Thread Tools Display Modes
05/20/22, 12:53 AM   #1
Drummerx04
AddOn Author - Click to view addons
Join Date: Sep 2017
Posts: 54
Git Authentication Issue

I'm trying to get a git repo set up for one of my addons on this site.

I'm following along this help page

Using git bash for windows, I run the following:

Code:
ssh-keygen -t ed25519 -C "[email protected]"
This succeeds and outputs keys (id_ed25519 and id_ed25519.pub) to the default directory ~/.ssh/

I then copy the public key onto ESOUI as described in the link provided.

However, I error out when authenticating. For debugging, I ran this
Code:
ssh -vT [email protected]
And the Output:
Code:
OpenSSH_8.8p1, OpenSSL 1.1.1m  14 Dec 2021
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to git.esoui.com [45.79.1.181] port 22.
debug1: Connection established.
debug1: identity file ~/.ssh/id_rsa type 0
debug1: identity file ~/.ssh/id_rsa-cert type -1
debug1: identity file ~/.ssh/id_dsa type -1
debug1: identity file ~/.ssh/id_dsa-cert type -1
debug1: identity file ~/.ssh/id_ecdsa type -1
debug1: identity file ~/.ssh/id_ecdsa-cert type -1
debug1: identity file ~/.ssh/id_ecdsa_sk type -1
debug1: identity file ~/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file ~/.ssh/id_ed25519 type 3            #Local Key is recognized
debug1: identity file ~/.ssh/id_ed25519-cert type -1
debug1: identity file ~/.ssh/id_ed25519_sk type -1
debug1: identity file ~/.ssh/id_ed25519_sk-cert type -1
debug1: identity file ~/.ssh/id_xmss type -1
debug1: identity file ~/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.10
debug1: compat_banner: match: OpenSSH_5.9p1 Debian-5ubuntu1.10 pat OpenSSH_5* compat 0x0c000002
debug1: Authenticating to git.esoui.com:22 as 'git'
debug1: load_hostkeys: fopen ~/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: [email protected] compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: [email protected] compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:q23OVanVJTzTUMuO5vZv9UqBib7I/kG+fIoR8t2tY18
debug1: load_hostkeys: fopen ~/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'git.esoui.com' is known and matches the ECDSA host key.
debug1: Found key in ~/.ssh/known_hosts:1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: ~/.ssh/id_rsa RSA SHA256:<fingerprint>
debug1: Will attempt key: ~/.ssh/id_dsa 
debug1: Will attempt key: ~/.ssh/id_ecdsa 
debug1: Will attempt key: ~/.ssh/id_ecdsa_sk 
debug1: Will attempt key: ~/.ssh/id_ed25519 ED25519 SHA256:<fingerprint>
debug1: Will attempt key: ~/.ssh/id_ed25519_sk 
debug1: Will attempt key: ~/.ssh/id_xmss 
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: ~/.ssh/id_rsa RSA SHA256:<fingerprint>
debug1: send_pubkey_test: no mutual signature algorithm
debug1: Trying private key: ~/.ssh/id_dsa
debug1: Trying private key: ~/.ssh/id_ecdsa
debug1: Trying private key: ~/.ssh/id_ecdsa_sk
debug1: Offering public key: ~/.ssh/id_ed25519 ED25519 SHA256:<figerprint>
debug1: Authentications that can continue: publickey
debug1: Trying private key: ~/.ssh/id_ed25519_sk
debug1: Trying private key: ~/.ssh/id_xmss
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).
At the bottom is the error I get when trying to use git with my repo. I'm at a bit of a loss as to what may be happening. Has anyone encountered this error on ESOUI and managed to fix it?
  Reply With Quote
05/20/22, 04:02 AM   #2
wookiefriseur
 
wookiefriseur's Avatar
Join Date: Mar 2014
Posts: 51
Try a higher verbosity:
Code:
ssh -vvv
. Maybe that will provide a better hint at what is happening.


I guess your pk already has the correct file access lvl? You can try to change it to the accepted value, if it is not already:
Code:
chmod 600 .\d_ed25519
  Reply With Quote
05/20/22, 09:10 AM   #3
Drummerx04
AddOn Author - Click to view addons
Join Date: Sep 2017
Posts: 54
Originally Posted by wookiefriseur View Post
Try a higher verbosity:
Code:
ssh -vvv
. Maybe that will provide a better hint at what is happening.


I guess your pk already has the correct file access lvl? You can try to change it to the accepted value, if it is not already:
Code:
chmod 600 .\d_ed25519
I have tried modifying the file permissions and it does not change the debug output. The testing was done on my Windows box, but I generated new keys on my mac, uploaded the public key, and I'm getting the same series of debug messages (but for the new fingerprints).

