Skip to content

Cannot perform ssh public key authentication from codeserver terminal. #3189

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
penM000 opened this issue Apr 22, 2021 · 8 comments
Closed

Cannot perform ssh public key authentication from codeserver terminal. #3189

penM000 opened this issue Apr 22, 2021 · 8 comments
Labels
enhancement Some improvement that isn't a feature
Milestone
On Deck

Comments

@penM000
Copy link

penM000 commented Apr 22, 2021

OS/Web Information

  • Web Browser:Google Chrome 90.0.4430.85(Official Build)
  • Local OS: Windows10 20H2 (19042.928)
  • Remote OS: Debian GNU/Linux 10 (buster)
  • Remote Architecture: Linux server1 4.19.0-16-amd64 terminal becomes unresponsive after socket disconnect #1 SMP Debian 4.19.181-1 (2021-03-19) x86_64 GNU/Linux
  • code-server --version: 3.9.3 fe2dc2d

Steps to Reproduce

1.Execute ssh -T github.
2.An error will be displayed.

sign_and_send_pubkey: signing failed: agent refused operation
[email protected]: Permission denied (publickey).

Expected

Expect to get a response like ssh or COCKPIT(WEBSHELL) as follows

Enter passphrase for key '/home/server/.ssh/id_rsa': 
Hi penM000! You've successfully authenticated, but GitHub does not provide shell access.

Solution

It works properly by discarding the environment variables as follows.

server@server1:~$ ssh -T github
sign_and_send_pubkey: signing failed: agent refused operation
[email protected]: Permission denied (publickey).
server@server1:~$ sudo -E -u `whoami`  ssh -T github
sign_and_send_pubkey: signing failed: agent refused operation
[email protected]: Permission denied (publickey).
server@server1:~$ sudo -u `whoami`  ssh -T github
Enter passphrase for key '/home/server/.ssh/id_rsa': 
Hi penM000! You've successfully authenticated, but GitHub does not provide shell access.

or

server@server1:~$ sudo su root
root@server1:/home/server# su server
server@server1:~$ ssh -T github
Enter passphrase for key '/home/server/.ssh/id_rsa': 
Hi penM000! You've successfully authenticated, but GitHub does not provide shell access.
@code-asher
Copy link
Member

code-asher commented Apr 22, 2021
edited
Loading

I suppose it must be failing to ask for the password. Have you configured it to use some other method of pinentry?

I was unable to reproduce with this:

  1. docker run -p 8080:8080 codercom/code-server
  2. Browse to localhost:8080
  3. Open terminal
  4. Run ssh-keygen and enter a password
  5. Add key to github.com
  6. ssh -T [email protected]
  7. It asks for the password
  8. Success

@jsjoeio jsjoeio added the waiting-for-info Waiting for more information from submitter label Apr 22, 2021
@penM000
Copy link
Author

penM000 commented Apr 23, 2021

The problem is that it doesn't even go to the state of entering a password. Therefore, we believe that the private key is not being loaded.
This problem occurred after updating codeserver from 3.8.0 and below to 3.9.3.

@penM000
Copy link
Author

penM000 commented Apr 23, 2021

2021-04-23.09-35-21.mp4

@code-asher
Copy link
Member

Are you using ssh-agent? If the SSH_AUTH_SOCK environment variable exists then unsetting it might cause it to ask for the password normally. Something like:

SSH_AUTH_SOCK= ssh -T github

If that doesn't help then using ssh -vvv might reveal more information.

@penM000
Copy link
Author

penM000 commented Apr 24, 2021

As you mentioned, I made sure that the ssh-agent command was available.
I also confirmed that SSH_AUTH_SOCK exists only on codeserver, as shown below.

ssh shell

server@server1:~$ env | grep SSH
SSH_CONNECTION=ip_address 51240 ip_address 22
SSH_CLIENT=ip_address 22
SSH_TTY=/dev/pts/4

code server shell

server@server1:~$ env | grep SSH
SSH_AUTH_SOCK=/run/user/1000/keyring/ssh
SSH_AGENT_PID=6733

By deleting SSH_AUTH_SOCK in codeserver's shell, it worked fine.
I wrote unset in the bashrc, and the codeserver shell was restored.
Thank you very much for your advice!

server@server1:~$ ssh -T github
sign_and_send_pubkey: signing failed: agent refused operation
[email protected]: Permission denied (publickey).
server@server1:~$ unset SSH_AUTH_SOCK
server@server1:~$ ssh -T github
Enter passphrase for key '/home/server/.ssh/id_rsa': 
Hi penM000! You've successfully authenticated, but GitHub does not provide shell access.

@code-asher
Copy link
Member

Hurrah! ssh-agent is probably trying to use a graphical pinentry which of course won't work on the terminal.

I'm not sure if there's anything we can do on our end to fix it but it would be cool if we could make ssh-agent ask for the passphrase through VS Code.

@code-asher code-asher added enhancement Some improvement that isn't a feature and removed waiting-for-info Waiting for more information from submitter labels Apr 26, 2021
@jsjoeio jsjoeio added this to the On Deck milestone Apr 29, 2021
@stale
Copy link

stale bot commented Oct 27, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no activity occurs in the next 5 days.

@stale stale bot added the stale label Oct 27, 2021
@stale stale bot closed this as completed Nov 2, 2021
@Bryce-huang
Copy link

chmod 600 your_private_key, it fixed my problem

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Some improvement that isn't a feature
Projects
None yet
Milestone
On Deck
Development

No branches or pull requests
4 participants
@jsjoeio @penM000 @Bryce-huang @code-asher