New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

KeeAgent working in Agent mode on Linux #103

Closed
taurus-forever opened this Issue Apr 10, 2015 · 7 comments

Comments

Projects
None yet
3 participants
@taurus-forever

taurus-forever commented Apr 10, 2015

Hi all,

Moved here from private emails:

Q: Is it possible to updating KeePass locking timeout on each KeeAgent's key usage on Linux (Client mode)?

A: The best solution though might be to get KeeAgent working in Agent mode on Linux. It actually works, but the problem is setting the SSH_AUTH_SOCK environment variable. The socket itself is currently a random file in /tmp, but I could add something similar to what I did recently for cygwin support on Windows that sets this to a fixed path so that you can add something to your ~/.bashrc (or similar) to set SSH_AUTH_SOCK.

If you would like to open an issue on GitHub about this, I'll see what I can do.

@dlech dlech added the enhancement label Apr 10, 2015

@dlech dlech added this to the 0.8.0 milestone Apr 10, 2015

@Aetf

This comment has been minimized.

Show comment
Hide comment
@Aetf

Aetf Apr 21, 2015

For now, you can try something like this

# Fix KeeAgent enviroment variable
set _ssh_socket_dir '/tmp/ssh-agent-lib-sock'
set _ssh_socket (ls --indicator-style=none "$_ssh_socket_dir")
if test -S "$_ssh_socket_dir/$_ssh_socket";
    setenv SSH_AGENT_PID (echo "$_ssh_socket" | sed 's/agent\.//g')
    setenv SSH_AUTH_SOCK "$_ssh_socket_dir/$_ssh_socket"
end

It's fish script but it is easy to achieve the same thing in bash or in other shells.

Aetf commented Apr 21, 2015

For now, you can try something like this

# Fix KeeAgent enviroment variable
set _ssh_socket_dir '/tmp/ssh-agent-lib-sock'
set _ssh_socket (ls --indicator-style=none "$_ssh_socket_dir")
if test -S "$_ssh_socket_dir/$_ssh_socket";
    setenv SSH_AGENT_PID (echo "$_ssh_socket" | sed 's/agent\.//g')
    setenv SSH_AUTH_SOCK "$_ssh_socket_dir/$_ssh_socket"
end

It's fish script but it is easy to achieve the same thing in bash or in other shells.

@taurus-forever

This comment has been minimized.

Show comment
Hide comment
@taurus-forever

taurus-forever Aug 26, 2015

Hi,

Can you please share how can I temporary install 0.8.0 to test your changes?

I am currently using 0.6.2 (waiting for 0.7 out of beta state.
OFFTOP: maybe it is a time to release 0.7.5 as non-beta?)

I read somewhere about broken backward compatibility between 0.6 and 0.7,
so how to properly test 0.8 and be able went back to 0.6 after the tests?

Tnx!

taurus-forever commented Aug 26, 2015

Hi,

Can you please share how can I temporary install 0.8.0 to test your changes?

I am currently using 0.6.2 (waiting for 0.7 out of beta state.
OFFTOP: maybe it is a time to release 0.7.5 as non-beta?)

I read somewhere about broken backward compatibility between 0.6 and 0.7,
so how to properly test 0.8 and be able went back to 0.6 after the tests?

Tnx!

@dlech

This comment has been minimized.

Show comment
Hide comment
@dlech

dlech Aug 26, 2015

Owner

There is not version 0.8.0 yet, it is only a milestone. Version 0.7.5 is the latest and will become 0.8.0 when I decide to call it stable.

I don't recall any backward compatibility issues with 0.6.x and 0.7.x. Perhaps you are thinking of 0.4.x and 0.5.x. You should always create a backup of your database before upgrading anyway though.

If you would like to test out 0.7.x temporarily, I suggest installing a portable version of KeePass and installing the plugin there (and use a copy of your database file).

Owner

dlech commented Aug 26, 2015

There is not version 0.8.0 yet, it is only a milestone. Version 0.7.5 is the latest and will become 0.8.0 when I decide to call it stable.

I don't recall any backward compatibility issues with 0.6.x and 0.7.x. Perhaps you are thinking of 0.4.x and 0.5.x. You should always create a backup of your database before upgrading anyway though.

