Ubuntu
libssh2 package

Bug #1875167
Comment #0

Comment 0 for bug 1875167

Revision history for this message

Artyom V. Poptsov (avvp) wrote on 2020-04-26:

* My system

-----------------8<-------------------------------------------------------------
$ lsb_release -rd
Description: Ubuntu 19.10
Release: 19.10
-----------------8<-------------------------------------------------------------

* Package version

-----------------8<-------------------------------------------------------------
$ apt-cache policy libssh2-1
libssh2-1:
  Installed: 1.8.0-2.1build1
  Candidate: 1.8.0-2.1build1
  Version table:
*** 1.8.0-2.1build1 500
        500 http://ru.archive.ubuntu.com/ubuntu eoan/universe amd64 Packages
        100 /var/lib/dpkg/status
-----------------8<-------------------------------------------------------------

* Expected behaviour
'php-ssh2' that depends on 'libssh2' authenticates with public key successfully with OpenSSH server.

* Actual behaviour
'php-ssh2' fails to authenticate with OpenSSH server using RSA public key. When used with manually compiled 'libssh2' with OpenSSL, authentication works fine.

* Problem description

I found that when 'php-ssh2' is used with 'libssh2 1.8.0-2.1build1' it fails to authenticate with an OpenSSH server.

Here's my test code:
-----------------8<-------------------------------------------------------------
<?php

$ssh_connection = ssh2_connect("localhost", "22");

ssh2_auth_pubkey_file($ssh_connection, "avp",
"./test-key.pub",
"./test-key");

?>
-----------------8<-------------------------------------------------------------

When I try to run the code, it exists with the following error:
-----------------8<-------------------------------------------------------------
PHP Warning: ssh2_auth_pubkey_file(): Authentication failed for avp using public key: Callback returned error [...]
-----------------8<-------------------------------------------------------------

The error I see in the sshd logs is the following:
-----------------8<-------------------------------------------------------------
апр 26 11:38:43 desktop sshd[12466]: debug1: no match: libssh2_1.8.0 PHP
[...]
апр 26 11:38:44 desktop sshd[12466]: debug3: mm_answer_keyallowed: publickey authentication test: ED25519 key is allowed
апр 26 11:38:44 desktop sshd[12466]: debug3: mm_request_send entering: type 23
апр 26 11:38:44 desktop sshd[12466]: debug3: send packet: type 60 [preauth]
апр 26 11:38:44 desktop sshd[12466]: debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 [preauth]
апр 26 11:38:44 desktop sshd[12466]: debug3: user_specific_delay: user specific delay 0.000ms [preauth]
апр 26 11:38:44 desktop sshd[12466]: debug3: ensure_minimum_time_since: elapsed 7.440ms, delaying 1.005ms (requested 8.445ms) [preauth]
апр 26 11:38:44 desktop sshd[12466]: Postponed publickey for avp from 127.0.0.1 port 39858 ssh2 [preauth]
апр 26 11:38:44 desktop sshd[12466]: debug3: receive packet: type 1 [preauth]
апр 26 11:38:44 desktop sshd[12466]: Received disconnect from 127.0.0.1 port 39858:11: PECL/ssh2 (http://pecl.php.net/packages/ssh2) [preauth]
-----------------8<-------------------------------------------------------------

To trace down the error, I downloaded 'php-ssh2' sources, added some debug traces, built it and tried to run my test code again. It turns out that 'libssh2_userauth_publickey_fromfile_ex' from 'libssh2' returns code -19 (LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED).

After some investigation I tried to build different versions of 'libssh2' from sources. It turned out that when I build 'libssh' version 1.9.0 with OpenSSH, the errors are gone:
-----------------8<-------------------------------------------------------------
$ git clone https://github.com/libssh2/libssh2.git
$ cd libssh2
$ git checkout libssh2-1.9.0
$ mkdir build
$ cd build
$ cmake -DBUILD_SHARED_LIBS=ON -DCRYPTO_BACKEND=OpenSSL ../
$ make -j4
-----------------8<-------------------------------------------------------------

On the other hand, when I build 'libssh2' versions 1.8.0, 1.8.1, 1.8.2 from sources with OpenSSL, I see the "Postponed publickey" error again.

Furthermore, if I try to use 1.9.0 with Libgcrypt, I see the error too.

My conclusion is that 'php-ssh2' in Ubuntu 19.10 does not work properly with the default packaged version of 'libssh2' (and probably other packages that depend on 'libssh2' as well.)

If I missed something, please feel free to correct me.

Thanks.

* My system

-----------------8<-------------------------------------------------------------
$ lsb_release -rd
Description:	Ubuntu 19.10
Release:	19.10
-----------------8<-------------------------------------------------------------

* Package version

-----------------8<-------------------------------------------------------------
$ apt-cache policy libssh2-1
libssh2-1:
  Installed: 1.8.0-2.1build1
  Candidate: 1.8.0-2.1build1
  Version table:
 *** 1.8.0-2.1build1 500
        500 http://ru.archive.ubuntu.com/ubuntu eoan/universe amd64 Packages
        100 /var/lib/dpkg/status
-----------------8<-------------------------------------------------------------

* Expected behaviour
'php-ssh2' that depends on 'libssh2' authenticates with public key successfully with OpenSSH server.

* Actual behaviour
'php-ssh2' fails to authenticate with OpenSSH server using RSA public key.  When used with manually compiled 'libssh2' with OpenSSL, authentication works fine.

* Problem description

I found that when 'php-ssh2' is used with 'libssh2 1.8.0-2.1build1' it fails to authenticate with an OpenSSH server.

Here's my test code:
-----------------8<-------------------------------------------------------------
<?php

$ssh_connection = ssh2_connect("localhost", "22");

ssh2_auth_pubkey_file($ssh_connection, "avp",
                      "./test-key.pub",
                      "./test-key");

?>
-----------------8<-------------------------------------------------------------

When I try to run the code, it exists with the following error:
-----------------8<-------------------------------------------------------------
PHP Warning:  ssh2_auth_pubkey_file(): Authentication failed for avp using public key: Callback returned error [...] 
-----------------8<-------------------------------------------------------------

To trace down the error, I downloaded 'php-ssh2' sources, added some debug traces, built it and tried to run my test code again.  It turns out that 'libssh2_userauth_publickey_fromfile_ex' from 'libssh2' returns code -19 (LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED).

After some investigation I tried to build different versions of 'libssh2' from sources.  It turned out that when I build 'libssh' version 1.9.0 with OpenSSH, the errors are gone:
-----------------8<-------------------------------------------------------------
$ git clone https://github.com/libssh2/libssh2.git
$ cd libssh2
$ git checkout libssh2-1.9.0
$ mkdir build
$ cd build
$ cmake -DBUILD_SHARED_LIBS=ON -DCRYPTO_BACKEND=OpenSSL ../
$ make -j4
-----------------8<-------------------------------------------------------------

On the other hand, when I build 'libssh2' versions 1.8.0, 1.8.1, 1.8.2 from sources with OpenSSL, I see the "Postponed publickey" error again.

Furthermore, if I try to use 1.9.0 with Libgcrypt, I see the error too.

My conclusion is that 'php-ssh2' in Ubuntu 19.10 does not work properly with the default packaged version of 'libssh2' (and probably other packages that depend on 'libssh2' as well.)

If I missed something, please feel free to correct me.

Thanks.

Ubuntulibssh2 package

Comment 0 for bug 1875167

Ubuntu
libssh2 package