Public bug reported: * My system
-----------------8<--------------------------------------------------- $ lsb_release -rd Description: Ubuntu 19.10 Release: 19.10 -----------------8<--------------------------------------------------- * Package version -----------------8<--------------------------------------------------- $ apt-cache policy libssh2-1 libssh2-1: Installed: 1.8.0-2.1build1 Candidate: 1.8.0-2.1build1 Version table: *** 1.8.0-2.1build1 500 500 http://ru.archive.ubuntu.com/ubuntu eoan/universe amd64 Packages 100 /var/lib/dpkg/status -----------------8<--------------------------------------------------- * Expected behaviour 'php-ssh2' that depends on 'libssh2' authenticates with public key successfully with OpenSSH server. * Actual behaviour 'php-ssh2' fails to authenticate with OpenSSH server using RSA public key. When used with manually compiled 'libssh2' with OpenSSL, authentication works fine. * Problem description I found that when 'php-ssh2' is used with 'libssh2 1.8.0-2.1build1' it fails to authenticate with an OpenSSH server. Here's my test code: -----------------8<--------------------------------------------------- <?php $ssh_connection = ssh2_connect("localhost", "22"); ssh2_auth_pubkey_file($ssh_connection, "avp", "./test-key.pub", "./test-key"); ?> -----------------8<--------------------------------------------------- When I try to run the code, it exists with the following error: -----------------8<--------------------------------------------------- PHP Warning: ssh2_auth_pubkey_file(): Authentication failed for avp using public key: Callback returned error [...] -----------------8<--------------------------------------------------- The error I see in the sshd logs is the following: -----------------8<--------------------------------------------------- апр 26 11:38:43 desktop sshd[12466]: debug1: no match: libssh2_1.8.0 PHP [...] апр 26 11:38:44 desktop sshd[12466]: debug3: mm_answer_keyallowed: publickey authentication test: ED25519 key is allowed апр 26 11:38:44 desktop sshd[12466]: debug3: mm_request_send entering: type 23 апр 26 11:38:44 desktop sshd[12466]: debug3: send packet: type 60 [preauth] апр 26 11:38:44 desktop sshd[12466]: debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 [preauth] апр 26 11:38:44 desktop sshd[12466]: debug3: user_specific_delay: user specific delay 0.000ms [preauth] апр 26 11:38:44 desktop sshd[12466]: debug3: ensure_minimum_time_since: elapsed 7.440ms, delaying 1.005ms (requested 8.445ms) [preauth] апр 26 11:38:44 desktop sshd[12466]: Postponed publickey for avp from 127.0.0.1 port 39858 ssh2 [preauth] апр 26 11:38:44 desktop sshd[12466]: debug3: receive packet: type 1 [preauth] апр 26 11:38:44 desktop sshd[12466]: Received disconnect from 127.0.0.1 port 39858:11: PECL/ssh2 (http://pecl.php.net/packages/ssh2) [preauth] -----------------8<--------------------------------------------------- To trace down the error, I downloaded 'php-ssh2' sources, added some debug traces, built it and tried to run my test code again. It turns out that 'libssh2_userauth_publickey_fromfile_ex' from 'libssh2' returns code -19 (LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED). After some investigation I tried to build different versions of 'libssh2' from sources. It turned out that when I build 'libssh' version 1.9.0 with OpenSSH, the errors are gone: -----------------8<--------------------------------------------------- $ git clone https://github.com/libssh2/libssh2.git $ cd libssh2 $ git checkout libssh2-1.9.0 $ mkdir build $ cd build $ cmake -DBUILD_SHARED_LIBS=ON -DCRYPTO_BACKEND=OpenSSL ../ $ make -j4 -----------------8<--------------------------------------------------- On the other hand, when I build 'libssh2' versions 1.8.0, 1.8.1, 1.8.2 from sources with OpenSSL, I see the "Postponed publickey" error again. Furthermore, if I try to use 1.9.0 with Libgcrypt, I see the error too. My conclusion is that 'php-ssh2' in Ubuntu 19.10 does not work properly with the default packaged version of 'libssh2' (and probably other packages that depend on 'libssh2' as well.) If I missed something, please feel free to correct me. Thanks. ** Affects: libssh2 (Ubuntu) Importance: Undecided Status: New ** Tags: authentication libssh2 php-ssh2 ** Description changed: * My system - -----------------8<------------------------------------------------------------- + -----------------8<--------------------------------------------------- $ lsb_release -rd Description: Ubuntu 19.10 Release: 19.10 - -----------------8<------------------------------------------------------------- - + -----------------8<--------------------------------------------------- * Package version - -----------------8<------------------------------------------------------------- + -----------------8<--------------------------------------------------- $ apt-cache policy libssh2-1 libssh2-1: - Installed: 1.8.0-2.1build1 - Candidate: 1.8.0-2.1build1 - Version table: - *** 1.8.0-2.1build1 500 - 500 http://ru.archive.ubuntu.com/ubuntu eoan/universe