XShell 7 新版本修改了 signRequestAgentMsg 报文格式

[zzmark]

xshell 7 可能修改了 agent 协议，或者这个协议版本有所更新(没有具体追踪)

xshell 版本: xshell 7 Build 0157

开启 debug 后有 stderr 日志打印:

agent 13: ssh: parse error in message type 13

断点分析得出，新版本的 signRequestAgentMsg 报文，较标准协议，多出32bit 数据 => {0, 24, 15, 254}
多次尝试，后三个byte不稳定，看不出是什么
旧版本为缺少 Flags 部分，需要补32bit。

个人有个patch，简单粗暴的裁剪后32bit，测试可以使用，没有继续刨根问底。
若可以合并，我去提PR

附上修正前 xshell 日志

[BEGIN] 2024-05-06 19:00:09
[2024-05-06-19:0:9.735] Connection established.
[2024-05-06-19:0:9.735] To escape to local shell, press 'Ctrl+Alt+]'.
[2024-05-06-19:0:9.766] [19:00:09] Version exchange initiated...
[2024-05-06-19:0:9.766] [19:00:09] 	server: SSH-2.0-OpenSSH_8.7
[2024-05-06-19:0:9.766] [19:00:09] 	client: SSH-2.0-nsssh2_7.0.0040 NetSarang Computer, Inc.
[2024-05-06-19:0:9.766] [19:00:09] 	SSH2 is selected.
[2024-05-06-19:0:9.767] [19:00:09] 		Outgoing packet:  20 (0x14: SSH2_MSG_KEXINIT)
[2024-05-06-19:0:9.786] [19:00:09] 		Incoming packet:  20 (0x14: SSH2_MSG_KEXINIT)
[2024-05-06-19:0:9.787] [19:00:09] Algorithm negotiation initiated... (Dialog mode)
[2024-05-06-19:0:9.787] [19:00:09] 	key exchange: curve25519-sha256@libssh.org
[2024-05-06-19:0:9.787] [19:00:09] 	host key: rsa-sha2-256
[2024-05-06-19:0:9.787] [19:00:09] 	outgoing encryption: chacha20-poly1305@openssh.com
[2024-05-06-19:0:9.787] [19:00:09] 	incoming encryption: chacha20-poly1305@openssh.com
[2024-05-06-19:0:9.787] [19:00:09] 	outgoing mac: hmac-sha2-256-etm@openssh.com
[2024-05-06-19:0:9.787] [19:00:09] 	incoming mac: hmac-sha2-256-etm@openssh.com
[2024-05-06-19:0:9.787] [19:00:09] 	outgoing compression: none
[2024-05-06-19:0:9.787] [19:00:09] 	incoming compression: none
[2024-05-06-19:0:9.789] [19:00:09] 		Outgoing packet:  30 (0x1e: SSH2_MSG_KEXDH_INIT)
[2024-05-06-19:0:9.819] [19:00:09] 		Incoming packet:  31 (0x1f: SSH2_MSG_KEXDH_REPLY)
[2024-05-06-19:0:9.819] [19:00:09] Host authentication initiated...
[2024-05-06-19:0:9.820] [19:00:09] 	Hostkey fingerprint:
[2024-05-06-19:0:9.820] [19:00:09] 	rsa 3072 84:f4:6d:f9:11:01:21:3a:b5:0a:4f:f1:af:74:f0:67
[2024-05-06-19:0:9.822] [19:00:09] 	Accepted. Verifying host key...
[2024-05-06-19:0:9.822] [19:00:09] 	Verified.
[2024-05-06-19:0:9.822] [19:00:09] 		Outgoing packet:  21 (0x15: SSH2_MSG_NEWKEYS)
[2024-05-06-19:0:9.823] [19:00:09] 		Incoming packet:  21 (0x15: SSH2_MSG_NEWKEYS)
[2024-05-06-19:0:9.823] [19:00:09] 		Outgoing packet:   5 (0x05: SSH2_MSG_SERVICE_REQUEST)
[2024-05-06-19:0:9.823] [19:00:09] 		Incoming packet:   7 (0x07: SSH2_MSG_EXT_INFO)
[2024-05-06-19:0:9.824] [19:00:09] 	server-sig-algs = ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com
[2024-05-06-19:0:9.843] [19:00:09] 		Incoming packet:   6 (0x06: SSH2_MSG_SERVICE_ACCEPT)
