ssh-tpm-agent icon indicating copy to clipboard operation
ssh-tpm-agent copied to clipboard

Published 20 hours ago verified publisher icon Foxboron

`error in libcrypto` if loaded key is replaced

Open dcousens opened this issue 1 year ago • 5 comments
trafficstars

When testing, I used ssh-tpm-keygen to replace an existing test.tpm that had already been loaded by my running ssh-tpm-agent:

$ ssh-tpm-agent -d
time=2024-07-13T00:54:01.989+10:00 level=INFO msg="Warning: ssh-tpm-agent is meant to run as a background daemon."
time=2024-07-13T00:54:01.989+10:00 level=INFO msg="Running multiple instances is likely to lead to conflicts."
time=2024-07-13T00:54:01.989+10:00 level=INFO msg="Consider using a systemd service."
time=2024-07-13T00:54:01.989+10:00 level=INFO msg="Listening on socket" path=/run/user/1000/ssh-tpm-agent.sock
time=2024-07-13T00:54:01.989+10:00 level=DEBUG msg="called loadkeys"
time=2024-07-13T00:54:01.989+10:00 level=DEBUG msg="skipping key: does not have .tpm suffix" name=/home/daniel/.ssh/config
...
time=2024-07-13T00:54:01.990+10:00 level=DEBUG msg="added TPM key" name=/home/daniel/.ssh/test.tpm
...

Then, without restarting ssh-tpm-agent and with ssh-tpm-keygen having replaced test.tpm, by then running ssh ... the following error is shown:

Load key "/home/daniel/.ssh/test.pub": error in libcrypto

The followup output for this interaction from ssh-tpm-agent -d is relatively minimal, with no indicative error:

time=2024-07-13T01:01:51.682+10:00 level=DEBUG msg="called extensions"
time=2024-07-13T01:01:51.682+10:00 level=DEBUG msg="called list"

Restarting ssh-tpm-agent resolves the problem.

dcousens avatar Jul 12 '24 15:07 dcousens

Yep, this sounds like a bug :) Thanks!

Foxboron avatar Jul 12 '24 15:07 Foxboron

I suspect this fixes you issue, but I haven't tested yet.

https://github.com/Foxboron/ssh-tpm-agent/commit/800e6c9232551995287c2d9ffc5c020d90c85bfb

Foxboron avatar Jul 13 '24 21:07 Foxboron

Doesn't appear to be resolved

# ssh-tpm-keygen -f test
#   and added test.pub to authorized keys

$ git rev-parse HEAD
54a466a8eec3b48b374e05908dfa11b112392c30

$ ./bin/ssh-tpm-agent -d
time=2024-07-14T10:16:44.485+10:00 level=INFO msg="Warning: ssh-tpm-agent is meant to run as a background daemon."
time=2024-07-14T10:16:44.485+10:00 level=INFO msg="Running multiple instances is likely to lead to conflicts."
time=2024-07-14T10:16:44.485+10:00 level=INFO msg="Consider using a systemd service."
time=2024-07-14T10:16:44.486+10:00 level=INFO msg="Listening on socket" path=/run/user/1000/ssh-tpm-agent.sock
time=2024-07-14T10:16:44.486+10:00 level=DEBUG msg="called loadkeys"
time=2024-07-14T10:16:44.486+10:00 level=DEBUG msg="skipping key: does not have .tpm suffix" name=/home/daniel/.ssh/config
# ...
time=2024-07-14T10:16:44.486+10:00 level=DEBUG msg="added TPM key" name=/home/daniel/.ssh/test.tpm
# ...

# ssh OK
time=2024-07-14T10:16:54.783+10:00 level=DEBUG msg="called extensions"
time=2024-07-14T10:16:54.784+10:00 level=DEBUG msg="called list"
time=2024-07-14T10:16:55.091+10:00 level=DEBUG msg="called signwithflags"

# ssh-tpm-keygen -f test
#   and added test.pub to authorized keys

# ssh ERROR
#   Load key "/home/daniel/.ssh/test.pub": error in libcrypto
time=2024-07-14T10:17:37.177+10:00 level=DEBUG msg="called extensions"
time=2024-07-14T10:17:37.177+10:00 level=DEBUG msg="called list"

Ps. thank you for fixing f8a5360393a33c7b162cb323ad09ced5a9d0738f :yellow_heart:

dcousens avatar Jul 14 '24 00:07 dcousens

Can't reproduce with the details you have given so far.

Foxboron avatar Jul 14 '24 11:07 Foxboron

Interesting! I'll try and automate a reproduction when I can

dcousens avatar Jul 14 '24 13:07 dcousens

I still can't reproduce, so closing this until we can get more information.

Foxboron avatar Nov 23 '24 17:11 Foxboron