If you would like to test out 0.7.x temporarily, I suggest installing a portable version of KeePass and installing the plugin there (and use a copy of your database file).

dlech added a commit to dlech/SshAgentLib that referenced this issue Oct 17, 2015

Fix UnixAgent not working.
Additional changes:
* Added UNKNOWN message to Agent.Message enum.
* Added timeout for sockets that support it.
* Cleaned up constant names in UnixClient

Issue dlech/KeeAgent#103

dlech added a commit that referenced this issue Oct 17, 2015

Better support for Agent mode in Linux.
* Allows specifying the path of the socket file (like the Cygwin/MSYS
  implementation).
* Improved implementation in SshAgentLib.

A couple things not implemented yet:
* Can't change the socket file without restarting KeePass.
* If UnixAgent fails in the constructor, then KeeAgent will not load and
  you can't fix what was wrong.

Issue dlech/KeeAgent#103
@dlech

This comment has been minimized.

Show comment
Hide comment
@dlech

dlech Oct 17, 2015

Owner

I've made some progress in getting this implemented. I've just released v0.7.7 which includes the latest changes (also available via ppa:dlech/keepass2-plugings-beta).

To enable, go to Tools > Options.... On the KeeAgent tab, select Agent for Agent Mode and enter a Path for the socket file. The recommended path is %XDG_RUNTIME_DIR%/keeagent.socket. Note the Windows style environment variable is not a typo, it is just how mono works.

Click OK and restart KeePass. In your ~/.bashrc (or other appropriate place), add the line export SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/keeagent.socket. Then any new terminal window will use KeeAgent for the ssh agent instead of the system ssh agent.

Please open a new issue for any problems or suggestions you have with the implementation.

Owner

dlech commented Oct 17, 2015

I've made some progress in getting this implemented. I've just released v0.7.7 which includes the latest changes (also available via ppa:dlech/keepass2-plugings-beta).

To enable, go to Tools > Options.... On the KeeAgent tab, select Agent for Agent Mode and enter a Path for the socket file. The recommended path is %XDG_RUNTIME_DIR%/keeagent.socket. Note the Windows style environment variable is not a typo, it is just how mono works.

Click OK and restart KeePass. In your ~/.bashrc (or other appropriate place), add the line export SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/keeagent.socket. Then any new terminal window will use KeeAgent for the ssh agent instead of the system ssh agent.

Please open a new issue for any problems or suggestions you have with the implementation.

@taurus-forever

This comment has been minimized.

Show comment
Hide comment
@taurus-forever

taurus-forever Nov 2, 2015

Hi, finally I found a time to play with it.

First of all, thank you for the care here!
I have installed keepass2-plugin-keeagent 0.7.7.1 from beta ppa. KeePass 2.30 is in use.

  1. I have an error on loading module:
---------------------------
KeePass
---------------------------
KeeAgent: Error while loading key from entry 'bla/bla/some key'

Unexpected error

dlech.SshAgentLib.CallbackNullException: Exception of type 'dlech.SshAgentLib.CallbackNullException' was thrown.
  at dlech.SshAgentLib.Agent.AddKey (ISshKey key) [0x00000] in <filename unknown>:0 
  at KeeAgent.KeeAgentExt.AddEntry (KeePassLib.PwEntry entry, ICollection`1 constraints) [0x00000] in <filename unknown>:0 
---------------------------
OK   
---------------------------

It happens as soon as I enable option "Always require manual confirmation when a client program requests to use a key".

