Comments (25)
It will show, but I will give you a heads up here too. We are wrapping up one more thing before pushing this. Should be tomorrow/wednesday.
from blink.
Just installed build (891) and WebAuthn seems to work! I was able to access my two servers with the key I put on my Yubikey with Blink in 2022.
Here are the logs from near the old failure point:
agent_talk: Request length: 404
WebAuthn signature requested.
WebAuthn Controller awaiting response.
WebAuthn Controller called to perform request.
WebAuthn Controller received response.
WebAuthn Controller sending signature
WebAuthn signature received.
WebAuthn received signature publisher completed with finished
WebAuthn signature completed.
packet_send2: packet: wrote [type=50, len=800, padding_size=13, comp=786, payload=786]
ssh_packet_socket_callback: packet: read type 52 [len=16,padding=14,comp=1,payload=1]
ssh_packet_process: Dispatching handler for packet type 52
ssh_packet_userauth_success: Authentication successful
ssh_packet_userauth_success: Received SSH_USERAUTH_SUCCESS
ssh_packet_userauth_success: Enabling delayed compression OUT
ssh_packet_userauth_success: Enabling delayed compression IN
ssh_packet_need_rekey: packet: [data_rekey_needed=0, out_blocks=65, in_blocks=30
Connected to [REMOTE IP ADDRESS]
SHELL Opening channel
from blink.
Will wait for more confirmations, but…
from blink.
Everything counts. Thanks everyone! This one took a bit of back and forth but I’m glad we figured it out.
I will add key sync from the app to other Blink instances and we should be able to put this out of beta.
from blink.
From the Blink logs, it looks like Blink is blocked after the request is sent to the agent. And as I understand from @Tahpo2 it looks like the prompt is not shown. The block is intentional in the Sign function (
blink/BlinkConfig/WebAuthnKey.swift
Line 87 in df04676
I created a TestFlight version that adds additional logging, and I also removed .preferImmediatelyAvailableCredentials from performRequests, because there are not that many points where things can fail, and if maybe there is a configuration issue the delegate fails immediately but that happens before the semaphore is even waiting?https://developer.apple.com/forums/thread/737010
from blink.
I’m on TestFlight. Sometimes I can get the iOS security key prompt to come up when I try to connect, but it still stalls out at that “agent_talk: Request length: 404” line.
from blink.
Do I need to do something special to access this TestFlight version, or will it show up eventually as a new build for 17.2.1?
from blink.
Hi @Tahpo2 ! Please let me know if you got a chance to try this with the -vvvv flag so we can get a more detailed overview of where things stop.
Thanks!
from blink.
Yes. I get the same output but it ends with some WebAuthn Controller messages.
Here is end of the blink output when the connection hangs now
ssh_userauth_agent: Public key of [KEY NAME] accepted by server
ssh_key_type_to_hash: Digest algorithm to be used with key type 15 is not defined
ssh_key_algorithm_allowed: Checking [email protected] with list <[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss>
agent_talk: Request length: 402
WebAuthn signature requested.
WebAuthn Controller awaiting response.
WebAuthn Controller called to perform request.
WebAuthn Controller received response.
If I do not use -vvvv flags, the iOS security key prompt often does not ever display. However, it did this time and the last line appears after I follow the prompts to enter my pin and touch the key after which the process stalls indefinitely.
from blink.
Just installed build (889) and tried again.
There is one new line of output.
Trying publickey...
agent_talk: Request length: 1
ssh_agent_get_ident_count: Answer type: 12, expected answer: 12
ssh_agent_get_ident_count: Agent count: 1
ssh_userauth_agent: Trying identity [KEY NAME]
ssh_key_type_to_hash: Digest algorithm to be used with key type 15 is not defined
ssh_key_algorithm_allowed: Checking [email protected] with list <[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss>
packet_send2: packet: wrote [type=50, len=224, padding_size=4, comp=219, payload=219]
ssh_packet_socket_callback: packet: read type 60 [len=192,padding=12,comp=179,payload=179]
ssh_packet_process: Dispatching handler for packet type 60
ssh_packet_userauth_pk_ok: Received SSH_USERAUTH_PK_OK/INFO_REQUEST/GSSAPI_RESPONSE
ssh_packet_userauth_pk_ok: Assuming SSH_USERAUTH_PK_OK
ssh_userauth_agent: Public key of [KEY NAME] accepted by server
ssh_key_type_to_hash: Digest algorithm to be used with key type 15 is not defined
ssh_key_algorithm_allowed: Checking [email protected] with list <[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss>
agent_talk: Request length: 404
WebAuthn signature requested.
WebAuthn signature publisher cancelled
WebAuthn Controller awaiting response.
WebAuthn Controller called to perform request.
WebAuthn Controller received response.
WebAuthn Controller sending signature
from blink.
