| 2020-04-26 10:53:17 |
Artyom V. Poptsov |
description |
* My system
-----------------8<-------------------------------------------------------------
$ lsb_release -rd
Description: Ubuntu 19.10
Release: 19.10
-----------------8<-------------------------------------------------------------
* Package version
-----------------8<-------------------------------------------------------------
$ apt-cache policy libssh2-1
libssh2-1:
Installed: 1.8.0-2.1build1
Candidate: 1.8.0-2.1build1
Version table:
*** 1.8.0-2.1build1 500
500 http://ru.archive.ubuntu.com/ubuntu eoan/universe amd64 Packages
100 /var/lib/dpkg/status
-----------------8<-------------------------------------------------------------
* Expected behaviour
'php-ssh2' that depends on 'libssh2' authenticates with public key successfully with OpenSSH server.
* Actual behaviour
'php-ssh2' fails to authenticate with OpenSSH server using RSA public key. When used with manually compiled 'libssh2' with OpenSSL, authentication works fine.
* Problem description
I found that when 'php-ssh2' is used with 'libssh2 1.8.0-2.1build1' it fails to authenticate with an OpenSSH server.
Here's my test code:
-----------------8<-------------------------------------------------------------
<?php
$ssh_connection = ssh2_connect("localhost", "22");
ssh2_auth_pubkey_file($ssh_connection, "avp",
"./test-key.pub",
"./test-key");
?>
-----------------8<-------------------------------------------------------------
When I try to run the code, it exists with the following error:
-----------------8<-------------------------------------------------------------
PHP Warning: ssh2_auth_pubkey_file(): Authentication failed for avp using public key: Callback returned error [...]
-----------------8<-------------------------------------------------------------
The error I see in the sshd logs is the following:
-----------------8<-------------------------------------------------------------
апр 26 11:38:43 desktop sshd[12466]: debug1: no match: libssh2_1.8.0 PHP
[...]
апр 26 11:38:44 desktop sshd[12466]: debug3: mm_answer_keyallowed: publickey authentication test: ED25519 key is allowed
апр 26 11:38:44 desktop sshd[12466]: debug3: mm_request_send entering: type 23
апр 26 11:38:44 desktop sshd[12466]: debug3: send packet: type 60 [preauth]
апр 26 11:38:44 desktop sshd[12466]: debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 [preauth]
апр 26 11:38:44 desktop sshd[12466]: debug3: user_specific_delay: user specific delay 0.000ms [preauth]
апр 26 11:38:44 desktop sshd[12466]: debug3: ensure_minimum_time_since: elapsed 7.440ms, delaying 1.005ms (requested 8.445ms) [preauth]
апр 26 11:38:44 desktop sshd[12466]: Postponed publickey for avp from 127.0.0.1 port 39858 ssh2 [preauth]
апр 26 11:38:44 desktop sshd[12466]: debug3: receive packet: type 1 [preauth]
апр 26 11:38:44 desktop sshd[12466]: Received disconnect from 127.0.0.1 port 39858:11: PECL/ssh2 (http://pecl.php.net/packages/ssh2) [preauth]
-----------------8<-------------------------------------------------------------
To trace down the error, I downloaded 'php-ssh2' sources, added some debug traces, built it and tried to run my test code again. It turns out that 'libssh2_userauth_publickey_fromfile_ex' from 'libssh2' returns code -19 (LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED).
After some investigation I tried to build different versions of 'libssh2' from sources. It turned out that when I build 'libssh' version 1.9.0 with OpenSSH, the errors are gone:
-----------------8<-------------------------------------------------------------
$ git clone https://github.com/libssh2/libssh2.git
$ cd libssh2
$ git checkout libssh2-1.9.0
$ mkdir build
$ cd build
$ cmake -DBUILD_SHARED_LIBS=ON -DCRYPTO_BACKEND=OpenSSL ../
$ make -j4
-----------------8<-------------------------------------------------------------
On the other hand, when I build 'libssh2' versions 1.8.0, 1.8.1, 1.8.2 from sources with OpenSSL, I see the "Postponed publickey" error again.
Furthermore, if I try to use 1.9.0 with Libgcrypt, I see the error too.
My conclusion is that 'php-ssh2' in Ubuntu 19.10 does not work properly with the default packaged version of 'libssh2' (and probably other packages that depend on 'libssh2' as well.)
