Page MenuHome GnuPG
Create Task
Maniphest T5931

OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required)
Open, NormalPublic
Actions

Description

Since updating openssh to 8.9p1-1 (on archlinux), I can't authenticate via gpg-agent using a USB hardware token.

gpg-agent shows the pinentry dialog, but then ssh says:
sign_and_send_pubkey: signing failed for ED25519 "cardno:***" from agent: agent refused operation

Downgrading to openssh-8.8p1-1 fixes it.

Updating gnupg from 2.2.32 to 2.2.33 or 2.2.34 (by manually editing the gnupg PKGBUILD since the archlinux version is out of date) and doing "gpgconf --kill gpg-agent", "gpgconf --launch gpg-agent" did not fix it.

I have this in my environment:
SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent.ssh

and enable-ssh-support in ~/.gnupg/gpg-agent.conf
and it has worked fine until now.

I'm guessing from comments on the archlinux bug report that this is related: https://www.openssh.com/agent-restrict.html

I'm reporting here on the assumption that the ABI/API break in openssh's agent API is intended and gnupg needs fixing to handle it (though the breakage on openssh's part clearly sucks for users)!

Details

External Link
https://bugs.archlinux.org/task/74143
Version
2.2.34

Revisions and Commits

rG GnuPG
rG46d62d80a2b8 ssh: Returned faked response for the new session-bind extension.

Related Objects

Event Timeline

amalon created this task.Apr 14 2022, 9:17 AM
amalon created this object in space S1 Public.
werner added a commit: rG46d62d80a2b8: ssh: Returned faked response for the new session-bind extension..Apr 14 2022, 12:33 PM
werner triaged this task as High priority.Apr 14 2022, 12:36 PM
werner added a project: gnupg (gpg23).
werner added a subscriber: werner.

I have not yet tested OpenSSH 9 and thus the patch to master is here just as a test. Please better use gnupg 2.3 (stable) instead of 2.2 (LTS) because it is unlikely that we will backport all this new ssh stuff.

werner mentioned this in T5743: Release GnuPG 2.3.5.Apr 21 2022, 5:59 PM
thesamesam added a subscriber: thesamesam.Apr 25 2022, 6:24 PM
werner lowered the priority of this task from High to Normal.Apr 28 2022, 8:55 AM
werner added a project: Restricted Project.
amalon added a comment.Apr 28 2022, 9:16 AM

FYI, I built 2.3.6 using a modified archlinux PKGBUILD (& disabling patches to avoid conflicts), then did:
gpgconf --kill gpg-agent
gpgconf --launch gpg-agent
but ssh still fails as before

dkg added a subscriber: dkg.Apr 29 2022, 6:24 PM

this looks similar to https://dev.gnupg.org/T5935 and https://bugs.debian.org/1008573

gniibe added a subscriber: gniibe.May 2 2022, 1:53 AM

Please describe what token is used. For my use cases with rGe8fb8e2b3e66: scd: Don't inhibit SSH authentication for larger data if it can., both of Gnuk (>= 1.2.16) and Yubikey (>= 5) work well.

amalon added a comment.May 2 2022, 10:36 PM

Its a nitrokey start. I gave it another spin just to make sure, and again when updating to openssh 9.0 and "gpg (GnuPG) 2.3.6-unknown", it fails (again with careful gpgconf --kill gpg-agent etc. Double checked the downloaded source code by arch's makepkg, appears to have that patch applied. Also tried adding -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com to the ssh command, which didn't help.

I don't know what other relevant info about the card i can give. It has ed25519 keys on it.

gniibe added a comment.May 3 2022, 10:43 AM

Nitrokey Start uses Gnuk as its firmware. You need to upgrade its firmware to version 1.2.16 or newer.
Please note that when upgrading the firmware, your keys will be removed.

gniibe claimed this task.Jun 1 2022, 5:09 AM
gniibe edited projects, added Documentation; removed Restricted Project.Jul 12 2022, 3:26 AM

Changed the tags and the title.

gniibe renamed this task from OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token to OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).Jul 12 2022, 3:26 AM
alexk added a project: workaround.Nov 9 2022, 10:50 AM
alexk added a subscriber: alexk.

A workaround you can add the following line to ~/.ssh/config or /etc/ssh/ssh_config:

KexAlgorithms -sntrup761x25519-sha512@openssh.com

For me ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com ... does work as well.

amalon added a comment.Nov 9 2022, 7:40 PM
In T5931#165009, @alexk wrote:

A workaround you can add the following line to ~/.ssh/config or /etc/ssh/ssh_config:

KexAlgorithms -sntrup761x25519-sha512@openssh.com

For me ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com ... does work as well.

Neither of these options work for me on openssh-9.1p1-3 (archlinux), I've been sticking to 8.8p1-1 since upgrading the firmware is a faff that I haven't got around to.

gniibe added a comment.Nov 22 2022, 8:12 AM

I tested with openssh 9.1. When I add -o PubkeyAuthentication=unbound, I can make the length of data smaller.

gniibe added a comment.Nov 24 2022, 2:22 AM

In my cases (tested with 9.1), here are the length of data to be signed by ssh-agent (emulation by gpg-agent).

  • 164 bytes: Both features disabled by: ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com -o PubkeyAuthentication=unbound
  • 192 bytes: Unbound only by: ssh -o PubkeyAuthentication=unbound
  • 298 bytes: No Post Quantum only by: ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com
  • 330 bytes: Both features enabled (no options)
gniibe renamed this task from OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required) to OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).Nov 24 2022, 2:38 AM
amalon added a comment.Nov 24 2022, 9:01 PM

Thanks. Adding 'PubkeyAuthentication unbound' to my ~/.ssh/config seems to workaround it for me on openssh-9.1p1-3 (arch). I don't quite follow what the implications of that setting are though.

gniibe added a comment.Nov 25 2022, 12:54 AM

Implications are... you won't be possible to use new protocols introduced by newer OpenSSH:

  • PubkeyAuthentication: No use of "public-key-hostbound-v00@openssh.com" which is OpenSSH specific extension, but use plain "publickey" authentication
    • With the extension, ssh-agent can see the server's host key when it is asked to generate signature, so, it can reject signing based on the destination.
    • This feature cannot be used when using plain "publickey" authentication
werner added a project: gnupg24.Dec 13 2022, 11:21 AM