romanz
SSH Instructions out of date?
The SSH instructions state to use the following command to export the public key for access to services such as Github.
$ trezor-agent -v -e ed25519 [email protected] > ~/.ssh/github.pub
However, I would get the following error message:
Error loading key "/home/doolio/.ssh/github.pub": invalid format
It seems Github does not accept the ed25519 ECDSA curve. Removing the -e option creates a nist256p1 key pair which was acceptable to Github.
Could you please attach the logging output?
On my machine, it seems to work:
$ trezor-agent -v -e ed25519 [email protected] > ~/.ssh/github.pub
2022-09-14 21:13:45,510 INFO identity #0: <ssh://[email protected]|ed25519> [__init__.py:273]
2022-09-14 21:13:45,511 INFO using [b'ttyname=/dev/pts/3', b'display=:0'] for pinentry options [ui.py:94]
2022-09-14 21:13:46,558 INFO Enumerating UdpTransport: found 0 devices [__init__.py:120]
2022-09-14 21:13:46,560 INFO Enumerating BridgeTransport: found 0 devices [__init__.py:120]
2022-09-14 21:13:46,569 INFO Enumerating WebUsbTransport: found 1 devices [__init__.py:120]
2022-09-14 21:13:46,606 INFO Enumerating HidTransport: found 0 devices [__init__.py:120]
2022-09-14 21:13:46,606 INFO creating client instance for device: webusb:001:6 [client.py:92]
Apologies, I was not clear. I was able to export the public key with this command. But when I copied the key into my account on Github and then tried to connect I got the error I reported.
You can use the following command to test GitHub connection:
$ trezor-agent -v -e ed25519 [email protected] -- ssh -T [email protected]
2022-09-24 20:09:22,077 INFO identity #0: <ssh://[email protected]|ed25519> [__init__.py:273]
2022-09-24 20:09:22,078 INFO using [b'ttyname=/dev/pts/2', b'display=:0'] for pinentry options [ui.py:94]
2022-09-24 20:09:22,082 INFO running ['ssh', '-T', '[email protected]'] with {'SSH_AUTH_SOCK': '/tmp/trezor-ssh-agent-xjfcptqh', 'SSH_AGENT_PID': '6841'} [server.py:156]
2022-09-24 20:09:22,688 INFO Enumerating BridgeTransport: found 0 devices [__init__.py:120]
2022-09-24 20:09:22,698 INFO Enumerating WebUsbTransport: found 1 devices [__init__.py:120]
2022-09-24 20:09:22,735 INFO Enumerating HidTransport: found 0 devices [__init__.py:120]
2022-09-24 20:09:23,744 INFO Enumerating UdpTransport: found 0 devices [__init__.py:120]
2022-09-24 20:09:23,744 INFO creating client instance for device: webusb:001:6 [client.py:92]
2022-09-24 20:09:25,880 INFO please confirm user "git" login to "<ssh://[email protected]|ed25519>" using Trezor... [client.py:47]
2022-09-24 20:09:25,881 INFO Enumerating BridgeTransport: found 0 devices [__init__.py:120]
2022-09-24 20:09:25,889 INFO Enumerating WebUsbTransport: found 1 devices [__init__.py:120]
2022-09-24 20:09:25,925 INFO Enumerating HidTransport: found 0 devices [__init__.py:120]
2022-09-24 20:09:26,937 INFO Enumerating UdpTransport: found 0 devices [__init__.py:120]
2022-09-24 20:09:26,937 INFO creating client instance for device: webusb:001:6 [client.py:92]
2022-09-24 20:09:26,978 INFO Successfully resumed session [client.py:304]
2022-09-24 20:09:29,320 INFO signature status: OK [protocol.py:158]
Hi romanz! You've successfully authenticated, but GitHub does not provide shell access.
Yes, generating the key and using this command now works. Not sure why it didn't for me before. It was failing on both github and gitlab so I had assumed they no longer accepted such keys.
Does it matter which we use: ed25519 or nist256p1? Would you recommend one over the other for this use case?
Sorry for the noise and thanks for your time. Feel free to close.
$ trezor-agent -v -e ed25519 [email protected] -- ssh -T [email protected]
2022-09-27 07:41:13,836 INFO identity #0: <ssh://[email protected]|ed25519> [__init__.py:273]
2022-09-27 07:41:13,838 INFO using [b'ttyname=/dev/pts/1', b'display=:0.0'] for pinentry options [ui.py:94]
2022-09-27 07:41:13,843 INFO running ['ssh', '-T', '[email protected]'] with {'SSH_AUTH_SOCK': '/tmp/trezor-ssh-agent-as9o1fqp', 'SSH_AGENT_PID': '6872'} [server.py:156]
2022-09-27 07:41:14,524 INFO Enumerating WebUsbTransport: found 1 devices [__init__.py:134]
2022-09-27 07:41:14,527 INFO Enumerating HidTransport: found 0 devices [__init__.py:134]
2022-09-27 07:41:14,532 INFO Enumerating BridgeTransport: found 1 devices [__init__.py:134]
2022-09-27 07:41:14,532 INFO Enumerating UdpTransport: found 0 devices [__init__.py:134]
2022-09-27 07:41:14,532 INFO creating client instance for device: webusb:001:6 [client.py:115]
2022-09-27 07:41:16,543 INFO please confirm user "git" login to "<ssh://[email protected]|ed25519>" using Trezor... [client.py:47]
2022-09-27 07:41:16,544 INFO Enumerating WebUsbTransport: found 1 devices [__init__.py:134]
2022-09-27 07:41:16,547 INFO Enumerating HidTransport: found 0 devices [__init__.py:134]
2022-09-27 07:41:16,553 INFO Enumerating BridgeTransport: found 1 devices [__init__.py:134]
2022-09-27 07:41:16,554 INFO Enumerating UdpTransport: found 0 devices [__init__.py:134]
2022-09-27 07:41:16,554 INFO creating client instance for device: webusb:001:6 [client.py:115]
2022-09-27 07:41:16,588 INFO Successfully resumed session [client.py:352]
2022-09-27 07:41:20,161 INFO signature status: OK [protocol.py:158]
Hi doolio! You've successfully authenticated, but GitHub does not provide shell access.