-
Notifications
You must be signed in to change notification settings - Fork 770
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ssh-agent: agent returned different signature type #1263
Comments
Can you detail how the keys were generated in the first place? |
In my case I generated it using ssh-keygen from System32/OpenSSH (don't remember but I don't think I had any extra arguments). |
I also generated mine with |
Got it. Investigating. |
The reason for this is you are giving public key to ssh-agent via |
@the1derer if you're replying to the original issue please see that the command used was |
For a discussion of this symptom in another product see: Especially:
|
Hi, I'm also warned about different signature. Moreover, authentication with public key fails, and ssh client falls back to password authentication:
Log from server:
However, if I remove keys from ssh-agent and ssh uses keys from
Is it a bug? Are you aware of it? Is there any workaround for it? |
@admo what's your server OS & OpenSSH version ? |
@manojampalam OpenSSH_7.9p1, OpenSSL 1.1.1 FIPS 11 Sep 2018 |
Thanks. ssh-agent on Windows is using an older signing algorithm that your sever is rejecting. The issue is with ssh-agent version on Windows and there isn't any workaround unfortunately. I'll have it fixed shortly and can issue a patched version of ssh-agent if you prefer. |
@manojampalam understood. Could I somehow deploy patched version on my host? |
PowerShell/Win32-OpenSSH#1263 Issue: ssh-agent is using default sign algorithm, without considering related flags in request Fix: parse flags and consider sign algorithm input PowerShell/Win32-OpenSSH#1234 Issue: ssh-agent has old logic to lookup sshd account Fix: remove this redundant logic
It's not clear what the fix is here? I'm seeing this. |
Hey @manojampalam, is there a way to update the agent binary without having to wait for a windows update? Edit: Never mind, I figured it out myself. I ended up downloading the latest release (v7.9.0.0p1-Beta at this time) and replaced the files in |
The is one other less intrusive way. Download the latest release bits to a different location, edit install.ps1 to just install ssh-agent service. This will override the default ssh-agent service registration to pick up binary from new location. |
Works flawlessly, thanks! In case someone finds it useful: download the latest release from here and substitute the "install-sshd.ps1" script for this one. Also, remember to temporarily change Windows' Execution Policy in order to allow the script to execute, as described here. |
@dbuades can MSFT post your script somewhere with instructions |
When does this get released? This prevents vscode remote from properly functioning. |
Does it? I’ve been messing with vscode remoting since it was released in the Insiders beta and it seems fine? |
It does since I updated my server to Ubuntu 19.04 today. I get the signature mismatch, the login attempt gets aborted and fail2ban blocks my after a few tries. |
Sure thing, but it would be easier if they just updated the OpenSSH version bundled with Windows. My script is just a workaround until they update it. |
@manojampalam / @musm can you communicate what the cause of the delay is in deploying the fix? Sounds like you fixed this 6 months ago. I've been recommending people use this ssh client instead of PuTTY but I am starting to think I should stop doing that? |
this is the easiest solution. Thanks |
ssh-keygen -t ecdsa -b 521 -G .\test.key
ssh-add .\test.key
Error loading key ".\test.key": invalid format I was hoping for your solution to indeed work but this software just doesn't work as expected. |
@metablaster I saw this error message too. To fix that I used a Full Path, instead of Relative. e.g. c:%USER%.ssh\yourkey |
Ah OK, thank you! It looks like problem is not with relative path but with ssh-keygen -t ecdsa -b 521 -G C:\Users\USERNAME\.ssh\id_ecdsa What will happen is that no public key will be generated, only private (or vice versa?), I tried escaping the path but no change: ssh-keygen -t ecdsa -b 521 -G C:\\Users\\USERNAME\\.ssh\\id_ecdsa Anyway omitting the It's also strange that specifying -G option will take 55 sec. to generate key, while without -G option the key is generated in just 3 seconds. |
So, it's been 1.5 years and this is still not fixed? Way to go, guys... @bingbing8 is my assumption correct, that this issue will never make it now to WIn10 release, as OpenSSH is being maintained in this repo? |
@Omniptizator As already explained in this thread, the issue is fixed and you can download a release containing this fix from the Releases page of this project. I've posted a guide how to use it in a comment above. Whether the version containing a fix is included in Windows is not up to this project's maintainers. |
@gronostajo seems like I've got wrong impression about this repository then. The guide helps, thank you for your explanation! Edit: I'm sorry about letting my frustration go the wrong way. Hopefully, this will at least prevent comments/questions of such kind further in this thread. |
For people like @Omniptizator still looking for an answer that was already posted many times before, here's an easier installation method.