[2024-05-06-19:0:9.843] [19:00:09] User authentication initiated... (Dialog mode)
[2024-05-06-19:0:9.843] [19:00:09] 	Sent user name 'root'.
[2024-05-06-19:0:9.844] [19:00:09] 		Outgoing packet:  50 (0x32: SSH2_MSG_USERAUTH_REQUEST)
[2024-05-06-19:0:9.861] [19:00:09] 		Incoming packet:  51 (0x33: SSH2_MSG_USERAUTH_FAILURE)
[2024-05-06-19:0:9.861] [19:00:09] 	Server requested: publickey,gssapi-keyex,gssapi-with-mic
[2024-05-06-19:0:9.862] [19:00:09] 	Server support public key authentication method.
[2024-05-06-19:0:9.862] [19:00:09] 	Trying to find ssh-agent...
[2024-05-06-19:0:9.863] [19:00:09] 	Xagent is running. Connecting to ssh-agent...
[2024-05-06-19:0:9.863] [19:00:09] 	Auth method is agent.
[2024-05-06-19:0:12.468] [19:00:12] 	Received 2 identity-blob(s) from ssh-agent.
[2024-05-06-19:0:12.468] [19:00:12] 	Trying next identity blob...
[2024-05-06-19:0:12.468] [19:00:12] 		Outgoing packet:  50 (0x32: SSH2_MSG_USERAUTH_REQUEST)
[2024-05-06-19:0:12.468] [19:00:12] 	UserKey type: keylen:0
[2024-05-06-19:0:12.484] [19:00:12] 		Incoming packet:  51 (0x33: SSH2_MSG_USERAUTH_FAILURE)
[2024-05-06-19:0:12.484] [19:00:12] 	Server rejected the public blob, 
[2024-05-06-19:0:12.484] [19:00:12] 	Trying next identity blob...
[2024-05-06-19:0:12.484] [19:00:12] 		Outgoing packet:  50 (0x32: SSH2_MSG_USERAUTH_REQUEST)
[2024-05-06-19:0:12.484] [19:00:12] 	UserKey type:ssh-ed25519 keylen:51
[2024-05-06-19:0:12.504] [19:00:12] 		Incoming packet:  60 (0x3c: SSH2_MSG_USERAUTH_PK_OK)
[2024-05-06-19:0:12.504] [19:00:12] 	Received PK_OK packet. Try to send signed key blob.
[2024-05-06-19:0:12.506] [19:00:12] 	Sent sign request to ssh-agent. ssh-ed25519
[2024-05-06-19:0:12.524] [19:00:12] 	Received an empty signature from ssh-agent.
[2024-05-06-19:0:12.524] [19:00:12] 	Trying next identity blob...
[2024-05-06-19:0:12.524] [19:00:12] 		Outgoing packet:  50 (0x32: SSH2_MSG_USERAUTH_REQUEST)
[2024-05-06-19:0:12.524] [19:00:12] 	UserKey type:ecdsa-sha2-nistp256 keylen:104
[2024-05-06-19:0:12.547] [19:00:12] 		Incoming packet:  60 (0x3c: SSH2_MSG_USERAUTH_PK_OK)
[2024-05-06-19:0:12.547] [19:00:12] 	Received PK_OK packet. Try to send signed key blob.
[2024-05-06-19:0:12.547] [19:00:12] 	Sent sign request to ssh-agent. ecdsa-sha2-nistp256
[2024-05-06-19:0:12.568] [19:00:12] 	Received an empty signature from ssh-agent.
[2024-05-06-19:0:12.569] [19:00:12] 	No more keys to try.
[2024-05-06-19:0:12.569] [19:00:12] 	Fall back to normal user authentication steps.
[2024-05-06-19:0:14.873] [19:00:14] 	Canceled.
[2024-05-06-19:0:14.873] [19:00:14] 		Outgoing packet:   1 (0x01: SSH2_MSG_DISCONNECT)
[2024-05-06-19:0:14.911] Connection closing...Socket close.
[2024-05-06-19:0:14.911] 
[2024-05-06-19:0:14.911] Connection closed by foreign host.

