trzsz-ssh
trzsz-ssh copied to clipboard
trzsz
feat: 添加对 SSH agent restriction 特性的支持
如题,现在只要为相关的 publickey 认证配置了 SSH destination constraints, tssh 就无法从 SSH-Agent 获取到正确的 private key 进行签名和认证。
这是我的折腾笔记: https://blog.gazer.win/essay/quickstart-for-keepass-with-keeagent.html
相关资料: https://www.openssh.com/agent-restrict.html
需要 go 的 agent 库 https://pkg.go.dev/golang.org/x/crypto/ssh/agent 支持才能做到。可能已经支持了吧,但我没找到相关的资料和 API,不知怎么传 host 相关的信息给 ssh agent 。
需要 go 的 agent 库 https://pkg.go.dev/golang.org/x/crypto/ssh/agent 支持才能做到。可能已经支持了吧,但我没找到相关的资料和 API,不知怎么传 host 相关的信息给 ssh agent 。
需要这边提供 ssh -vvv 的链接日志么?
需要这边提供 ssh -vvv 的链接日志么?
不用,这是新版本 openssh 提供的功能,我只是没找到 go 的 agent 库如何支持,或者还不支持?
IdentitiesOnly 已支持,SSH agent restriction 可能要等 go agent 支持 https://github.com/golang/go/issues/63949
IdentitiesOnly 已支持,SSH agent restriction 可能要等 go agent 支持 golang/go#63949
tssh v0.1.22 能正常认证,tssh v0.1.23 无法通过认证
# tssh.v0.1.22 --debug host_alias
debug: open C:\Users\<user>\.tssh.conf success
debug: Language = Chinese
debug: SetTerminalTitle = Yes
debug: open config [C:\Users\<user>\.ssh\config] success
debug: decode config [C:\Users\<user>\.ssh\config] success
debug: extended config [C:\Users\<user>\.ssh\password] does not exist
Warning: ControlMaster is not supported on Windows
Warning: ControlPath is not supported on Windows
debug: new ssh agent client [\\.\pipe\openssh-ssh-agent] success
debug: will attempt key: ssh-agent [email protected] SHA256:-----SHA256_BASE64_STRING-----
Warning: read private key [C:\Users\<user>\.ssh\user_key-cert.pub.d\host_domain_or_ipaddr] failed: open C:\Users\<user>\.ssh\user_key-cert.pub.d\host_domain_or_ipaddr: The system cannot find the file specified.
debug: add auth method: public key authentication
debug: disable auth method: keyboard interactive authentication
debug: disable auth method: password authentication
debug: add UserKnownHostsFile: C:\Users\<user>\.ssh\known_hosts
debug: UserKnownHostsFile [C:\Users\<user>\.ssh\known_hosts2] does not exist
debug: GlobalKnownHostsFile [/etc/ssh/ssh_known_hosts] does not exist
debug: GlobalKnownHostsFile [/etc/ssh/ssh_known_hosts2] does not exist
debug: user declared ciphers: [[email protected] aes128-ctr aes192-ctr aes256-ctr [email protected] [email protected] aes128-cbc aes192-cbc aes256-cbc]
debug: client supported ciphers: [[email protected] aes128-ctr aes192-ctr aes256-ctr [email protected] [email protected] aes128-cbc]
debug: login to [host_alias], addr: host_domain_or_ipaddr:22
debug: sign with algorithm [ssh-ed25519]: SHA256:-----SHA256_BASE64_STRING-----
debug: login to [host_alias] success
debug: no extended config [UdpMode] for [host_alias]
debug: request ssh agent forwarding success
debug: no extended config [ExpectCount] for [host_alias]
debug: no extended config [EnableTrzsz] for [host_alias]
debug: no extended config [EnableZmodem] for [host_alias]
debug: no extended config [EnableDragFile] for [host_alias]
debug: no extended config [EnableOSC52] for [host_alias]
debug: no extended config [DragFileUploadCommand] for [host_alias]
# tssh.v0.1.23 --debug host_alias
debug: open C:\Users\<user>\.tssh.conf success
debug: Language = Chinese
debug: SetTerminalTitle = Yes
debug: open config [C:\Users\<user>\.ssh\config] success
debug: decode config [C:\Users\<user>\.ssh\config] success
debug: extended config [C:\Users\<user>\.ssh\password] does not exist
debug: no extended config [HideHost] for [host_alias]
debug: no extended config [DnsSrvName] for [host_alias]
Warning: ControlMaster is not supported on Windows
Warning: ControlPath is not supported on Windows
Warning: read private key [C:\Users\<user>\.ssh\user_key-cert.pub.d\host_domain_or_ipaddr] failed: open C:\Users\<user>\.ssh\user_key-cert.pub.d\host_domain_or_ipaddr: The system cannot find the file specified.
