Handshake failed error

[BLucky-gh]

When trying to connect to any server I'm receiving an error:
something went wrong:failed to create session: connection failed: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

I'm running wishlist in local tui mode, the config file is as follows (edited for privacy)

IdentityFile 	~/.ssh/id_rsa

Host		github.com
  AddKeysToAgent yes
  IdentityFile	~/.ssh/id_ed25519

Host 		*.mydomain.tld
  IdentityFile 	~/.ssh/id_rsa

Host 		foo
  HostName	x.x.x.x
  User		bar
  Port		222

Host 		baz
  HostName	y.y.y.y
  User		root
  Port		1774

Note: the public keys are confirmed to work normally, issues only arise when connecting through wishlist

[caarlos0]

anything else in the wishlist.log file?

also, which of these endpoints you tried to connect and failed?

[BLucky-gh]

2 ) all of them

1 ) where are the logs located?

[caarlos0]

1 ) where are the logs located?

should be in the folder in which you executed wishlist

[caarlos0]

2 ) all of them

my guess is that its the same thing that happens here: charmbracelet/soft-serve#48 (comment)

[BLucky-gh]

here's the logs

2022/04/20 22:34:50 using "/Users/blucky/.ssh/id_rsa"
2022/04/20 22:34:50 using "/Users/blucky/.ssh/id_ed25519"
2022/04/20 22:34:50 got an error: failed to create session: connection failed: ssh: handshake failed: possible man-in-the-middle attack: knownhosts: key mismatch
2022/04/20 22:34:57 using SSH agent
2022/04/20 22:34:57 using "/Users/blucky/.ssh/id_rsa"
2022/04/20 22:34:57 got an error: failed to create session: connection failed: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2022/04/20 22:35:06 using SSH agent
2022/04/20 22:35:06 using "/Users/blucky/.ssh/id_rsa"
2022/04/20 22:35:13 got an error: failed to create session: connection failed: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2022/04/20 22:35:32 using SSH agent
2022/04/20 22:35:32 using "/Users/blucky/.ssh/id_rsa"
2022/04/20 22:35:35 got an error: failed to create session: connection failed: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2022/04/20 22:47:13 using SSH agent
2022/04/20 22:47:13 using "/Users/blucky/.ssh/id_rsa"
2022/04/20 22:47:13 got an error: failed to create session: connection failed: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

by the way the mitm/key mismatch error is not wishlist's fault I think, since I do occasionally get that error with regular ssh connecting to that host (which is github)

[BLucky-gh]

2 ) all of them

my guess is that its the same thing that happens here: charmbracelet/soft-serve#48 (comment)

is that the one where the go library that charm uses can't handle rsa keys?

[caarlos0]

is that the one where the go library that charm uses can't handle rsa keys?

the root cause is x/crypto: golang/crypto#197

---

logs did not help much, we'll see if I can add more info to them...

meanwhile, can you try

ssh -v git.charm.sh

using the same key? if it is the rsa thing, this should confirm it...

[BLucky-gh]

logs did not help much, we'll see if I can add more info to them...

meanwhile, can you try
ssh -v git.charm.sh
using the same key? if it is the rsa thing, this should confirm it...

OpenSSH_8.6p1, LibreSSL 3.3.5
debug1: Reading configuration data /Users/blucky/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to git.charm.sh port 22.
debug1: Connection established.
debug1: identity file /Users/blucky/.ssh/id_rsa type 0
debug1: identity file /Users/blucky/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1
debug1: compat_banner: match: OpenSSH_7.6p1 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to git.charm.sh:22 as 'blucky'
debug1: load_hostkeys: fopen /Users/blucky/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:5fCc3Y8I1sUuBgmSYU1hqg3G7sX0XXZZ+6gDwKRoRv4
debug1: load_hostkeys: fopen /Users/blucky/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: hostkeys_find_by_key_hostfile: hostkeys file /Users/blucky/.ssh/known_hosts2 does not exist
debug1: hostkeys_find_by_key_hostfile: hostkeys file /etc/ssh/ssh_known_hosts does not exist
debug1: hostkeys_find_by_key_hostfile: hostkeys file /etc/ssh/ssh_known_hosts2 does not exist
The authenticity of host 'git.charm.sh (54.211.242.237)' can't be established.
ED25519 key fingerprint is SHA256:5fCc3Y8I1sUuBgmSYU1hqg3G7sX0XXZZ+6gDwKRoRv4.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'git.charm.sh' (ED25519) to the list of known hosts.
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /Users/blucky/.ssh/id_rsa RSA SHA256:gTpRXbdvijtUADDl3rV6ht/A71arw+Ql7HFX4dWExig explicit agent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: password,publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/blucky/.ssh/id_rsa RSA SHA256:gTpRXbdvijtUADDl3rV6ht/A71arw+Ql7HFX4dWExig explicit agent
debug1: Server accepts key: /Users/blucky/.ssh/id_rsa RSA SHA256:gTpRXbdvijtUADDl3rV6ht/A71arw+Ql7HFX4dWExig explicit agent
debug1: Authentication succeeded (publickey).
Authenticated to git.charm.sh ([54.211.242.237]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: filesystem full
debug1: Sending environment.
debug1: channel 0: setting env LANG = "en_US.UTF-8"
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
Connection to git.charm.sh closed.
Transferred: sent 8604, received 1413796 bytes, in 31.9 seconds
Bytes per second: sent 269.8, received 44325.3
debug1: Exit status 0```

[caarlos0]

hmmm so I guess I need to add more logs, thanks for the feedback so far, will look into it

[caarlos0]

ah, I think I get it.. you have a SSH agent running, but it doesnt have a key that's accepted...

if so, #61 should fix it

[BLucky-gh]

ah, I think I get it.. you have a SSH agent running, but it doesnt have a key that's accepted...

Not sure what you mean, running ssh-add -L shows that the key in question is indeed in the agent

[BLucky-gh]

#61 might help with some of them (the ones that do have a key specified), but for the ones where the key is not specified and where I just let it use the key from my ssh-agent, I don't think it would help

[caarlos0]

#62 adds more logs

[Cordelya]

I may be encountering the same or a similar issue - with two specific endpoints that both use the same key, which is a different key than the one most of my other ssh endpoints use.

• using $HOME/.wishlist/config.yaml
• running wishlist as local
• most of my endpoints have agent forwarding off and use a key named "id_rsa"; they all connect fine that way
• issue appears to be that the remote servers in question are being presented with the wrong key ("id_rsa" is being presented; the correct key is a different one)
• I have a soft-serve server in my endpoints list that also uses a manually-generated key that is not named "id_rsa" and that connection works fine w/o agent forwarding
• workaround for the two servers that are being passed the wrong key is to specify agent forwarding and have an ssh-agent set up and ready to go with the key - then it works.

I've examined the example config.yaml several times and it doesn't appear to include any endpoint params for specifying which key to use for an endpoint.

---
# Examples pasted and sanitized from my config.yaml
endpoints:
  - name: works
    address: x.x.x.x:22
    description: "SSH Endpoint that works"
    user: user
    forward_agent: false
    request_tty: true

  - name: does_not_work
    address: x.x.x.x:22
    description: "SSH endpoint that is passed the wrong key without agent forwarding"
    user: user
    forward_agent: true
    request_tty: true
    link:
      name: fqdn.com
      url: https://fqdn.com

[caarlos0]

Hmm, I guess we could allow the identityfiles option in yaml as well

will work in a pr for it