Page MenuHome GnuPG

OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required)
Closed, ResolvedPublic

Description

Since updating openssh to 8.9p1-1 (on archlinux), I can't authenticate via gpg-agent using a USB hardware token.

gpg-agent shows the pinentry dialog, but then ssh says:
sign_and_send_pubkey: signing failed for ED25519 "cardno:***" from agent: agent refused operation

Downgrading to openssh-8.8p1-1 fixes it.

Updating gnupg from 2.2.32 to 2.2.33 or 2.2.34 (by manually editing the gnupg PKGBUILD since the archlinux version is out of date) and doing "gpgconf --kill gpg-agent", "gpgconf --launch gpg-agent" did not fix it.

I have this in my environment:
SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent.ssh

and enable-ssh-support in ~/.gnupg/gpg-agent.conf
and it has worked fine until now.

I'm guessing from comments on the archlinux bug report that this is related: https://www.openssh.com/agent-restrict.html

I'm reporting here on the assumption that the ABI/API break in openssh's agent API is intended and gnupg needs fixing to handle it (though the breakage on openssh's part clearly sucks for users)!

Details

External Link
https://bugs.archlinux.org/task/74143
Version
2.2.34

Event Timeline

amalon created this object in space S1 Public.
werner added a project: gnupg (gpg23).
werner added a subscriber: werner.

I have not yet tested OpenSSH 9 and thus the patch to master is here just as a test. Please better use gnupg 2.3 (stable) instead of 2.2 (LTS) because it is unlikely that we will backport all this new ssh stuff.

werner lowered the priority of this task from High to Normal.Apr 28 2022, 8:55 AM
werner added a project: Restricted Project.

FYI, I built 2.3.6 using a modified archlinux PKGBUILD (& disabling patches to avoid conflicts), then did:
gpgconf --kill gpg-agent
gpgconf --launch gpg-agent
but ssh still fails as before

Please describe what token is used. For my use cases with rGe8fb8e2b3e66: scd: Don't inhibit SSH authentication for larger data if it can., both of Gnuk (>= 1.2.16) and Yubikey (>= 5) work well.

Its a nitrokey start. I gave it another spin just to make sure, and again when updating to openssh 9.0 and "gpg (GnuPG) 2.3.6-unknown", it fails (again with careful gpgconf --kill gpg-agent etc. Double checked the downloaded source code by arch's makepkg, appears to have that patch applied. Also tried adding -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com to the ssh command, which didn't help.

I don't know what other relevant info about the card i can give. It has ed25519 keys on it.

Nitrokey Start uses Gnuk as its firmware. You need to upgrade its firmware to version 1.2.16 or newer.
Please note that when upgrading the firmware, your keys will be removed.

gniibe edited projects, added Documentation; removed Restricted Project.Jul 12 2022, 3:26 AM

Changed the tags and the title.

gniibe renamed this task from OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token to OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).Jul 12 2022, 3:26 AM
alexk added a subscriber: alexk.

A workaround you can add the following line to ~/.ssh/config or /etc/ssh/ssh_config:

KexAlgorithms -sntrup761x25519-sha512@openssh.com

For me ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com ... does work as well.

In T5931#165009, @alexk wrote:

A workaround you can add the following line to ~/.ssh/config or /etc/ssh/ssh_config:

KexAlgorithms -sntrup761x25519-sha512@openssh.com

For me ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com ... does work as well.

Neither of these options work for me on openssh-9.1p1-3 (archlinux), I've been sticking to 8.8p1-1 since upgrading the firmware is a faff that I haven't got around to.

I tested with openssh 9.1. When I add -o PubkeyAuthentication=unbound, I can make the length of data smaller.

In my cases (tested with 9.1), here are the length of data to be signed by ssh-agent (emulation by gpg-agent).

  • 164 bytes: Both features disabled by: ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com -o PubkeyAuthentication=unbound
  • 192 bytes: Unbound only by: ssh -o PubkeyAuthentication=unbound
  • 298 bytes: No Post Quantum only by: ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com
  • 330 bytes: Both features enabled (no options)
gniibe renamed this task from OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required) to OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).Nov 24 2022, 2:38 AM

Thanks. Adding 'PubkeyAuthentication unbound' to my ~/.ssh/config seems to workaround it for me on openssh-9.1p1-3 (arch). I don't quite follow what the implications of that setting are though.

Implications are... you won't be possible to use new protocols introduced by newer OpenSSH:

  • PubkeyAuthentication: No use of "public-key-hostbound-v00@openssh.com" which is OpenSSH specific extension, but use plain "publickey" authentication
    • With the extension, ssh-agent can see the server's host key when it is asked to generate signature, so, it can reject signing based on the destination.
    • This feature cannot be used when using plain "publickey" authentication

Just a reminder: with Gnuk 1.2.15 and an ed25519 key PubkeyAuthentication unbound is required for hosts using the new feature.

Closed, since this was documentation for the workaround, four years ago.