search

wez / wezterm

A GPU-accelerated cross-platform terminal emulator and multiplexer written by @wez and implemented in Rust
https://wezfurlong.org/wezterm/
Other
18.09k stars 808 forks source link

Ssh with Certificate Authentication #2985

Open accidentaldevelopment opened 1 year ago

accidentaldevelopment commented 1 year ago

What Operating System(s) are you seeing this problem on?

macOS

Which Wayland compositor or X11 Window manager(s) are you using?

No response

WezTerm version

20230119-104405-60922b9e

Did you try the latest nightly build to see if the issue is better (or worse!) than your current version?

Yes, and I updated the version box above to show the version of the nightly that I tried

Describe the bug

western ssh does not seem to work with ssh certificates. It looks like the certificate isn't being offered or checked for.

To Reproduce

  1. Create an ssh certificate. Instructions are pretty prevalent online, but here's one article explaining the process.
  2. Ssh to a remote that has a CA configured (instructions to setup the server are in the above link as well). No specific configuration is needed: wezterm -n ssh -v $REMOTE.

Configuration

No config

Expected Behavior

A successful login to the remote server. The server handles authorization(s) based on the certificate, so nothing more needs to happen in wezterm.

Logs

17:25:09.202  INFO   libssh::ssh_config_parse_file > Reading configuration data from /Users/user/.ssh/config
17:25:09.202  INFO   libssh::ssh_config_parse_line > Unsupported option: AddKeysToAgent, line: 2
17:25:09.202  INFO   libssh::ssh_config_parse_line > Unsupported option: ForwardAgent, line: 11
17:25:09.202  INFO   libssh::ssh_config_parse_line > Unsupported option: ForwardAgent, line: 14
17:25:09.202  INFO   libssh::ssh_config_parse_file > Reading configuration data from /etc/ssh/ssh_config
17:25:09.202  INFO   libssh::local_parse_file      > Cannot find file /etc/ssh/ssh_config.d/* to load
17:25:09.202  INFO   libssh::ssh_config_parse_line > Unapplicable option: SendEnv, line: 55
17:25:09.204  INFO   wezterm_ssh::sessioninner     > resolved server:22 -> 192.168.1.100:22
17:25:09.208  INFO   libssh::ssh_connect           > libssh 0.8.90 (c) 2003-2021 Aris Adamantiadis, Andreas Schneider and libssh contributors. Distributed under the LGPL, please refer to COPYING file for information about your rights, using threading threads_pthread
17:25:09.208  INFO   libssh::ssh_connect           > Socket connecting, now waiting for the callbacks to work
17:25:09.208  INFO   libssh::ssh_connect           > Actual timeout : 10000
17:25:09.208  INFO   libssh::ssh_socket_pollcallback > Received POLLOUT in connecting state
17:25:09.208  INFO   libssh::socket_callback_connected > Socket connection callback: 1 (0)
17:25:09.208  INFO   libssh::ssh_socket_unbuffered_write > Enabling POLLOUT for socket
17:25:09.224  INFO   libssh::callback_receive_banner     > Received banner: SSH-2.0-OpenSSH_9.1
17:25:09.224  INFO   libssh::ssh_client_connection_callback > SSH server banner: SSH-2.0-OpenSSH_9.1
17:25:09.224  INFO   libssh::ssh_analyze_banner             > Analyzing banner: SSH-2.0-OpenSSH_9.1
17:25:09.224  INFO   libssh::ssh_analyze_banner             > We are talking to an OpenSSH server version: 9.1 (90100)
17:25:09.228  INFO   libssh::ssh_client_select_hostkeys     > Order of wanted host keys: "ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256"
17:25:09.228  INFO   libssh::ssh_key_cmp                    > key types don't match!
17:25:09.228  INFO   libssh::ssh_key_cmp                    > key types don't match!
17:25:09.228  INFO   libssh::ssh_key_cmp                    > key types don't match!
17:25:09.228  INFO   libssh::ssh_known_hosts_read_entries   > Failed to open the known_hosts file '/etc/ssh/ssh_known_hosts': No such file or directory
17:25:09.228  INFO   libssh::ssh_client_select_hostkeys     > Algorithms found in known_hosts files: "ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256"
17:25:09.228  INFO   libssh::ssh_client_select_hostkeys     > Changing host key method to "ssh-ed25519,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384"
17:25:09.228  INFO   libssh::ssh_socket_unbuffered_write    > Enabling POLLOUT for socket
17:25:09.228  INFO   libssh::packet_send2                   > packet: wrote [type=20, len=812, padding_size=11, comp=800, payload=800]
17:25:09.228  INFO   libssh::ssh_send_kex                   > SSH_MSG_KEXINIT sent
17:25:09.228  INFO   libssh::ssh_packet_socket_callback     > packet: read type 20 [len=1076,padding=7,comp=1068,payload=1068]