I'm kind of getting the impression that there may be a server issue, but if everyone else (who tries) is connecting just fine, then that seems less likely.
  Reply With Quote
06/13/22, 05:09 PM   #4
Drummerx04
AddOn Author - Click to view addons
Join Date: Sep 2017
Posts: 54
As a quick followup here, I was able to easily put the same exact public key onto Github.com and ssh authentication went through without a hitch using exactly the same key pair. I did also try standard RSA key pairs on esoui as well, so the issue does not appear to be protocol specific.

I think it's reasonably safe to say I'm not incorrect with my process here and my setup isn't critically broken on my end, but it appears that git support on esoui is broken in some way from the server side. Maybe it's not worth fixing, but it is still disappointing.

Maybe the setup instructions for git should be updated to reflect that the option is non-functional, unless I'm the only one having issues (or even trying to use the services).

Thank you, wookie for trying to help. The extra debugging info was interesting, but not helpful. A connection attempt to github shows what should happen when offering a valid key.
Code:
...
debug1: Offering public key: /c/Users/<username>/.ssh/id_ed25519 ED25519 SHA256:TRo1+EbUEgApsrOXXMMbOTmMMkcRD/0rOuQBC9x84sU explicit
debug1: Server accepts key: /c/Users/<username>/.ssh/id_ed25519 ED25519 SHA256:TRo1+EbUEgApsrOXXMMbOTmMMkcRD/0rOuQBC9x84sU explicit
...
But obviously I'm not getting that response from esoui, so probably my public keys are being "missed" or ignored by the server in some way, and I don't have a way to reasonably fix that issue on my end.
  Reply With Quote
06/13/22, 05:41 PM   #5
Dolby
Every day I'm shuffling
 
Dolby's Avatar
Premium Member
WoWInterface Admin
Join Date: Feb 2004
Posts: 1,276
Sorry I didn't notice this thread since it I thought it was about normal git auth and not ESOUI related. (moved to our site forum)

Looking at our logs I have some issues with some ssh-ed25519 keys that I'm debugging and grepping your IP in my logs you are hitting that issue.

Try an RSA key, I know you said you tried one already but maybe generate a RSA key
Code:
ssh-keygen -t rsa -b 4096 -f key-for-esoui
Make sure git is using that key when talking to our git server. If you have both default id_* private keys in .ssh it will try and use the ed25519 key by default. So you could add to your .ssh/config something like this...
Code:
host git.esoui.com
user git
HostName git.esoui.com
port 22
IdentityFile ~/.ssh/key-for-esoui
Then grab the public end
Code:
cat ~/.ssh/key-for-esoui.pub
and add it to your keys here.

Last edited by Dolby : 06/13/22 at 11:33 PM.
  Reply With Quote
06/14/22, 06:47 PM   #6
Drummerx04
AddOn Author - Click to view addons
Join Date: Sep 2017
Posts: 54
Originally Posted by Dolby View Post
Sorry I didn't notice this thread since it I thought it was about normal git auth and not ESOUI related. (moved to our site forum)

Looking at our logs I have some issues with some ssh-ed25519 keys that I'm debugging and grepping your IP in my logs you are hitting that issue.

Try an RSA key, I know you said you tried one already but maybe generate a RSA key
Code:
ssh-keygen -t rsa -b 4096 -f key-for-esoui
Make sure git is using that key when talking to our git server. If you have both default id_* private keys in .ssh it will try and use the ed25519 key by default. So you could add to your .ssh/config something like this...
Code:
host git.esoui.com
user git
HostName git.esoui.com
port 22
IdentityFile ~/.ssh/key-for-esoui
Then grab the public end
Code:
cat ~/.ssh/key-for-esoui.pub
and add it to your keys here.
Thank you for the assist. When trying a newly generated RSA key (using your provided parameters and config), I'm now notably getting this error
Code:
	
	debug1: send_pubkey_test: no mutual signature algorithm
  Reply With Quote
06/14/22, 06:54 PM   #7
Dolby
Every day I'm shuffling
 
Dolby's Avatar
Premium Member
WoWInterface Admin
Join Date: Feb 2004
Posts: 1,276
I think I need to work on openssh on the git server. I am curious though if you could add this to your .ssh/config under git.esoui.com... if that will fix the issue for now?
Code:
PubkeyAcceptedKeyTypes +ssh-rsa
  Reply With Quote
06/14/22, 10:01 PM   #8
Drummerx04
AddOn Author - Click to view addons
Join Date: Sep 2017
Posts: 54
Originally Posted by Dolby View Post
I think I need to work on openssh on the git server. I am curious though if you could add this to your .ssh/config under git.esoui.com... if that will fix the issue for now?
Code:
PubkeyAcceptedKeyTypes +ssh-rsa
That did resolve the issue. I'm guessing that's a deprecated key algorithm in newer Openssl libraries, so it had to be enabled to work with this site?
  Reply With Quote

ESOUI » Site Forums » Site help, bugs, suggestions/questions » Git Authentication Issue

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off