debug: disable auth method: gssapi-with-mic authentication
debug: disable auth method: keyboard interactive authentication
debug: disable auth method: password authentication
debug: add UserKnownHostsFile: C:\Users\<user>\.ssh\known_hosts
debug: UserKnownHostsFile [C:\Users\<user>\.ssh\known_hosts2] does not exist
debug: GlobalKnownHostsFile [/etc/ssh/ssh_known_hosts] does not exist
debug: GlobalKnownHostsFile [/etc/ssh/ssh_known_hosts2] does not exist
debug: user declared ciphers: [[email protected] aes128-ctr aes192-ctr aes256-ctr [email protected] [email protected] aes128-cbc aes192-cbc aes256-cbc]
debug: client supported ciphers: [[email protected] aes128-ctr aes192-ctr aes256-ctr [email protected] [email protected] aes128-cbc]
debug: login to [host_alias], addr: host_domain_or_ipaddr:22
new conn [host_domain_or_ipaddr:22] failed: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain
# cat ~\.ssh\config
# Unless noted otherwise, for each parameter, the first obtained value will be used.
# 按照首次赋值优先(first-set-wins)原则,泛匹配规则应该放在尾部
#
# https://www.openssh.com/manual.html
Host host_alias
HostName host_domain_or_ipaddr
PasswordAuthentication no
# 全局配置(必须置底,防止覆盖其它独立配置)
Host *
CheckHostIP no
ControlMaster auto
ControlPersist 4h
IdentitiesOnly yes
IdentityFile ~/.ssh/user_key-cert.pub.d/%h
ForwardAgent yes
KbdInteractiveAuthentication no
PasswordAuthentication yes
PubkeyAuthentication yes
PreferredAuthentications publickey,password
Port 22
TCPKeepAlive yes
StrictHostKeyChecking ask
User root
#HostKeyAlgorithms ^[email protected],ssh-ed25519
#PubkeyAcceptedAlgorithms ^[email protected],ssh-ed25519
# for Linux - Windows 暂不支持 ControlMaster,配置 ControlPath 路径会导致无法正常发起 ssh 会话
# ControlMaster 可复用已创建的 SSH 会话连接,节约连接和传输时间
Match Exec "dir /etc 1>/dev/null 2>&1"
ControlPath ~/.ssh/.mux.d/%u_%r@%h:%p.sock
# ssh -vv host_alias
OpenSSH_for_Windows_9.5p2, LibreSSL 3.8.2
debug1: Reading configuration data C:\\Users\\<user>/.ssh/config
debug1: C:\\Users\\<user>/.ssh/config line 78: Applying options for host_alias
debug1: C:\\Users\\<user>/.ssh/config line 103: Applying options for *
debug2: checking match for 'Exec "dir /etc 1>/dev/null 2>&1"' host host_domain_or_ipaddr originally host_alias
The system cannot find the path specified.
debug2: match not found
debug2: resolving "host_domain_or_ipaddr" port 22
debug1: Connecting to host_domain_or_ipaddr [host_ipaddr] port 22.
debug1: Connection established.
debug1: identity file C:\\Users\\<user>/.ssh/user_key-cert.pub.d/host_domain_or_ipaddr type 7
debug1: identity file C:\\Users\\<user>/.ssh/user_key-cert.pub.d/host_domain_or_ipaddr-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_9.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_10.0
debug1: compat_banner: match: OpenSSH_10.0 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to host_domain_or_ipaddr:22 as 'root'
debug1: load_hostkeys: fopen C:\\Users\\<user>/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,[email protected]
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: mlkem768x25519-sha256,sntrup761x25519-sha512,[email protected],curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,ext-info-s,[email protected]
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519,[email protected]
debug2: ciphers ctos: [email protected],[email protected],[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: ciphers stoc: [email protected],[email protected],[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: [email protected]
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host certificate: [email protected] SHA256:-----SHA256_BASE64_STRING-----, serial 0 ID "hostname" CA ssh-ed25519 SHA256:-----SHA256_BASE64_STRING----- valid from 2023-03-04T14:55:00 to 2033-02-19T14:56:12
debug2: Server host certificate hostname: hostname
debug1: load_hostkeys: fopen C:\\Users\\<user>/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts2: No such file or directory
debug1: No matching CA found. Retry with plain key
debug1: Host 'host_domain_or_ipaddr' is known and matches the ED25519 host key.
