Ubuntu
libssh2 package

eoan, libssh2 1.8.0-2.1build1: postponed key auth error

Bug #1875167 reported by Artyom V. Poptsov
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libssh2 (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

* My system

-----------------8<---------------------------------------------------
$ lsb_release -rd
Description: Ubuntu 19.10
Release: 19.10
-----------------8<---------------------------------------------------

* Package version

-----------------8<---------------------------------------------------
$ apt-cache policy libssh2-1
libssh2-1:
  Installed: 1.8.0-2.1build1
  Candidate: 1.8.0-2.1build1
  Version table:
 *** 1.8.0-2.1build1 500
        500 http://ru.archive.ubuntu.com/ubuntu eoan/universe amd64 Packages
        100 /var/lib/dpkg/status
-----------------8<---------------------------------------------------

* Expected behaviour
'php-ssh2' that depends on 'libssh2' authenticates with public key successfully with OpenSSH server.

* Actual behaviour
'php-ssh2' fails to authenticate with OpenSSH server using RSA public key. When used with manually compiled 'libssh2' with OpenSSL, authentication works fine.

* Problem description

I found that when 'php-ssh2' is used with 'libssh2 1.8.0-2.1build1' it fails to authenticate with an OpenSSH server.

Here's my test code:
-----------------8<---------------------------------------------------
<?php

$ssh_connection = ssh2_connect("localhost", "22");

ssh2_auth_pubkey_file($ssh_connection, "avp",
                      "./test-key.pub",
                      "./test-key");

?>
-----------------8<---------------------------------------------------

When I try to run the code, it exists with the following error:
-----------------8<---------------------------------------------------
PHP Warning: ssh2_auth_pubkey_file(): Authentication failed for avp using public key: Callback returned error [...]
-----------------8<---------------------------------------------------

The error I see in the sshd logs is the following:
-----------------8<---------------------------------------------------
апр 26 11:38:43 desktop sshd[12466]: debug1: no match: libssh2_1.8.0 PHP
[...]
апр 26 11:38:44 desktop sshd[12466]: debug3: mm_answer_keyallowed: publickey authentication test: ED25519 key is allowed
апр 26 11:38:44 desktop sshd[12466]: debug3: mm_request_send entering: type 23
апр 26 11:38:44 desktop sshd[12466]: debug3: send packet: type 60 [preauth]
апр 26 11:38:44 desktop sshd[12466]: debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 [preauth]
апр 26 11:38:44 desktop sshd[12466]: debug3: user_specific_delay: user specific delay 0.000ms [preauth]
апр 26 11:38:44 desktop sshd[12466]: debug3: ensure_minimum_time_since: elapsed 7.440ms, delaying 1.005ms (requested 8.445ms) [preauth]
апр 26 11:38:44 desktop sshd[12466]: Postponed publickey for avp from 127.0.0.1 port 39858 ssh2 [preauth]
апр 26 11:38:44 desktop sshd[12466]: debug3: receive packet: type 1 [preauth]
апр 26 11:38:44 desktop sshd[12466]: Received disconnect from 127.0.0.1 port 39858:11: PECL/ssh2 (http://pecl.php.net/packages/ssh2) [preauth]
-----------------8<---------------------------------------------------

To trace down the error, I downloaded 'php-ssh2' sources, added some debug traces, built it and tried to run my test code again. It turns out that 'libssh2_userauth_publickey_fromfile_ex' from 'libssh2' returns code -19 (LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED).

After some investigation I tried to build different versions of 'libssh2' from sources. It turned out that when I build 'libssh' version 1.9.0 with OpenSSH, the errors are gone:
-----------------8<---------------------------------------------------
$ git clone https://github.com/libssh2/libssh2.git
$ cd libssh2
$ git checkout libssh2-1.9.0
$ mkdir build
$ cd build
$ cmake -DBUILD_SHARED_LIBS=ON -DCRYPTO_BACKEND=OpenSSL ../
$ make -j4
-----------------8<---------------------------------------------------

On the other hand, when I build 'libssh2' versions 1.8.0, 1.8.1, 1.8.2 from sources with OpenSSL, I see the "Postponed publickey" error again.

Furthermore, if I try to use 1.9.0 with Libgcrypt, I see the error too.

My conclusion is that 'php-ssh2' in Ubuntu 19.10 does not work properly with the default packaged version of 'libssh2' (and probably other packages that depend on 'libssh2' as well.)

If I missed something, please feel free to correct me.

Thanks.

See original description
Artyom V. Poptsov (avvp)
description: updated
Revision history for this message
Simon Chopin (schopin) wrote :

Hi,

Do you still see this issue in supported series, e.g. Focal (20.04) ?

Changed in libssh2 (Ubuntu):
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for libssh2 (Ubuntu) because there has been no activity for 60 days.]

Changed in libssh2 (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.