d0000)
        CRYPTBASE.DLL => /cygdrive/c/WINDOWS/SYSTEM32/CRYPTBASE.DLL (0x7ff805d30000)
        bcryptPrimitives.dll => /cygdrive/c/WINDOWS/System32/bcryptPrimitives.dll (0x7ff806360000)
        IMM32.DLL => /cygdrive/c/WINDOWS/System32/IMM32.DLL (0x7ff807240000)

C:\Users\at>c:\cygwin\bin\ssh at@ra
Confirm user presence for key ED25519-SK SHA256:[...]
init_winhello: WARNING! This should not be like this! WinHello API Error: Is user available=0, User=0.
(success)

I believe this can be made to work because Cygwin's DLLs work without C:\cygwin\bin in PATH, but I do not know how yet.

C:\Users\at>C:\cygwin\bin\ldd /usr/bin/cygcrypto-1.1.dll
        ntdll.dll => /cygdrive/c/WINDOWS/SYSTEM32/ntdll.dll (0x7ff808c10000)
        KERNEL32.DLL => /cygdrive/c/WINDOWS/System32/KERNEL32.DLL (0x7ff808710000)
        KERNELBASE.dll => /cygdrive/c/WINDOWS/System32/KERNELBASE.dll (0x7ff8065c0000)
        cygwin1.dll => /usr/bin/cygwin1.dll (0x180040000)
        cygz.dll => /usr/bin/cygz.dll (0x3fcd40000)
        advapi32.dll => /cygdrive/c/WINDOWS/System32/advapi32.dll (0x7ff808b00000)
        msvcrt.dll => /cygdrive/c/WINDOWS/System32/msvcrt.dll (0x7ff807270000)
        sechost.dll => /cygdrive/c/WINDOWS/System32/sechost.dll (0x7ff807370000)
        RPCRT4.dll => /cygdrive/c/WINDOWS/System32/RPCRT4.dll (0x7ff8089d0000)
        CRYPTBASE.DLL => /cygdrive/c/WINDOWS/SYSTEM32/CRYPTBASE.DLL (0x7ff805d30000)
        bcryptPrimitives.dll => /cygdrive/c/WINDOWS/System32/bcryptPrimitives.dll (0x7ff806360000)

I tested with an updated cygwin on Windows 10 2004.

ivan commented 3 years ago

My dumb wrapper program to work around this for now:

#include <stdio.h>
#include <stdlib.h>

int main(int argc, char** argv) {
    putenv("PATH=C:\\cygwin\\bin");
    execv("/bin/ssh", argv);
}
tavrez commented 3 years ago

Hello, The error you provided is actually from ssh-sk-helper.exe, not my dll, if you try with internal implementation you will see same error. ssh-sk-helper needs some dll files to be able to load properly, if you don't want to set cygwin bin dir into your path, you can copy all the DLLs it need to the same directory where ssh-sk-helper is(dirty, but will do the job)

ivan commented 3 years ago

Ah, thank you very much for taking a look. I didn't realize cygwin ssh / ssh-sk-helper itself was at fault, but that appears to be the case. I will close this.

C:\Users\at>C:\cygwin\bin\ldd C:/cygwin/usr/sbin/ssh-sk-helper.exe
        ntdll.dll => /cygdrive/c/WINDOWS/SYSTEM32/ntdll.dll (0x7fffb9ed0000)
        KERNEL32.DLL => /cygdrive/c/WINDOWS/System32/KERNEL32.DLL (0x7fffb9060000)
        KERNELBASE.dll => /cygdrive/c/WINDOWS/System32/KERNELBASE.dll (0x7fffb7af0000)

C:\Users\at>set PATH=C:\cygwin\bin;%PATH%

C:\Users\at>C:\cygwin\bin\ldd C:/cygwin/usr/sbin/ssh-sk-helper.exe
        ntdll.dll => /cygdrive/c/WINDOWS/SYSTEM32/ntdll.dll (0x7fffb9ed0000)
        KERNEL32.DLL => /cygdrive/c/WINDOWS/System32/KERNEL32.DLL (0x7fffb9060000)
        KERNELBASE.dll => /cygdrive/c/WINDOWS/System32/KERNELBASE.dll (0x7fffb7af0000)
        cygcrypto-1.1.dll => /usr/bin/cygcrypto-1.1.dll (0x3ff5c0000)
        cygwin1.dll => /usr/bin/cygwin1.dll (0x180040000)
        cygfido2-1.dll => /usr/bin/cygfido2-1.dll (0x3ff0a0000)
        SETUPAPI.dll => /cygdrive/c/WINDOWS/System32/SETUPAPI.dll (0x7fffb9550000)
        msvcrt.dll => /cygdrive/c/WINDOWS/System32/msvcrt.dll (0x7fffb9df0000)
        cygz.dll => /usr/bin/cygz.dll (0x3fbf90000)
        cfgmgr32.dll => /cygdrive/c/WINDOWS/System32/cfgmgr32.dll (0x7fffb7620000)
        ucrtbase.dll => /cygdrive/c/WINDOWS/System32/ucrtbase.dll (0x7fffb76d0000)
        cyggcc_s-seh-1.dll => /usr/bin/cyggcc_s-seh-1.dll (0x3feed0000)
        cygcbor-0.dll => /usr/bin/cygcbor-0.dll (0x3ffb30000)
        HID.DLL => /cygdrive/c/WINDOWS/SYSTEM32/HID.DLL (0x7fffb5e80000)
        RPCRT4.dll => /cygdrive/c/WINDOWS/System32/RPCRT4.dll (0x7fffb9290000)
        bcrypt.dll => /cygdrive/c/WINDOWS/System32/bcrypt.dll (0x7fffb7e60000)