debug1: Found key in C:\\Users\\<user>/.ssh/known_hosts:1
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 1 keys
debug1: Will attempt key: C:\\Users\\<user>/.ssh/user_key-cert.pub.d/host_domain_or_ipaddr ED25519-CERT SHA256:-----SHA256_BASE64_STRING----- explicit agent
debug2: pubkey_prepare: done
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256>
debug1: kex_ext_info_check_ver: [email protected]=<0>
debug1: kex_ext_info_check_ver: [email protected]=<0>
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: C:\\Users\\<user>/.ssh/user_key-cert.pub.d/host_domain_or_ipaddr ED25519-CERT SHA256:-----SHA256_BASE64_STRING----- explicit agent
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: C:\\Users\\<user>/.ssh/user_key-cert.pub.d/host_domain_or_ipaddr ED25519-CERT SHA256:-----SHA256_BASE64_STRING----- explicit agent
debug1: sign_and_send_pubkey: no separate private key for certificate "C:\\Users\\<user>/.ssh/user_key-cert.pub.d/host_domain_or_ipaddr"
Authenticated to host_domain_or_ipaddr ([host_ipaddr]:22) using "publickey".
debug1: channel 0: new session [client-session] (inactive timeout: 0)
debug2: channel 0: send open
debug1: Entering interactive session.
debug1: pledge: filesystem
debug1: ENABLE_VIRTUAL_TERMINAL_INPUT is supported. Reading the VTSequence from console
debug1: ENABLE_VIRTUAL_TERMINAL_PROCESSING is supported. Console supports the ansi parsing
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: client_input_hostkeys: searching C:\\Users\\<user>/.ssh/known_hosts for host_domain_or_ipaddr / (none)
debug1: client_input_hostkeys: searching C:\\Users\\<user>/.ssh/known_hosts2 for host_domain_or_ipaddr / (none)
debug1: client_input_hostkeys: hostkeys file C:\\Users\\<user>/.ssh/known_hosts2 does not exist
debug1: client_input_hostkeys: no new or deprecated keys from server
debug1: Remote: cert: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Remote: cert: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug2: channel_input_open_confirmation: channel 0: callback start
debug1: Requesting authentication agent forwarding.
debug2: channel 0: request [email protected] confirm 0
debug2: fd 3 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug2: channel 0: request shell confirm 1
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
tssh v0.1.22 能认证,是因为它不管 IdentitiesOnly 这个配置,它用 ssh agent 登录了。
tssh v0.1.23 不能认证,是因为它支持了 IdentitiesOnly 这个配置,你配置了 IdentitiesOnly yes,tssh 不再使用 ssh agent 了,它在找 C:\Users\<user>\.ssh\user_key-cert.pub.d\host_domain_or_ipaddr 这个文件来登录,但是这个文件打不开,就登录失败了。 不过,好像 ssh 又能找到这个文件,你这个文件是什么情况?
tssh v0.1.22 能认证,是因为它不管
IdentitiesOnly这个配置,它用 ssh agent 登录了。tssh v0.1.23 不能认证,是因为它支持了
IdentitiesOnly这个配置,你配置了IdentitiesOnly yes,tssh 不再使用 ssh agent 了,它在找C:\Users\<user>\.ssh\user_key-cert.pub.d\host_domain_or_ipaddr这个文件来登录,但是这个文件打不开,就登录失败了。 不过,好像 ssh 又能找到这个文件,你这个文件是什么情况?
