passforios icon indicating copy to clipboard operation
passforios copied to clipboard

Published 20 hours ago verified publisher icon mssun

Failed to clone repository: Unable to exchange encryption keys

Open benjaminbhollon opened this issue 1 year ago • 7 comments

This started recently, but every time I try to clone from my password repository I get this error:

Failed to clone repository from ssh://feynman/~/git/passwords to file file://private/var/mobile/Containers/Shared/AppGroup/273C16E8-30FE-4A34-B427-9987462E427D/Library/password-store-temp
Underlying Error: failed to start SSH session: Unable to exchange encryption keys

This exact configuration worked previously. I think it stopped after some updates on the server I'm trying to clone from.

Any pointers you have are much appreciated.

benjaminbhollon avatar Jun 23 '23 12:06 benjaminbhollon

I also get a similar error now. „Unable to exchange encryption keys“. Can someone tell what algorithms are now used when connecting via ssh? I’m no swift expert, but might be due to a dependency update.

apfohl avatar Jul 06 '23 20:07 apfohl

Might be related to #624

apfohl avatar Jul 07 '23 10:07 apfohl

My best guess is that it's an incompatibility between whatever library the app is using and more recent versions of git—or, more likely, ssh—on the server side.

Looking at that issue, I am running NixOS for the server I'm trying to sync to (though I'm using just a bare git repo rather than a frontend like Gitea) so it could definitely be related.

benjaminbhollon avatar Jul 07 '23 15:07 benjaminbhollon

Exactly the same issue for me, also running NixOS on the server. Definitely seems related to the linked issue.

charlie-collard avatar Aug 06 '23 09:08 charlie-collard

Having the same issue too. passforios on iPad, and my password-store on a NixOS machine accessible via SSH.

It could be a problem related to the key generation algorithm: #153 .

I used ssh-keygen in iSH app to generate keys using RSA with default settings, is there any other algorithm that works?

Edit: I was able to succesfully clone my password-store with the same configuration using password-store app on Android. So the issue with passforios is likely coming from the git or ssh version/implementation they use.

adamoudad avatar Jul 29 '24 10:07 adamoudad

@adamoudad as a workaround, adding this to my server NixOS config fixed this issue, along with using a ssh-ed25519 key instead of ssh-rsa. Definitely not ideal though, as I assume there was a security reason this MAC was disabled in the first place.

services.openssh.settings.Macs = [ "hmac-sha2-512" ];

charlie-collard avatar Jul 29 '24 12:07 charlie-collard

Thanks for the workaround @charlie-collard !

For compatibility, it might be best to append hmac-sha2-512 to the default list used by the Nix option.

services.openssh.settings.Macs = [
      "[email protected]"
      "[email protected]"
      "[email protected]"
      "hmac-sha2-512" # For compatibility with passforios
      ];

In case hmac-sha2-512 does not work, more options to try out can found here https://github.com/mssun/passforios/issues/624#issuecomment-1630883156

adamoudad avatar Jul 29 '24 13:07 adamoudad