If I missed something, please feel free to correct me.
Thanks. |
* My system
-----------------8<---------------------------------------------------
$ lsb_release -rd
Description: Ubuntu 19.10
Release: 19.10
-----------------8<---------------------------------------------------
* Package version
-----------------8<---------------------------------------------------
$ apt-cache policy libssh2-1
libssh2-1:
Installed: 1.8.0-2.1build1
Candidate: 1.8.0-2.1build1
Version table:
*** 1.8.0-2.1build1 500
500 http://ru.archive.ubuntu.com/ubuntu eoan/universe amd64 Packages
100 /var/lib/dpkg/status
-----------------8<---------------------------------------------------
* Expected behaviour
'php-ssh2' that depends on 'libssh2' authenticates with public key successfully with OpenSSH server.
* Actual behaviour
'php-ssh2' fails to authenticate with OpenSSH server using RSA public key. When used with manually compiled 'libssh2' with OpenSSL, authentication works fine.
* Problem description
I found that when 'php-ssh2' is used with 'libssh2 1.8.0-2.1build1' it fails to authenticate with an OpenSSH server.
Here's my test code:
-----------------8<---------------------------------------------------
<?php
$ssh_connection = ssh2_connect("localhost", "22");
ssh2_auth_pubkey_file($ssh_connection, "avp",
"./test-key.pub",
"./test-key");
?>
-----------------8<---------------------------------------------------
When I try to run the code, it exists with the following error:
-----------------8<---------------------------------------------------
PHP Warning: ssh2_auth_pubkey_file(): Authentication failed for avp using public key: Callback returned error [...]
-----------------8<---------------------------------------------------
The error I see in the sshd logs is the following:
-----------------8<---------------------------------------------------
апр 26 11:38:43 desktop sshd[12466]: debug1: no match: libssh2_1.8.0 PHP
[...]
апр 26 11:38:44 desktop sshd[12466]: debug3: mm_answer_keyallowed: publickey authentication test: ED25519 key is allowed
апр 26 11:38:44 desktop sshd[12466]: debug3: mm_request_send entering: type 23
апр 26 11:38:44 desktop sshd[12466]: debug3: send packet: type 60 [preauth]
апр 26 11:38:44 desktop sshd[12466]: debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 [preauth]
апр 26 11:38:44 desktop sshd[12466]: debug3: user_specific_delay: user specific delay 0.000ms [preauth]
апр 26 11:38:44 desktop sshd[12466]: debug3: ensure_minimum_time_since: elapsed 7.440ms, delaying 1.005ms (requested 8.445ms) [preauth]
апр 26 11:38:44 desktop sshd[12466]: Postponed publickey for avp from 127.0.0.1 port 39858 ssh2 [preauth]
апр 26 11:38:44 desktop sshd[12466]: debug3: receive packet: type 1 [preauth]
апр 26 11:38:44 desktop sshd[12466]: Received disconnect from 127.0.0.1 port 39858:11: PECL/ssh2 (http://pecl.php.net/packages/ssh2) [preauth]
-----------------8<---------------------------------------------------
To trace down the error, I downloaded 'php-ssh2' sources, added some debug traces, built it and tried to run my test code again. It turns out that 'libssh2_userauth_publickey_fromfile_ex' from 'libssh2' returns code -19 (LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED).
After some investigation I tried to build different versions of 'libssh2' from sources. It turned out that when I build 'libssh' version 1.9.0 with OpenSSH, the errors are gone:
-----------------8<---------------------------------------------------
$ git clone https://github.com/libssh2/libssh2.git
$ cd libssh2
$ git checkout libssh2-1.9.0
$ mkdir build
$ cd build
$ cmake -DBUILD_SHARED_LIBS=ON -DCRYPTO_BACKEND=OpenSSL ../
$ make -j4
-----------------8<---------------------------------------------------
On the other hand, when I build 'libssh2' versions 1.8.0, 1.8.1, 1.8.2 from sources with OpenSSL, I see the "Postponed publickey" error again.
Furthermore, if I try to use 1.9.0 with Libgcrypt, I see the error too.
My conclusion is that 'php-ssh2' in Ubuntu 19.10 does not work properly with the default packaged version of 'libssh2' (and probably other packages that depend on 'libssh2' as well.)
If I missed something, please feel free to correct me.
Thanks. |
|