这个文件的设置,是按我自己博客里之前折腾的来配置的,ssh 找不到C:\Users\<user>\.ssh\user_key-cert.pub.d\host_domain_or_ipaddr这个文件(这个文件实际并不存在,在配置里它只是个占位符),好像就会尝试用C:\Users\<user>\.ssh\user_key-cert.pub.d\host_domain_or_ipaddr.pub这个文件。
@lonnywong 这个是更详细的连接过程日志
# ssh -vvv host_alias
OpenSSH_for_Windows_9.5p2, LibreSSL 3.8.2
debug1: Reading configuration data C:\\Users\\<user>/.ssh/config
debug3: kex names ok: [diffie-hellman-group1-sha1]
debug1: C:\\Users\\<user>/.ssh/config line 78: Applying options for host_alias
debug1: C:\\Users\\<user>/.ssh/config line 103: Applying options for *
debug2: checking match for 'Exec "dir /etc 1>/dev/null 2>&1"' host host_domain_or_ipaddr originally host_alias
The system cannot find the path specified.
debug3: C:\\Users\\<user>/.ssh/config line 126: not matched 'Exec "dir /etc 1>/dev/null 2>&1"'
debug2: match not found
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> 'C:\\Users\\<user>/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> 'C:\\Users\\<user>/.ssh/known_hosts2'
debug2: resolving "host_domain_or_ipaddr" port 22
debug3: resolve_host: lookup host_domain_or_ipaddr:22
debug3: ssh_connect_direct: entering
debug1: Connecting to host_domain_or_ipaddr [host_ipaddr] port 22.
debug1: Connection established.
debug3: Failed to open file:C:/Users/<user>/.ssh/user_key-cert.pub.d/host_domain_or_ipaddr error:2
debug1: identity file C:\\Users\\<user>/.ssh/user_key-cert.pub.d/host_domain_or_ipaddr type 7
debug3: Failed to open file:C:/Users/<user>/.ssh/user_key-cert.pub.d/host_domain_or_ipaddr-cert error:2
debug3: Failed to open file:C:/Users/<user>/.ssh/user_key-cert.pub.d/host_domain_or_ipaddr-cert.pub error:2
debug3: failed to open file:C:/Users/<user>/.ssh/user_key-cert.pub.d/host_domain_or_ipaddr-cert error:2
debug1: identity file C:\\Users\\<user>/.ssh/user_key-cert.pub.d/host_domain_or_ipaddr-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_9.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_10.0
debug1: compat_banner: match: OpenSSH_10.0 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to host_domain_or_ipaddr:22 as 'root'
debug3: record_hostkey: found key type ED25519 in file C:\\Users\\<user>/.ssh/known_hosts:1
debug3: record_hostkey: found key type RSA in file C:\\Users\\<user>/.ssh/known_hosts:2
debug3: record_hostkey: found key type ECDSA in file C:\\Users\\<user>/.ssh/known_hosts:3
debug3: load_hostkeys_file: loaded 3 keys from host_domain_or_ipaddr
debug3: Failed to open file:C:/Users/<user>/.ssh/known_hosts2 error:2
debug1: load_hostkeys: fopen C:\\Users\\<user>/.ssh/known_hosts2: No such file or directory
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts: No such file or directory
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: have matching best-preference key type [email protected], using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,[email protected]
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: mlkem768x25519-sha256,sntrup761x25519-sha512,[email protected],curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,ext-info-s,[email protected]
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519,[email protected]
debug2: ciphers ctos: [email protected],[email protected],[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: ciphers stoc: [email protected],[email protected],[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug3: kex_choose_conf: will use strict KEX ordering
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: [email protected]
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host certificate: [email protected] SHA256:-----SHA256_BASE64_STRING-----, serial 0 ID "hostname" CA ssh-ed25519 SHA256:-----SHA256_BASE64_STRING----- valid from 2023-03-04T14:55:00 to 2033-02-19T14:56:12
debug2: Server host certificate hostname: hostname
debug3: record_hostkey: found key type ED25519 in file C:\\Users\\<user>/.ssh/known_hosts:1
debug3: record_hostkey: found key type RSA in file C:\\Users\\<user>/.ssh/known_hosts:2
debug3: record_hostkey: found key type ECDSA in file C:\\Users\\<user>/.ssh/known_hosts:3
debug3: load_hostkeys_file: loaded 3 keys from host_domain_or_ipaddr
debug3: Failed to open file:C:/Users/<user>/.ssh/known_hosts2 error:2
debug1: load_hostkeys: fopen C:\\Users\\<user>/.ssh/known_hosts2: No such file or directory
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts: No such file or directory
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts2: No such file or directory
debug1: No matching CA found. Retry with plain key
debug1: Host 'host_domain_or_ipaddr' is known and matches the ED25519 host key.