Thanks for the prompt response! I think we got it :). The Combine flow is being cancelled while the signature process is in-progress, and that is why we don't have an option to receive a signature. Super weird that in your case the Combine flow is being cancelled consistently (probably because the object itself is being collected?), but not in my case.
In any case, fix coming up.
from blink.
I think I have a fix. Can I push a TF version just for you? If you don't mind, please send me your email to Carlos at blink.sh. Thank you!
from blink.
Aha, I was just trying WebAuthn for the first time and couldn’t get it to work, seeing similar problems and intermittent iOS prompts as @Tahpo2
Would some more info/logs help? Otherwise I shall just wait until the fix gets into TestFlight and be an extra set of eyes on confirming the fix.
from blink.
Please send me an email as well and if I will add you two to the branch. That way we don’t disturb everybody else for this.
from blink.
Just pushed. Let's see if this goes through now🤞
from blink.
I feel very late to the party and haven’t contributed much but… Looking good here on a quick test using build 891 connecting to a server running OpenSSH_9.2p1 :)
(I’ll just add I’m using an on device passkey)
from blink.
I’ve been trying ssh and mosh and most of the time it has been fine. I did see this error once but retrying worked:
authError(msg: "ssh_userauth_agent_publickey: Out of memory
from blink.
I’ve been trying ssh and mosh and most of the time it has been fine. I did see this error once but retrying worked: authError(msg: "ssh_userauth_agent_publickey: Out of memory
Can you post the logs for when that happens? Is that before or after key request?
from blink.
That was the only message that appeared. I’ll test some more with ssh/mosh verbosity turned up and see if I can repro.
Or are there any other blink logs that would help? I couldn’t see anything in .blink
from blink.
Did it show before or after the prompt? I think it may be an issue with the libssh agent, so knowing if before (pubkey listing) or after (sig request) will help me 📌
from blink.
Sorry, I didn’t reply to that question as I couldn’t be sure of my memory and am wary of giving incorrect leads.
But I’ve just recreated it in mosh! The error is before being shown the prompt and mosh gives this error:
authError(msg: "ssh_userauth_agent_publickey: Out of memory") - The operation couldn’t be completed. (SSH.SSHError error 4.)
I don’t have clear steps to repro other than just repeatedly entering and exiting mosh and ssh sessions in quick succession.
from blink.
Managed to repro with ssh again and more verbose logging, hopefully verbose enough!
I think this is the relevant bit:
WebAuthn signature requested.
WebAuthn Controller awaiting response.
WebAuthn Controller called to perform request.
WebAuthn signature failed or cancelled - Error Domain=NSCocoaErrorDomain Code=4097 "connection to service named com.apple.AuthenticationServicesCore.AuthenticationServicesAgent" UserInfo={NSDebugDescription=connection to service named com.apple.AuthenticationServicesCore.AuthenticationServicesAgent}
WebAuthn received signature publisher completed with failure(Error Domain=NSCocoaErrorDomain Code=4097 "connection to service named com.apple.AuthenticationServicesCore.AuthenticationServicesAgent" UserInfo={NSDebugDescription=connection to service named com.apple.AuthenticationServicesCore.AuthenticationServicesAgent})
ssh_agent_sign_data: Agent reports failure in signing the key
Error connecting to <SERVER>. authError(msg: "ssh_userauth_agent_publickey: Out of memory")
SSH Session deinit
from blink.
Thanks! Will try to get this fixed before final release.
from blink.
Done 17.3.0
from blink.
Hi,
I am experiencing the same issue with openssh 8.9p1-3ubuntu0.10
on a Ubuntu 22.04.4 LTS
.
Using blink v17.3.0.916
. The interesting part is that the error happens also when the Yubikey is not connected to the iPad.
from blink.
Related Issues (20)
- Screen redraw on emacsclient off by one? HOT 2
- Full screen mirroring
- blink> build up n Response( ErrorResponse { status_code: 409, message: "The disk and other machine associated resources are still in use. If a machine recently shut down, please wait.", }, )
- Permission issues when running get_resources HOT 1
- Unable to view directories in Files.app that are mounted with VeraCrypt HOT 6
- Not returning to shell prompt after ssh command on host via ProxyJump HOT 2
- Roadmap for post-quantum `ssh` client HOT 1
- Kitty keyboard protocol support HOT 1
- Need `scp` scripting HOT 1
- VS code + SSH not working anymore HOT 1
- Keyboard Interrupt Does not Clear Line in Blink Shell HOT 1
- Display Modes documentation
- Can’t do socket-based activation of `sshd` HOT 2
- dSYM created with an executable with no debug info
- Mosh unresponsive on tab after app restores from background HOT 1
- Dark / Light icons HOT 2
- FCP command issues when overwriting SFTP destinations HOT 1
- Files.app overwrite should prompt user
- iOS18 Files.app issues
- Update in-app fonts and themes
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from blink.