17:25:09.228  INFO   libssh::ssh_packet_process             > Dispatching handler for packet type 20
17:25:09.229  INFO   libssh::ssh_kex_select_methods         > Negotiated curve25519-sha256,ssh-ed25519,chacha20-poly1305@openssh.com,chacha20-poly1305@openssh.com,aead-poly1305,aead-poly1305,none,none,,
17:25:09.232  INFO   libssh::packet_send2                   > packet: wrote [type=30, len=44, padding_size=6, comp=37, payload=37]
17:25:09.232  INFO   libssh::ssh_socket_unbuffered_write    > Enabling POLLOUT for socket
17:25:09.284  INFO   libssh::ssh_packet_socket_callback     > packet: read type 31 [len=188,padding=8,comp=179,payload=179]
17:25:09.284  INFO   libssh::ssh_packet_process             > Dispatching handler for packet type 31
17:25:09.288  INFO   libssh::ssh_socket_unbuffered_write    > Enabling POLLOUT for socket
17:25:09.288  INFO   libssh::packet_send2                   > packet: wrote [type=21, len=12, padding_size=10, comp=1, payload=1]
17:25:09.288  INFO   libssh::crypt_set_algorithms2          > Set output algorithm to chacha20-poly1305@openssh.com
17:25:09.289  INFO   libssh::crypt_set_algorithms2          > Set HMAC output algorithm to aead-poly1305
17:25:09.289  INFO   libssh::crypt_set_algorithms2          > Set input algorithm to chacha20-poly1305@openssh.com
17:25:09.289  INFO   libssh::crypt_set_algorithms2          > Set HMAC input algorithm to aead-poly1305
17:25:09.289  INFO   libssh::ssh_init_rekey_state           > Set rekey after 134217728 blocks
17:25:09.289  INFO   libssh::ssh_init_rekey_state           > Set rekey after 134217728 blocks
17:25:09.289  INFO   libssh::ssh_packet_client_curve25519_reply > SSH_MSG_NEWKEYS sent
17:25:09.289  INFO   libssh::ssh_packet_socket_callback         > Processing 332 bytes left in socket buffer
17:25:09.289  INFO   libssh::ssh_packet_socket_callback         > packet: read type 21 [len=12,padding=10,comp=1,payload=1]
17:25:09.289  INFO   libssh::ssh_packet_process                 > Dispatching handler for packet type 21
17:25:09.289  INFO   libssh::ssh_packet_newkeys                 > Received SSH_MSG_NEWKEYS
17:25:09.297  INFO   libssh::ssh_packet_newkeys                 > Signature verified and valid
17:25:09.297  INFO   libssh::ssh_packet_socket_callback         > Processing 316 bytes left in socket buffer
17:25:09.297  INFO   libssh::ssh_packet_socket_callback         > packet: read type 7 [len=296,padding=8,comp=287,payload=287]
17:25:09.297  INFO   libssh::ssh_packet_process                 > Dispatching handler for packet type 7
17:25:09.297  INFO   libssh::ssh_packet_ext_info                > Received SSH_MSG_EXT_INFO
17:25:09.297  INFO   libssh::ssh_packet_ext_info                > Follows 2 extensions
17:25:09.297  INFO   libssh::ssh_packet_ext_info                > Extension: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>
17:25:09.297  INFO   libssh::ssh_connect                        > current state : 7
17:25:09.297  INFO   libssh::ssh_key_cmp                        > key types don't match!
17:25:09.297  INFO   libssh::ssh_key_cmp                        > key types don't match!
17:25:09.298  INFO   libssh::ssh_key_cmp                        > key types don't match!
17:25:09.298  INFO   libssh::packet_send2                       > packet: wrote [type=5, len=24, padding_size=6, comp=17, payload=17]
17:25:09.298  INFO   libssh::ssh_service_request                > Sent SSH_MSG_SERVICE_REQUEST (service ssh-userauth)
17:25:09.298  INFO   libssh::ssh_socket_unbuffered_write        > Enabling POLLOUT for socket
17:25:09.337  INFO   libssh::ssh_packet_socket_callback         > packet: read type 6 [len=24,padding=6,comp=17,payload=17]
17:25:09.337  INFO   libssh::ssh_packet_process                 > Dispatching handler for packet type 6
17:25:09.337  INFO   libssh::ssh_packet_service_accept          > Received SSH_MSG_SERVICE_ACCEPT
17:25:09.337  INFO   libssh::ssh_socket_unbuffered_write        > Enabling POLLOUT for socket
17:25:09.337  INFO   libssh::packet_send2                       > packet: wrote [type=50, len=48, padding_size=11, comp=36, payload=36]
17:25:09.348  INFO   libssh::ssh_packet_socket_callback         > packet: read type 51 [len=32,padding=7,comp=24,payload=24]
17:25:09.348  INFO   libssh::ssh_packet_process                 > Dispatching handler for packet type 51
17:25:09.348  INFO   libssh::ssh_packet_userauth_failure        > Access denied for 'none'. Authentication that can continue: publickey,password