debug1: Found key in C:\\Users\\<user>/.ssh/known_hosts:1
debug3: send packet: type 21
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug3: ssh_get_authentication_socket_path: path '\\\\.\\pipe\\openssh-ssh-agent'
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 1 keys
debug1: Will attempt key: C:\\Users\\<user>/.ssh/user_key-cert.pub.d/host_domain_or_ipaddr ED25519-CERT SHA256:-----SHA256_BASE64_STRING----- explicit agent
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256>
debug1: kex_ext_info_check_ver: [email protected]=<0>
debug1: kex_ext_info_check_ver: [email protected]=<0>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: C:\\Users\\<user>/.ssh/user_key-cert.pub.d/host_domain_or_ipaddr ED25519-CERT SHA256:-----SHA256_BASE64_STRING----- explicit agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: C:\\Users\\<user>/.ssh/user_key-cert.pub.d/host_domain_or_ipaddr ED25519-CERT SHA256:-----SHA256_BASE64_STRING----- explicit agent
debug3: sign_and_send_pubkey: using [email protected] with ED25519-CERT SHA256:-----SHA256_BASE64_STRING-----
debug1: sign_and_send_pubkey: no separate private key for certificate "C:\\Users\\<user>/.ssh/user_key-cert.pub.d/host_domain_or_ipaddr"
debug3: sign_and_send_pubkey: signing using [email protected] SHA256:-----SHA256_BASE64_STRING-----
debug3: send packet: type 50
debug3: receive packet: type 52
Authenticated to host_domain_or_ipaddr ([host_ipaddr]:22) using "publickey".
debug1: channel 0: new session [client-session] (inactive timeout: 0)
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Entering interactive session.
debug1: pledge: filesystem
debug3: client_repledge: enter
debug1: ENABLE_VIRTUAL_TERMINAL_INPUT is supported. Reading the VTSequence from console
debug3: This windows OS supports conpty
debug1: ENABLE_VIRTUAL_TERMINAL_PROCESSING is supported. Console supports the ansi parsing
debug3: Successfully set console output code page from:65001 to 65001
debug3: Successfully set console input code page from:936 to 65001
debug3: receive packet: type 80
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug3: client_input_hostkeys: received RSA key SHA256:-----SHA256_BASE64_STRING-----
debug3: client_input_hostkeys: received ECDSA key SHA256:-----SHA256_BASE64_STRING-----
debug3: client_input_hostkeys: received ED25519 key SHA256:-----SHA256_BASE64_STRING-----
debug1: client_input_hostkeys: searching C:\\Users\\<user>/.ssh/known_hosts for host_domain_or_ipaddr / (none)
debug3: hostkeys_foreach: reading file "C:\\Users\\<user>/.ssh/known_hosts"
debug3: hostkeys_find: found ssh-ed25519 key at C:\\Users\\<user>/.ssh/known_hosts:1
debug3: hostkeys_find: found ssh-rsa key at C:\\Users\\<user>/.ssh/known_hosts:2
debug3: hostkeys_find: found ecdsa-sha2-nistp256 key at C:\\Users\\<user>/.ssh/known_hosts:3
debug1: client_input_hostkeys: searching C:\\Users\\<user>/.ssh/known_hosts2 for host_domain_or_ipaddr / (none)
debug3: Failed to open file:C:/Users/<user>/.ssh/known_hosts2 error:2
debug1: client_input_hostkeys: hostkeys file C:\\Users\\<user>/.ssh/known_hosts2 does not exist
debug3: client_input_hostkeys: 3 server keys: 0 new, 3 retained, 0 incomplete match. 0 to remove
debug1: client_input_hostkeys: no new or deprecated keys from server
debug3: client_repledge: enter
debug3: receive packet: type 4
debug1: Remote: cert: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: receive packet: type 4
debug1: Remote: cert: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug3: ssh_get_authentication_socket_path: path '\\\\.\\pipe\\openssh-ssh-agent'
debug1: Requesting authentication agent forwarding.
debug2: channel 0: request [email protected] confirm 0
debug3: send packet: type 98
debug2: fd 3 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug3: client_repledge: enter
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0