Whitelist not applying about ssh-chat HOT 10 OPEN

Hm wonder if this is a bug introduced in #395 cc @mik2k2

from ssh-chat.

I can confirm this happens when the whitelist file is empty (because the allowed key set is empty, these lines).

However, I can't reproduce this with

$ cat user_key.pub
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB/Av4uByl+c51sX3vqGz2j+PWaTJgJIEbztVeXJv6D4 ssh-chat-test
$ go run ./cmd/ssh-chat/ -i host_key --whitelist user_key.pub -vv
Listening for connections on [::]:2022
2021-11-09 13:00:46.927 DEBUG Added to whitelist: "SHA256:wfdYWd+OzriJDxO1QgDEqu3BGxpZGewah/A7U8LANeI=" (for 0s)
[sshd] 2021/11/09 13:01:03 [[::1]:47482] Failed to handshake: [ssh: no auth passed yet, public key authentication required]
[sshd] 2021/11/09 13:01:39 [[::1]:47492] Failed to handshake: [ssh: no auth passed yet, not whitelisted, public key authentication required]

and

$ ssh -o 'IdentitiesOnly yes' -p 2022 test@localhost
test@localhost: Permission denied (publickey,keyboard-interactive).
$ ssh -p 2022 test@localhost
test@localhost: Permission denied (publickey,keyboard-interactive).

Can you verify the key is being loaded by running ssh-chat with the -vv option?

from ssh-chat.

Oh wait, I don't think v1.10 includes that PR.

@badrow Do you think you could try to confirm this with a build from master?

If the new version fixes it, I'll cut a new release.

from ssh-chat.

Oh wait, i tested the program with param : --whitelist=myfile and not --whitelist myfile.

I test and feedback soon sorry.

from ssh-chat.

Okay very weird thing, depending on the machine where the server is launched, the result is not the same.
I can see the SSH keys loaded with -vv but when I launch the server on my laptop or raspberry, some users are accepted, and others are not...
I think the key which is used by the server is not accepted when a client is using it. Sorry for bothering may be it's normal behavior.

from ssh-chat.

Are you using the admin flag? It might be bypassing it.

from ssh-chat.

I'm not using admin flag, but I tested to connect to my server with different clients, it looks like all problems occurs when i use ssh client from fedora 35.
All others clients are ok.

When I use the same client key from fedora 35 of from another system, the other system pass, fedora client is refused.

from ssh-chat.

Confirmed. Same key working as client with an old android phone and ubuntu 20.04, not working with fedora 35 ( client is OpenSSH_8.7p1, OpenSSL 1.1.1l FIPS 24 Aug 2021

The error message in server side is :

ssh-chat_1 | [sshd] 2021/11/09 18:22:16 [192.168.0.42:40768] Failed to handshake: [ssh: no auth passed yet, public key authentication required]

from ssh-chat.

Confirmed which? That the bug exists or that it does not?

If it exists, could you please confirm it with one of the more recent unreleased tags? E.g. https://github.com/shazow/ssh-chat/releases/tag/v1.11-rc1

from ssh-chat.

I can only confirm my own test since i don't have the skills to really investigate. (The bug seems to exists with the fedora 35 ssh client)
I will try to compile the v1.11 rc1 and test it.
If you can test with fedora 35 (gnome version) as client may be you could see the problem ?

from ssh-chat.