17:25:09.349  INFO   libssh::ssh_packet_userauth_failure        > Access denied for 'none'. Authentication that can continue: publickey,password
17:25:09.372  INFO   libssh::ssh_agent_get_ident_count          > Answer type: 12, expected answer: 12
17:25:09.372  INFO   libssh::ssh_agent_get_ident_count          > Agent count: 4
17:25:09.372  INFO   libssh::ssh_userauth_agent                 > Trying identity Test SSH Key
17:25:09.372  INFO   libssh::ssh_key_algorithm_allowed          > Checking ssh-ed25519 with list <ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256>
17:25:09.372  INFO   libssh::ssh_socket_unbuffered_write        > Enabling POLLOUT for socket
17:25:09.372  INFO   libssh::packet_send2                       > packet: wrote [type=50, len=120, padding_size=7, comp=112, payload=112]
17:25:09.382  INFO   libssh::ssh_packet_socket_callback         > packet: read type 51 [len=32,padding=7,comp=24,payload=24]
17:25:09.383  INFO   libssh::ssh_packet_process                 > Dispatching handler for packet type 51
17:25:09.383  INFO   libssh::ssh_packet_userauth_failure        > Access denied for 'publickey'. Authentication that can continue: publickey,password
17:25:09.383  INFO   libssh::ssh_packet_userauth_failure        > Access denied for 'publickey'. Authentication that can continue: publickey,password
17:25:09.383  INFO   libssh::ssh_userauth_agent                 > Public key of Test SSH Key refused by server
17:25:09.383  INFO   libssh::ssh_userauth_agent                 > Trying identity SSH Key
17:25:09.383  INFO   libssh::ssh_key_algorithm_allowed          > Checking ssh-ed25519 with list <ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256>
17:25:09.383  INFO   libssh::ssh_socket_unbuffered_write        > Enabling POLLOUT for socket
17:25:09.383  INFO   libssh::packet_send2                       > packet: wrote [type=50, len=120, padding_size=7, comp=112, payload=112]
17:25:09.394  INFO   libssh::ssh_packet_socket_callback         > packet: read type 51 [len=32,padding=7,comp=24,payload=24]
17:25:09.394  INFO   libssh::ssh_packet_process                 > Dispatching handler for packet type 51
17:25:09.394  INFO   libssh::ssh_packet_userauth_failure        > Access denied for 'publickey'. Authentication that can continue: publickey,password
17:25:09.394  INFO   libssh::ssh_packet_userauth_failure        > Access denied for 'publickey'. Authentication that can continue: publickey,password
17:25:09.394  INFO   libssh::ssh_userauth_agent                 > Public key of SSH Key refused by server
17:25:09.394  INFO   libssh::ssh_userauth_agent                 > Trying identity Test RSA Key
17:25:09.394  INFO   libssh::ssh_key_algorithm_allowed          > Checking rsa-sha2-512 with list <ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256>
17:25:09.394  INFO   libssh::ssh_key_algorithm_allowed          > Checking rsa-sha2-512 with list <ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256>
17:25:09.394  INFO   libssh::ssh_socket_unbuffered_write        > Enabling POLLOUT for socket
17:25:09.394  INFO   libssh::packet_send2                       > packet: wrote [type=50, len=608, padding_size=10, comp=597, payload=597]
17:25:09.405  INFO   libssh::ssh_packet_socket_callback         > packet: read type 51 [len=32,padding=7,comp=24,payload=24]
17:25:09.405  INFO   libssh::ssh_packet_process                 > Dispatching handler for packet type 51
17:25:09.405  INFO   libssh::ssh_packet_userauth_failure        > Access denied for 'publickey'. Authentication that can continue: publickey,password
17:25:09.405  INFO   libssh::ssh_packet_userauth_failure        > Access denied for 'publickey'. Authentication that can continue: publickey,password
17:25:09.405  INFO   libssh::ssh_userauth_agent                 > Public key of Test RSA Key refused by server
17:25:09.406  INFO   libssh::ssh_userauth_agent                 > Trying identity SSH Key
17:25:09.406  INFO   libssh::ssh_key_algorithm_allowed          > Checking ssh-ed25519 with list <ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256>
17:25:09.406  INFO   libssh::ssh_socket_unbuffered_write        > Enabling POLLOUT for socket
17:25:09.406  INFO   libssh::packet_send2                       > packet: wrote [type=50, len=120, padding_size=7, comp=112, payload=112]
17:25:09.416  INFO   libssh::ssh_packet_socket_callback         > packet: read type 51 [len=32,padding=7,comp=24,payload=24]
17:25:09.416  INFO   libssh::ssh_packet_process                 > Dispatching handler for packet type 51