amd64 Packages - 100 /var/lib/dpkg/status - -----------------8<------------------------------------------------------------- + Installed: 1.8.0-2.1build1 + Candidate: 1.8.0-2.1build1 + Version table: + *** 1.8.0-2.1build1 500 + 500 http://ru.archive.ubuntu.com/ubuntu eoan/universe amd64 Packages + 100 /var/lib/dpkg/status + -----------------8<--------------------------------------------------- * Expected behaviour 'php-ssh2' that depends on 'libssh2' authenticates with public key successfully with OpenSSH server. - * Actual behaviour 'php-ssh2' fails to authenticate with OpenSSH server using RSA public key. When used with manually compiled 'libssh2' with OpenSSL, authentication works fine. - * Problem description I found that when 'php-ssh2' is used with 'libssh2 1.8.0-2.1build1' it fails to authenticate with an OpenSSH server. Here's my test code: - -----------------8<------------------------------------------------------------- + -----------------8<--------------------------------------------------- <?php $ssh_connection = ssh2_connect("localhost", "22"); ssh2_auth_pubkey_file($ssh_connection, "avp", - "./test-key.pub", - "./test-key"); + "./test-key.pub", + "./test-key"); ?> - -----------------8<------------------------------------------------------------- + -----------------8<--------------------------------------------------- When I try to run the code, it exists with the following error: - -----------------8<------------------------------------------------------------- - PHP Warning: ssh2_auth_pubkey_file(): Authentication failed for avp using public key: Callback returned error [...] - -----------------8<------------------------------------------------------------- + -----------------8<--------------------------------------------------- + PHP Warning: ssh2_auth_pubkey_file(): Authentication failed for avp using public key: Callback returned error [...] + -----------------8<--------------------------------------------------- The error I see in the sshd logs is the following: - -----------------8<------------------------------------------------------------- + -----------------8<--------------------------------------------------- апр 26 11:38:43 desktop sshd[12466]: debug1: no match: libssh2_1.8.0 PHP [...] апр 26 11:38:44 desktop sshd[12466]: debug3: mm_answer_keyallowed: publickey authentication test: ED25519 key is allowed апр 26 11:38:44 desktop sshd[12466]: debug3: mm_request_send entering: type 23 апр 26 11:38:44 desktop sshd[12466]: debug3: send packet: type 60 [preauth] апр 26 11:38:44 desktop sshd[12466]: debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 [preauth] апр 26 11:38:44 desktop sshd[12466]: debug3: user_specific_delay: user specific delay 0.000ms [preauth] апр 26 11:38:44 desktop sshd[12466]: debug3: ensure_minimum_time_since: elapsed 7.440ms, delaying 1.005ms (requested 8.445ms) [preauth] апр 26 11:38:44 desktop sshd[12466]: Postponed publickey for avp from 127.0.0.1 port 39858 ssh2 [preauth] апр 26 11:38:44 desktop sshd[12466]: debug3: receive packet: type 1 [preauth] апр 26 11:38:44 desktop sshd[12466]: Received disconnect from 127.0.0.1 port 39858:11: PECL/ssh2 (http://pecl.php.net/packages/ssh2) [preauth] - -----------------8<------------------------------------------------------------- + -----------------8<--------------------------------------------------- To trace down the error, I downloaded 'php-ssh2' sources, added some debug traces, built it and tried to run my test code again. It turns out that 'libssh2_userauth_publickey_fromfile_ex' from 'libssh2' returns code -19 (LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED). After some investigation I tried to build different versions of 'libssh2' from sources. It turned out that when I build 'libssh' version 1.9.0 with OpenSSH, the errors are gone: - -----------------8<------------------------------------------------------------- + -----------------8<--------------------------------------------------- $ git clone https://github.com/libssh2/libssh2.git $ cd libssh2 $ git checkout libssh2-1.9.0 $ mkdir build $ cd build $ cmake -DBUILD_SHARED_LIBS=ON -DCRYPTO_BACKEND=OpenSSL ../ $ make -j4 - -----------------8<------------------------------------------------------------- + -----------------8<--------------------------------------------------- On the other hand, when I build 'libssh2' versions 1.8.0, 1.8.1, 1.8.2 from sources with OpenSSL, I see the "Postponed publickey" error again. Furthermore, if I try to use 1.9.0 with Libgcrypt, I see the error too. My conclusion is that 'php-ssh2' in Ubuntu 19.10 does not work properly with the default packaged version of 'libssh2' (and probably other packages that depend on 'libssh2' as well.) If I missed something, please feel free to correct me. Thanks. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1875167 Title: eoan, libssh2 1.8.0-2.1build1: postponed key auth error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libssh2/+bug/1875167/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
