ECDSA and ed25519 keys do not work

[Elizafox]

Hello,

I'm not sure if this is the right place to file the bug (maybe the bug's in libgit2), but this is where I encountered it, and I haven't tried to duplicate it in libgit2. When using SSH, ECDSA and ed25519 keys don't work. They fail with this error:

>>> remote.credentials = pygit2.Keypair('git', '/home/elizabeth/.ssh/id_ed25519.pub', '/home/elizabeth/.ssh/id_ed25519', None)
>>> remote.fetch()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python3.4/site-packages/pygit2/remote.py", line 221, in fetch
    check_error(err)
  File "/usr/lib64/python3.4/site-packages/pygit2/errors.py", line 56, in check_error
    raise GitError(message)
_pygit2.GitError: Failed to authenticate SSH session: Callback returned error

The traceback for ECDSA is similar.

Yes, I have added my ed25519 and ECDSA keys to github, so I know that's not the problem. RSA keys also work just fine.

[carlosmn]

pygit2 or libgit2 do not set any restrictions on the type of key. The key path is given directly to libssh2, so if it's refusing to accept them, it's a libssh2 issue. The specific error message "Callback returned error" also comes from libssh2 as well.

[nvanheuverzwijn]

Hi, I know this is an old post, but I stumbled on this very problem. As of today, libssh2 does not support elliptic curve keys. If you try to use ecdsa with libgit2 (which use libssh2 under the hood), you will have a Failed to authenticate SSH session: Callback returned error.

TL;DR: Libssh2 does not support elliptic curve.

Source : https://www.libssh2.org/ (look for Hostkey Types)

Cheers,
Nic

[yan12125]

A relevant issue for ED25519: libssh2/libssh2#39. I have a patch to enable ED25519 in libssh2. Hope that helps those who need it!

[willco007]

I have a private fork of libssh2 that supports ECDSA keys using the OpenSSL backend. I hope to have a bit of time to land it back to the public project after the project I'm working on ships.

[jdavid]

This is supported by libssh since 1.9.0 from its changelog, https://libssh2.org/changes.html#1.9.0
And pygit2 Linux wheels are built with libssh 1.9.0 since pygit2 1.0.0