17:25:09.416  INFO   libssh::ssh_packet_userauth_failure        > Access denied for 'publickey'. Authentication that can continue: publickey,password
17:25:09.416  INFO   libssh::ssh_packet_userauth_failure        > Access denied for 'publickey'. Authentication that can continue: publickey,password
17:25:09.416  INFO   libssh::ssh_userauth_agent                 > Public key of SSH Key refused by server
17:25:09.416  INFO   libssh::ssh_userauth_publickey_auto        > Trying to authenticate with /Users/user/.ssh/id_rsa
17:25:09.417  INFO   libssh::ssh_pki_import_pubkey_file         > Error opening /Users/user/.ssh/id_rsa.pub: No such file or directory
17:25:09.417  INFO   libssh::ssh_pki_import_privkey_file        > Error opening /Users/user/.ssh/id_rsa: No such file or directory
17:25:09.417  INFO   libssh::ssh_userauth_publickey_auto        > Private key /Users/user/.ssh/id_rsa doesn't exist.
17:25:09.417  INFO   libssh::ssh_userauth_publickey_auto        > Trying to authenticate with /Users/user/.ssh/id_ed25519
17:25:09.417  INFO   libssh::ssh_pki_import_pubkey_file         > Error opening /Users/user/.ssh/id_ed25519.pub: No such file or directory
17:25:09.417  INFO   libssh::ssh_pki_import_privkey_file        > Error opening /Users/user/.ssh/id_ed25519: No such file or directory
17:25:09.417  INFO   libssh::ssh_userauth_publickey_auto        > Private key /Users/user/.ssh/id_ed25519 doesn't exist.
17:25:09.417  INFO   libssh::ssh_userauth_publickey_auto        > Trying to authenticate with /Users/user/.ssh/id_ecdsa
17:25:09.417  INFO   libssh::ssh_pki_import_pubkey_file         > Error opening /Users/user/.ssh/id_ecdsa.pub: No such file or directory
17:25:09.417  INFO   libssh::ssh_pki_import_privkey_file        > Error opening /Users/user/.ssh/id_ecdsa: No such file or directory
17:25:09.417  INFO   libssh::ssh_userauth_publickey_auto        > Private key /Users/user/.ssh/id_ecdsa doesn't exist.
17:25:09.417  INFO   libssh::ssh_userauth_publickey_auto        > Trying to authenticate with /Users/user/.ssh/id_dsa
17:25:09.417  INFO   libssh::ssh_pki_import_pubkey_file         > Error opening /Users/user/.ssh/id_dsa.pub: No such file or directory
17:25:09.417  INFO   libssh::ssh_pki_import_privkey_file        > Error opening /Users/user/.ssh/id_dsa: No such file or directory
17:25:09.417  INFO   libssh::ssh_userauth_publickey_auto        > Private key /Users/user/.ssh/id_dsa doesn't exist.
17:25:09.417  INFO   libssh::ssh_userauth_publickey_auto        > Trying to authenticate with /Users/user/.ssh/id_ed25519
17:25:09.417  INFO   libssh::ssh_pki_import_pubkey_file         > Error opening /Users/user/.ssh/id_ed25519.pub: No such file or directory
17:25:09.417  INFO   libssh::ssh_pki_import_privkey_file        > Error opening /Users/user/.ssh/id_ed25519: No such file or directory
17:25:09.418  INFO   libssh::ssh_userauth_publickey_auto        > Private key /Users/user/.ssh/id_ed25519 doesn't exist.
17:25:09.418  INFO   libssh::ssh_userauth_publickey_auto        > Trying to authenticate with /Users/user/.ssh/id_ecdsa
17:25:09.418  INFO   libssh::ssh_pki_import_pubkey_file         > Error opening /Users/user/.ssh/id_ecdsa.pub: No such file or directory
17:25:09.418  INFO   libssh::ssh_pki_import_privkey_file        > Error opening /Users/user/.ssh/id_ecdsa: No such file or directory
17:25:09.418  INFO   libssh::ssh_userauth_publickey_auto        > Private key /Users/user/.ssh/id_ecdsa doesn't exist.
17:25:09.418  INFO   libssh::ssh_userauth_publickey_auto        > Trying to authenticate with /Users/user/.ssh/id_rsa
17:25:09.418  INFO   libssh::ssh_pki_import_pubkey_file         > Error opening /Users/user/.ssh/id_rsa.pub: No such file or directory
17:25:09.418  INFO   libssh::ssh_pki_import_privkey_file        > Error opening /Users/user/.ssh/id_rsa: No such file or directory
17:25:09.418  INFO   libssh::ssh_userauth_publickey_auto        > Private key /Users/user/.ssh/id_rsa doesn't exist.
17:25:09.418  INFO   libssh::ssh_userauth_publickey_auto        > Trying to authenticate with /Users/user/.ssh/id_dsa
17:25:09.418  INFO   libssh::ssh_pki_import_pubkey_file         > Error opening /Users/user/.ssh/id_dsa.pub: No such file or directory
17:25:09.418  INFO   libssh::ssh_pki_import_privkey_file        > Error opening /Users/user/.ssh/id_dsa: No such file or directory
17:25:09.418  INFO   libssh::ssh_userauth_publickey_auto        > Private key /Users/user/.ssh/id_dsa doesn't exist.
17:25:09.418  INFO   libssh::ssh_userauth_publickey_auto        > Tried every public key, none matched