  1. I cannot make it works in Agent mode, I believe I complete your manual properly and I have socket in place while I cannot connect the server using a key. It looks like SSH_AUTH_SOCK is simply ignored:
11:37:18 ✔ taurus:~$ file "${SSH_AUTH_SOCK}"
/run/user/1000/keyring-zQUXOG/ssh: socket 
11:37:18 ✔ taurus:~$ ssh demo "date"
root@demo.myserver.com's password: 
11:37:27 ✘ taurus:~$ 
11:43:55 ✘ taurus:~$ SSH_AUTH_SOCK=/run/user/1000/keyring-zQUXOG/ssh ssh demo -vvv "date"
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /home/taurus/.ssh/config
debug1: /home/taurus/.ssh/config line 38: Applying options for demo
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Hostname has changed; re-reading configuration
debug1: Reading configuration data /home/taurus/.ssh/config
debug1: /home/taurus/.ssh/config line 82: Applying options for demo.myserver.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to demo.myserver.com [1.1.1.1] port 22.
debug1: Connection established.
debug1: identity file /home/taurus/.ssh/id_rsa type -1
debug1: identity file /home/taurus/.ssh/id_rsa-cert type -1
debug1: identity file /home/taurus/.ssh/id_dsa type -1
debug1: identity file /home/taurus/.ssh/id_dsa-cert type -1
debug1: identity file /home/taurus/.ssh/id_ecdsa type -1
debug1: identity file /home/taurus/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/taurus/.ssh/id_ed25519 type -1
debug1: identity file /home/taurus/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4+deb7u2
debug1: match: OpenSSH_6.0p1 Debian-4+deb7u2 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "demo.myserver.com" from file "/home/taurus/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/taurus/.ssh/known_hosts:66
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: setup hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: setup hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11
debug3: load_hostkeys: loading entries for host "demo.myserver.com" from file "/home/taurus/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/taurus/.ssh/known_hosts:66
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "1.1.1.1" from file "/home/taurus/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/taurus/.ssh/known_hosts:67
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'demo.myserver.com' is known and matches the ECDSA host key.
debug1: Found key in /home/taurus/.ssh/known_hosts:66
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/taurus/.ssh/id_rsa ((nil)),
debug2: key: /home/taurus/.ssh/id_dsa ((nil)),
debug2: key: /home/taurus/.ssh/id_ecdsa ((nil)),
debug2: key: /home/taurus/.ssh/id_ed25519 ((nil)),
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/taurus/.ssh/id_rsa
debug3: no such identity: /home/taurus/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /home/taurus/.ssh/id_dsa
debug3: no such identity: /home/taurus/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/taurus/.ssh/id_ecdsa
debug3: no such identity: /home/taurus/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/taurus/.ssh/id_ed25519
debug3: no such identity: /home/taurus/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
root@demo.myserver.com's password: 

11:47:56 ✘ taurus:~$ 

As soon as I switch plugin to Auto/Client mode it works well.

Do you need more debug information here?
P.S. I used the path you specified, I am on Linux Mint 17.2

taurus-forever commented Nov 2, 2015

Hi, finally I found a time to play with it.

First of all, thank you for the care here!
I have installed keepass2-plugin-keeagent 0.7.7.1 from beta ppa. KeePass 2.30 is in use.

  1. I have an error on loading module:
---------------------------
KeePass
---------------------------
KeeAgent: Error while loading key from entry 'bla/bla/some key'

Unexpected error

dlech.SshAgentLib.CallbackNullException: Exception of type 'dlech.SshAgentLib.CallbackNullException' was thrown.
  at dlech.SshAgentLib.Agent.AddKey (ISshKey key) [0x00000] in <filename unknown>:0 
  at KeeAgent.KeeAgentExt.AddEntry (KeePassLib.PwEntry entry, ICollection`1 constraints) [0x00000] in <filename unknown>:0 
---------------------------
OK   
---------------------------

It happens as soon as I enable option "Always require manual confirmation when a client program requests to use a key".

  1. I cannot make it works in Agent mode, I believe I complete your manual properly and I have socket in place while I cannot connect the server using a key. It looks like SSH_AUTH_SOCK is simply ignored:
11:37:18 ✔ taurus:~$ file "${SSH_AUTH_SOCK}"
/run/user/1000/keyring-zQUXOG/ssh: socket 
11:37:18 ✔ taurus:~$ ssh demo "date"
root@demo.myserver.com's password: 
11:37:27 ✘ taurus:~$ 
11:43:55 ✘ taurus:~$ SSH_AUTH_SOCK=/run/user/1000/keyring-zQUXOG/ssh ssh demo -vvv "date"
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /home/taurus/.ssh/config
debug1: /home/taurus/.ssh/config line 38: Applying options for demo
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Hostname has changed; re-reading configuration
debug1: Reading configuration data /home/taurus/.ssh/config
debug1: /home/taurus/.ssh/config line 82: Applying options for demo.myserver.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to demo.myserver.com [1.1.1.1] port 22.
debug1: Connection established.
debug1: identity file /home/taurus/.ssh/id_rsa type -1
debug1: identity file /home/taurus/.ssh/id_rsa-cert type -1
debug1: identity file /home/taurus/.ssh/id_dsa type -1
debug1: identity file /home/taurus/.ssh/id_dsa-cert type -1
debug1: identity file /home/taurus/.ssh/id_ecdsa type -1
debug1: identity file /home/taurus/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/taurus/.ssh/id_ed25519 type -1
debug1: identity file /home/taurus/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4+deb7u2
debug1: match: OpenSSH_6.0p1 Debian-4+deb7u2 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "demo.myserver.com" from file "/home/taurus/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/taurus/.ssh/known_hosts:66
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: setup hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: setup hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11
debug3: load_hostkeys: loading entries for host "demo.myserver.com" from file "/home/taurus/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/taurus/.ssh/known_hosts:66
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "1.1.1.1" from file "/home/taurus/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/taurus/.ssh/known_hosts:67
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'demo.myserver.com' is known and matches the ECDSA host key.
debug1: Found key in /home/taurus/.ssh/known_hosts:66
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/taurus/.ssh/id_rsa ((nil)),
debug2: key: /home/taurus/.ssh/id_dsa ((nil)),
debug2: key: /home/taurus/.ssh/id_ecdsa ((nil)),
debug2: key: /home/taurus/.ssh/id_ed25519 ((nil)),
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/taurus/.ssh/id_rsa
debug3: no such identity: /home/taurus/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /home/taurus/.ssh/id_dsa
debug3: no such identity: /home/taurus/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/taurus/.ssh/id_ecdsa
debug3: no such identity: /home/taurus/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/taurus/.ssh/id_ed25519
debug3: no such identity: /home/taurus/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
root@demo.myserver.com's password: 