[END] 2024-05-06 19:00:14

[lyc8503]

更新到最新版 XShell 7 Build 0157 后同样遇到无法认证的问题，但是构建了包含以上 Patch 的 WinCryptSSHAgent 仍然无法认证，回退到 Build 0151 解决了问题。

[zzmark]

更新到最新版 XShell 7 Build 0157 后同样遇到无法认证的问题，但是构建了包含以上 Patch 的 WinCryptSSHAgent 仍然无法认证，回退到 Build 0151 解决了问题。

奇怪了，我从0157到0164日常使用，还没有问题

[cqjjjzr]

Xshell 8 Beta Build 0042 同样有此问题，构建了 Patch 也无法使用。ssh: parse error in message type 13 的消息仍然存在。

看了下 Patch 的代码，xshell.go:176 是否应该是 err != nil 而非 err == nil....

修了之后能跳出智能卡提示了，但插了 Yubikey 后显示如下图。

[boypt]

Xshell 8 Beta Build 0042 同样有此问题，构建了 Patch 也无法使用。ssh: parse error in message type 13 的消息仍然存在。

看了下 Patch 的代码，xshell.go:176 是否应该是 err != nil 而非 err == nil....

修了之后能跳出智能卡提示了，但插了 Yubikey 后显示如下图。

确实 #90 该处逻辑写反，xshell.go:176 应为err != nil。 误

新定义的signRequestAgentMsgXshell7最后一个属性Others uint64不正确，导致xshell.go:176 处报&errors.errorString{s:"ssh: short read"}，多出32bit应该匹配一个uint32类型。

修改成uint32后使用系统自带的rsa登陆在xshell 8 beta 0047登陆成功。

没有使用yubikey。

[zzmark]

Xshell 8 Beta Build 0042 同样有此问题，构建了 Patch 也无法使用。ssh: parse error in message type 13 的消息仍然存在。
看了下 Patch 的代码，xshell.go:176 是否应该是 err != nil 而非 err == nil....
修了之后能跳出智能卡提示了，但插了 Yubikey 后显示如下图。

确实 #90 该处逻辑写反，xshell.go:176 应为err != nil。 误

新定义的signRequestAgentMsgXshell7最后一个属性Others uint64不正确，导致xshell.go:176 处报&errors.errorString{s:"ssh: short read"}，多出32bit应该匹配一个uint32类型。

修改成uint32后使用系统自带的rsa登陆在xshell 8 beta 0047登陆成功。

没有使用yubikey。

看来跟版本关系很大，我想想别的办法扔了后边多余的数据。

[boypt]

我本地编译的版本signRequestAgentMsgXshell7改成这样，用了两个月，xshell 8 beta也迭代到正式版了，目前均正常工作。

type signRequestAgentMsgXshell7 struct {
        KeyBlob []byte `sshtype:"13"`
        Data    []byte
        Flags   uint32
        Unknown [4]byte
}

[zzmark]

我换了个思路修改

目前已知的情况是，xshell 5 和 早期的 xshell 6，缺少 Flags。
xshell 7 似乎也有缺少 Flags的情况，我使用的版本Flags后边又多出8byte的数据，所以塞个uint64刚好。
刚下了个xshell8，后边多出的是4byte，
由于后边Flags用不到，无需考虑内容，改为计算长度仅保留所需长度的数据。

[zzmark]

我本地编译的版本signRequestAgentMsgXshell7改成这样，用了两个月，xshell 8 beta也迭代到正式版了，目前均正常工作。

type signRequestAgentMsgXshell7 struct {
        KeyBlob []byte `sshtype:"13"`
        Data    []byte
        Flags   uint32
        Unknown [4]byte
}

提了个新的版本， 这次通杀 5-8 了
后续只要xshell不改协议，应该没问题