Anything else?

I have no public or private key files in my ~/.ssh. The standard (on macOS) ssh client works just fine. If I put my public key back in the directory then everything works as expected with wezterm, so this seems to be related to just certificates.

I also tried the CertificateFile ssh option. It wasn't listed as supported in the docs, but I tried it anyway. It did not affect the results.

Lenbok commented 1 year ago

The built-in ssh seems fairly limited in what it supports from your ssh config. See https://wezfurlong.org/wezterm/ssh.html From what I can see you would need it to support TrustedUserCAKeys (assuming the underlying library supports it). (edit: misread OPs linked article)

If you have a limited set of hosts, you might consider using remote domains. While the built-in ssh domain support has the same issue, you can create a unix domain that uses system ssh to connect a proxy, and so that supports whatever your system ssh can do (I use it for enabling port and X11 forwarding for example). See https://github.com/wez/wezterm/issues/1846#issuecomment-1094123557

wez commented 1 year ago

Where are your certificate files stored? Are they in the .ssh directory? What are they named? Does your ssh config specify their name/location?

From the debug logs you shared it looks like a lot of standard paths are tried based on the default IdentityFile config, which only includes .ssh/id_dsa, .ssh/id_ecdsa, .ssh/id_ed25519 and .ssh/id_rsa. Can you try explicitly setting that to have the path to your cert?

accidentaldevelopment commented 1 year ago

Where are your certificate files stored? Are they in the .ssh directory? What are they named?

~/.ssh/id_ed25519-cert.pub

Does your ssh config specify their name/location?

It does not

From the debug logs you shared it looks like a lot of standard paths are tried based on the default IdentityFile config, which only includes .ssh/id_dsa, .ssh/id_ecdsa, .ssh/id_ed25519 and .ssh/id_rsa. Can you try explicitly setting that to have the path to your cert?

I don't currently have IdentityFile set. The equivalent cert option is CertificateFile. Based on the docs, that isn't supported, but I have tried using both and the result is the same. The path above is one of the defaults for CertificateFile though, so I think it should work as long as the underlying ssh lib knows to offers certs. My private key is kept in the agent, but I tried putting it in ~/.ssh to see if that helped and it does not.

wez commented 1 year ago

I'd suggest asking the libssh folks for assistance on configuring this; I'd be happy to adjust wezterm's integration based on what you find out from them.

ashvinnihalani commented 1 year ago

Took a look at this, seems like wez is incorrectly determining that cert based authenticate as public key authentication. There is an example in the libssh repo on how to do cert based authentication: https://gitlab.com/libssh/libssh-mirror/-/blob/master/tests/client/torture_auth.c#L834

Zerorigin commented 4 months ago

Any plan to support "Certificate based Authentication"? (It's not "Public Key Authentication".)

Ref.: https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Certificate-based_Authentication

thomas-ross-aws commented 3 weeks ago

I think libssh 0.11 should support this automatically: https://www.libssh.org/2024/08/08/libssh-0-11-0-release/