11:47:56 ✘ taurus:~$ 

As soon as I switch plugin to Auto/Client mode it works well.

Do you need more debug information here?
P.S. I used the path you specified, I am on Linux Mint 17.2

@dlech

This comment has been minimized.

Show comment
Hide comment
@dlech

dlech Nov 2, 2015

Owner

Please open new issues for any problems that you have with the implementation. One per problem. It helps me keep track better.

I have opened #127 for your issue 1).

For your issue 2), SSH_AUTH_SOCK=/run/user/1000/keyring-zQUXOG/ssh ssh demo -vvv "date" tells me that you are still using the socket from GNOME Keyring, or even worse, your have told KeeAgent to write over the socket from GNOME Keyring. You should specify a different path for the KeeAgent socket and then use that for SSH_AUTH_SOCK.

Owner

dlech commented Nov 2, 2015

Please open new issues for any problems that you have with the implementation. One per problem. It helps me keep track better.

I have opened #127 for your issue 1).

For your issue 2), SSH_AUTH_SOCK=/run/user/1000/keyring-zQUXOG/ssh ssh demo -vvv "date" tells me that you are still using the socket from GNOME Keyring, or even worse, your have told KeeAgent to write over the socket from GNOME Keyring. You should specify a different path for the KeeAgent socket and then use that for SSH_AUTH_SOCK.

@dlech dlech closed this Nov 2, 2015

@taurus-forever

This comment has been minimized.

Show comment
Hide comment
@taurus-forever

taurus-forever Nov 3, 2015

For the history:

  • it works well thank you! Initial issue with "unlocking DB for using a key has been solved"!
  • I did double check GNOME Keyring "issue", unfortunately the manual you created http://lechnology.com/software/keeagent/installation/#disable-ssh-component-of-gnome-keyring is no longer valid for Linux Mint 17.2. There are no "SSH Key Agent" in "Startup application", it doesn't appears after "NoDisplay=false". I have manually copied the /etc/xdg/autostart/gnome-keyring-ssh.desktop file to ~/.config/autostart/gnome-keyring-ssh.desktop, and edited, but had no luck.

The only solution which works for me is to specify full path in KeePass/Mono instead of "%XDG_RUNTIME_DIR%/keeagent.socket". Now, it works like a charm! Tnx!

taurus-forever commented Nov 3, 2015

For the history:

  • it works well thank you! Initial issue with "unlocking DB for using a key has been solved"!
  • I did double check GNOME Keyring "issue", unfortunately the manual you created http://lechnology.com/software/keeagent/installation/#disable-ssh-component-of-gnome-keyring is no longer valid for Linux Mint 17.2. There are no "SSH Key Agent" in "Startup application", it doesn't appears after "NoDisplay=false". I have manually copied the /etc/xdg/autostart/gnome-keyring-ssh.desktop file to ~/.config/autostart/gnome-keyring-ssh.desktop, and edited, but had no luck.

The only solution which works for me is to specify full path in KeePass/Mono instead of "%XDG_RUNTIME_DIR%/keeagent.socket". Now, it works like a charm! Tnx!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment