x/crypto/ssh: can't establish ssh connection using signed key #54027
Description
What version of Go are you using (go version)?
$ go version go version go1.18.4 linux/amd64
Does this issue reproduce with the latest release?
yes
What operating system and processor architecture are you using (go env)?
ubuntu 18.04 amd64
go env Output
$ go env GO111MODULE="" GOARCH="amd64" GOBIN="" GOCACHE="/home/XXX/.cache/go-build" GOENV="/home/XXX/.config/go/env" GOEXE="" GOEXPERIMENT="" GOFLAGS="" GOHOSTARCH="amd64" GOHOSTOS="linux" GOINSECURE="" GOMODCACHE="/var/tmp/go/pkg/mod" GONOPROXY="" GONOSUMDB="" GOOS="linux" GOPATH="/var/tmp/go" GOPRIVATE="" GOPROXY="https://proxy.golang.org,direct" GOROOT="/home/XXX/bin/go1.18.4" GOSUMDB="sum.golang.org" GOTMPDIR="" GOTOOLDIR="/home/XXX/bin/go1.18.4/pkg/tool/linux_amd64" GOVCS="" GOVERSION="go1.18.4" GCCGO="gccgo" GOAMD64="v1" AR="ar" CC="gcc" CXX="g++" CGO_ENABLED="1" GOMOD="/home/XXX/work/go/go.mod" GOWORK="" CGO_CFLAGS="-g -O2" CGO_CPPFLAGS="" CGO_CXXFLAGS="-g -O2" CGO_FFLAGS="-g -O2" CGO_LDFLAGS="-g -O2" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build2094095442=/tmp/go-build -gno-record-gcc-switches"
What did you do?
$ go run 001-ssh-test.go 127.0.0.1:22
2022/07/24 08:44:16 Connecting to 127.0.0.1:22
2022/07/24 08:44:16 We've got a live session!
$ go run 001-ssh-test.go 10.19.197.10:22
2022/07/24 08:44:25 Connecting to 10.19.197.10:22
2022/07/24 08:44:28 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
exit status 1
$ cat 001-ssh-test.go
package main
import (
"log"
"net"
"os"
"os/user"
"golang.org/x/crypto/ssh"
"golang.org/x/crypto/ssh/agent"
)
func logFatal(err error) {
if err != nil {
log.Fatal(err)
}
}
func main() {
sock, err := net.Dial("unix", os.Getenv("SSH_AUTH_SOCK"))
logFatal(err)
u, err := user.Current()
logFatal(err)
cfg := &ssh.ClientConfig{
User: u.Username,
Auth: []ssh.AuthMethod{ssh.PublicKeysCallback(agent.NewClient(sock).Signers)},
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
log.Printf("Connecting to %s\n", os.Args[1])
client, err := ssh.Dial("tcp", os.Args[1], cfg)
logFatal(err)
_, err = client.NewSession()
logFatal(err)
log.Println("We've got a live session!")
}
$ cat go.mod
module test
require golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa
require golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect
go 1.18
$
What did you expect to see?
Connection is established using signed key.
What did you see instead?
Connection is not established with an error message:
ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
Additional information
I have 2 keys in the agent and I can connect ok via ssh command to 127.0.0.1 (accepts only unsigned keys) and 10.19.197.10 (accepts only signed keys):
$ ssh-add -l
4096 SHA256:m+Hthc93TjF0wcAoq8OyrKZjDl8LE5ddhQwzwnBA02c /home/XXX/.ssh/id_rsa (RSA)
4096 SHA256:m+Hthc93TjF0wcAoq8OyrKZjDl8LE5ddhQwzwnBA02c /home/XXX/.ssh/id_rsa (RSA-CERT)
$ ssh 127.0.0.1 "dpkg -l|grep openssh"
Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts.
ii openssh-client 1:7.6p1-4ubuntu0.7 amd64 secure shell (SSH) client, for secure access to remote machines
ii openssh-server 1:7.6p1-4ubuntu0.7 amd64 secure shell (SSH) server, for secure access from remote machines
ii openssh-sftp-server 1:7.6p1-4ubuntu0.7 amd64 secure shell (SSH) sftp server module, for SFTP access from remote machines
$ ssh 10.19.197.10 "dpkg -l|grep openssh"
ii openssh-client 1:7.6p1-4ubuntu0.6 amd64 secure shell (SSH) client, for secure access to remote machines
ii openssh-server 1:7.6p1-4ubuntu0.6 amd64 secure shell (SSH) server, for secure access from remote machines
ii openssh-sftp-server 1:7.6p1-4ubuntu0.6 amd64 secure shell (SSH) sftp server module, for SFTP access from remote machines
$
Versions of the ssh components are in the output above.