|
@NatoBoram Isn't that the point? That, since MS added an openssh-client to the OS, it should be also part of Windows Updates/Upgrades, to be kept on the latest release? Without the need for any Third-Party software? |
@xenadmin We all agree that it's frustrating that the fix is not available in Windows by default. This is a repository for OpenSSH though, not for Windows. What's bundled with Windows is not within scope of this project. |
@gronostajo It was that comment (#1263 (comment)) that lead me to my assumption. |
MSFT should've never released OpenSSH through Windows Optional features in the first place, since it never gets updated. They should've distributed it via the store... |
Today is 02-12-2021 and the lastest Window's update (which came last night) did not have the fix. It's Version 2004 OS Build 19041.804. Running the install powershell from your downloadable update fixed it for me, except the that the next Window's update that comes down the line will probably break it, and I'll have to re-install your update, but thank you for making this update/fix publicly available ! |
Confirmed this worked but I had to backtrack and first install scoop then Thanks.. very annoying. |
@joe-p thank you so much for your solution! This worked for me. I really think Microsoft should update their openssh integration with windows update or at least integrate a fix within the newer versions of powershell. |
I have 3 different Linux-based systems running in my home. Two of the systems worked, while the one running Ubuntu Server 20.10 presented the key mismatch error. Following the advice from above, I:
Afterwards ssh'ing to all 3 systems worked correctly. |
Chocolatey provides OpenSSH 8.0.0.1:
From PowerShell as Administrator, install OpenSSH with the ssh-agent service:
|
When I run that command in Powershell I get: Do I need to uninstall ssh-agent first? |
@FlexMcMurphy I'd guess that you'd have to remove all instances of the OpenSSH client, in particular the optional one in Windows. |
@derekmahar Cheers. |
In my experience, (Windows 10 - 20H2 OS Build 19042.928) I didn't have to install newer OpenSSH via Chocolatey or anything. I uninstalled OpenSSH client (Start -> Apps & Features -> Other Features), restarted the system and then installed it again and it fixed the problem. |
genius |
Windows updated today, which made my start menu and taskbar completely transparent (had to disable transparency effects to fix), as well as breaking ssh again. So glad I found/commented/followed this thread so I could remember what I did to fix it! Wonder if it's ever not gonna be broken 🤣 |
If anyone is curious, Windows 20H2 (19042.928) comes with OpenSSH 7.7.2.1:
This version was released in 2018. Microsoft has been saying a new release of OpenSSH will come with every single Windows update, and every single update does not have a new version. They clearly have abandoned this project. Don't install it through Windows. Stop waiting for it to be fixed. |
Please refer to #1693 for news about OpenSSH V8.1. |
Windows 10 version 21H1 comes with OpenSSH 8.1, which has this bug fixed. The PATH modification can be reverted now, so that The upgrade to 21H1 disables the agent service though. It must be re-enabled in |
Under Windows 10.8 LTS Arium ([version 10.0.19044.3086), I fixed the problem with the installation of : |
Is there any workaround for Windows 10.0.18363 N/A Build 18363 ? |
"OpenSSH for Windows" version
7.7.2.0
Client OperatingSystem
Windows 10 Enterprise (1709)
What is failing
I've installed the 'ssh-agent' service. I call
ssh-add
to add my key to the agent. I'm asked to provide my passphrase, which I do. When I use thessh
command I get warning: agent returned different signature type ssh-rsa (expected rsa-sha2-512).Expected output
No warning.
Actual output
warning: agent returned different signature type ssh-rsa (expected rsa-sha2-512).
The text was updated successfully, but these errors were encountered: