ssh validation error should have more information #7725

jsoref · 2021-11-16T21:33:23Z

Summary

Provide details about what ssh connection failed and make it easier to act on this information

Motivation

When #7723 happened, we got some very unhelpful messages:

rpc error: code = Unknown desc = ssh: handshake failed: knownhosts: key mismatch argocd

TYPE	NAME	REPOSITORY	CONNECTION STATUS	...
git		git@github.com:...	❌ Failed	⋮
git		git@github.com:...	❌ Failed	⋮
helm	argo	https://argoproj.github.io/argo-helm	✅ Successful	⋮

SERVER NAME	CERT TYPE	CERT INFO	...
bitbucket.org	ssh ssh-rsa	SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A	⋮
github.com	ssh ssh-rsa	SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8	⋮
gitlab.com	ssh ecdsa-sha2-nistp256	SHA256:HbW3g8zUjNSksFbqTiUWPWg2Bq1x8xdGUrliXFzSnUw	⋮
gitlab.com	ssh ssh-ed25519	SHA256:eUXGGm1YGsMAS7vkcx6JOJdOGHPem5gQp4taiCfCLB8	⋮
gitlab.com	ssh ssh-rsa	SHA256:ROQFvPThGrW4RuWLoL9tq9I9zJ42fK4XywyRtbOz/EQ	⋮
ssh.dev.azure.com	ssh ssh-rsa	SHA256:ohD8VZEXGWo6Ez8GSEJQ9WpafgLFsOfLOtGGQCQo6Og	⋮
vs-ssh.visualstudio.com	ssh ssh-rsa	SHA256:ohD8VZEXGWo6Ez8GSEJQ9WpafgLFsOfLOtGGQCQo6Og	⋮

Proposal

The ssh: handshake failed error should report:
1. destination host
2. expected keys
3. received keys
Everything that links to that error state should include that information
The App view for this error should link back to the /settings/repos page
Repositories on the Repositories page should link to the /settings/certs page

The text was updated successfully, but these errors were encountered:

jannfis · 2021-11-17T10:16:39Z

I agree that we must improve error reporting (and not only in this special place).

However, for some of the information we rely on third-party libraries (e.g. go-git and x/crypto/ssh) to provide us with the the details. Emitting the host name in the error message should be a quick fix, but getting details about the expected and received key material is something that we probably cannot solve in Argo CD code. I'd be glad if someone proves me wrong, tho :)

jsoref · 2021-11-17T14:32:52Z

I'll take whatever incremental bits I can get. For the rest, if people could file issues and cross link, that'd be great. I didn't have enough information from the error to even know where to file the rest of the bug 😦 .

alexmt · 2021-11-17T21:44:31Z

Fixed by #7722 . The fix is available in v2.1.7 release

jsoref · 2021-11-17T21:46:22Z

Err, this is not about the fact that github isn't working, it's about the error reporting for when any ssh server isn't working.

jsoref added the enhancement New feature or request label Nov 16, 2021

jannfis added component:cli Affects the Argo CD CLI component:ui User interfaces bugs and enhancements type:supportability Enhancements that help operators to run Argo CD type:usability Enhancement of an existing feature labels Nov 17, 2021

brsolomon-deloitte mentioned this issue Nov 17, 2021

Host key mismatch #7736

Closed

1 task

alexmt closed this as completed Nov 17, 2021

jsoref reopened this Nov 17, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ssh validation error should have more information #7725

ssh validation error should have more information #7725

jsoref commented Nov 16, 2021 •

edited

jannfis commented Nov 17, 2021

jsoref commented Nov 17, 2021

alexmt commented Nov 17, 2021

jsoref commented Nov 17, 2021

ssh validation error should have more information #7725

ssh validation error should have more information #7725

Comments

jsoref commented Nov 16, 2021 • edited

Summary

Motivation

Proposal

jannfis commented Nov 17, 2021

jsoref commented Nov 17, 2021

alexmt commented Nov 17, 2021

jsoref commented Nov 17, 2021

jsoref commented Nov 16, 2021 •

edited