Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ssh: handshake failed: possible man-in-the-middle attack: knownhosts: key mismatch #152

Open
LennyPenny opened this issue Feb 9, 2023 · 9 comments
Assignees

Comments

@LennyPenny
Copy link

LennyPenny commented Feb 9, 2023

wishlist: 0.9.0

I'm getting this error when trying to connect to some of my hosts

Wishlist

Something went wrong:

ssh: handshake failed: possible man-in-the-middle attack: knownhosts: key mismatch

However when I just do normal ssh <hostname> I can connect just fine and the ~/.ssh/known_hosts file looks correct.

Wishlist.log says this:

lenny@skeleton ~> cat wishlist.log
2023/02/09 21:48:27 setting delegate height: 2
2023/02/09 21:48:28 offering public key via ssh agent: ssh-ed25519 xxx
2023/02/09 21:48:28 offering public key via ssh agent: ssh-ed25519 xxx
2023/02/09 21:48:28 got an error: failed to create session: connection failed: ssh: handshake failed: possible man-in-the-middle attack: knownhosts: key mismatch
2023/02/09 21:48:28 error: failed to create session: connection failed: ssh: handshake failed: possible man-in-the-middle attack: knownhosts: key mismatch

I'm using gpg-agent btw.

@caarlos0
Copy link
Member

Hi!

Wishlist uses its own known_hosts, stored at .wishlist in the CWD: https://github.com/charmbracelet/wishlist#running-it

Have you looked into it? It's likely that said host changed and is now offering another key...

@caarlos0 caarlos0 self-assigned this Feb 10, 2023
caarlos0 added a commit that referenced this issue Feb 10, 2023
refs #152

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
@LennyPenny
Copy link
Author

Hmm no .wishlist folder is created in the CWD for me.

Btw: is it possible to have this just live at a fixed location instead of the cwd?

@caarlos0
Copy link
Member

hmm, I improved the error message there, can you check again with main, it should display which known hosts it's using...

@LennyPenny
Copy link
Author

ssh: handshake failed: possible man-in-the-middle attack: knownhosts: key mismatch - if your host's key changed, you might need to edit "/home/lenny/.ssh/known_hosts"

however the keys are not mismatched (normal ssh works, and when I cat /etc/ssh/ssh_host_ed25519_key.pub on the server it matches the entry in my ~/.ssh/known_hosts

note: I have both rsa and ed25519 host keys on my server - maybe it's comparing the rsa host key to the ed25519 key in my known_hosts?

@LennyPenny
Copy link
Author

LennyPenny commented Feb 10, 2023

aah yes I found the issue!

When the server offers both rsa and ed25519 host keys and the local known hosts only contains the ed25519 one this error appears. If I add both keys or just the rsa one locally it works fine. However then #151 is the next issue

@caarlos0
Copy link
Member

golang/go#36126

seems like its a bug in Go...

@caarlos0
Copy link
Member

I'll try to take a swing at it later... but regardless... it'll take some time to get merged and released - if they accept it.

@caarlos0
Copy link
Member

let's go! golang/crypto#254

@caarlos0
Copy link
Member

update: still waiting on that PR :(

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants