You are not logged in.

#1 2019-11-22 23:43:43

daniel666
Member
Registered: 2019-11-22
Posts: 6

[SOLVED] Cannot authenticate to AUR using SSH keys

Hi!

I want to push new version of the package but unfortunately I cannot  authenticate myself using SSH with generated keys. It's weird, I've checked configurations, URL, pub_key in accout details many many times. Eceyrtking looks good for me. I even cannot vote using eg.

ssh -v aur@aur.archlinux.org vote gitkraken 

I Always receive

aur@aur.archlinux.org: Permission denied (publickey).

(My first mistake was using my username instead of 'aur'. It is not directly described on Wiki sad)

I am sure that my ssh config is taken and proper key is used.
I've generated keys using simple ssh-keygen, so I have id_rsa and id_rsa.pub keys in .ssh in my home directory.

my config from ~/.ssh (Other SSH configurations are default):

Host AUR aur.archlinux.org
  	HostName aur.archlinux.org
	IdentityFile ~/.ssh/id_rsa
	User aur

Host Github
	HostName github.com
	Port 22
	IdentityFile ~/.ssh/id_rsa
	User daniel

My public key is added into my account:
Spta1V6.png

Private key is named id_rsa and is in .ssh folder:
Tjrdn9b.png

I don't know what to check anymore.

For test I've used same keys on GitHub and it worked from first time (I was able to push).

To clarify, I cannot:

ssh -v aur@aur.archlinux.org vote gitkraken 
ssh -v aur@aur.archlinux.org 
git clone ssh://aur@aur.archlinux.org/keeper-password-manager.git

All reaturning:

aur@aur.archlinux.org: Permission denied (publickey).

Detailed (with OpenSSL and OpenSSH versions):

OpenSSH_8.1p1, OpenSSL 1.1.1d  10 Sep 2019
debug1: Reading configuration data /home/arch/daniel/.ssh/config
debug1: /home/arch/daniel/.ssh/config line 2: Applying options for aur.archlinux.org
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to aur.archlinux.org [2a01:4f8:160:3033::2] port 22.
debug1: Connection established.
debug1: identity file /home/arch/daniel/.ssh/id_rsa type 0
debug1: identity file /home/arch/daniel/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.1
debug1: match: OpenSSH_8.1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to aur.archlinux.org:22 as 'aur'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:L71Q91yHwmHPYYkJMDgj0xmUuw16qFOhJbBr1mzsiOI
debug1: Host 'aur.archlinux.org' is known and matches the ECDSA host key.
debug1: Found key in /home/arch/daniel/.ssh/known_hosts:2
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: /home/arch/daniel/.ssh/id_rsa RSA SHA256:hFGVtDsaQr7trqwSaQQTF1Vk2jLPb4HJ+1iemrE3RfI explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/arch/daniel/.ssh/id_rsa RSA SHA256:hFGVtDsaQr7trqwSaQQTF1Vk2jLPb4HJ+1iemrE3RfI explicit
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
aur@aur.archlinux.org: Permission denied (publickey).

Am I missing something?
Please, help.

PS: One thing that I've recognized during googling is that line

debug1: identity file /home/arch/daniel/.ssh/id_rsa type 0

  has type 0, on other listing founded in internet I saw type 1. I don't know if this matters.

Thanks!

Last edited by daniel666 (2019-11-23 00:09:04)

Offline

#2 2019-11-22 23:45:39

Scimmia
Fellow
Registered: 2012-09-01
Posts: 11,466

Re: [SOLVED] Cannot authenticate to AUR using SSH keys

Known issue, it's being looked into right now.

Offline

#3 2019-11-23 00:08:18

daniel666
Member
Registered: 2019-11-22
Posts: 6

Re: [SOLVED] Cannot authenticate to AUR using SSH keys

Thanks Scimmia!. It's working now.

Could you tell me what should I do to push changes to package respository (keeper-password-manager) ?  I've created package with latest version that works locally. I want to share.
Should I Submit Orphan Request or I can ask for access someone?

Offline

#4 2019-11-23 00:13:16

Slithery
Administrator
From: Norfolk, UK
Registered: 2013-12-01
Posts: 5,776

Re: [SOLVED] Cannot authenticate to AUR using SSH keys


No, it didn't "fix" anything. It just shifted the brokeness one space to the right. - jasonwryan
Closing -- for deletion; Banning -- for muppetry. - jasonwryan

aur - dotfiles

Offline

#5 2019-11-23 00:20:50

daniel666
Member
Registered: 2019-11-22
Posts: 6

Re: [SOLVED] Cannot authenticate to AUR using SSH keys

OK cool

Offline

#6 2019-11-23 01:20:01

loqs
Member
Registered: 2014-03-06
Posts: 17,196

Re: [SOLVED] Cannot authenticate to AUR using SSH keys

If you do become https://aur.archlinux.org/packages/keep … d-manager/ maintainer
I would suggest you have the PKGBUILD reviewed as on a cursory inspection it has multiple issues.

Offline

#7 2019-11-27 01:34:18

daniel666
Member
Registered: 2019-11-22
Posts: 6

Re: [SOLVED] Cannot authenticate to AUR using SSH keys

What issues you have in mind?

PS: For now I wanted to update dependencies according DEB package, however DEB package has some ORs in dependencies that I need understand first how it works in Arch. So I left deps unchanged.

Offline

#8 2019-11-27 10:13:47

a821
Member
Registered: 2012-10-31
Posts: 381

Re: [SOLVED] Cannot authenticate to AUR using SSH keys

daniel666 wrote:

What issues you have in mind?

Unquoted `$srcdir` and `$pkgdir`. I don't see the LICENSE file being include. `msg2` should not be used (AFAIR). You don't need the package name in the description (it is a bit too long, but YMMV)

Edit: and `-bin` needs to be appended to the name as these is a binary package (is it?)

Last edited by a821 (2019-11-27 10:17:35)

Offline

#9 2019-11-27 23:04:29

daniel666
Member
Registered: 2019-11-22
Posts: 6

Re: [SOLVED] Cannot authenticate to AUR using SSH keys

Thank you.

I've used google-chrome package as pattern (https://aur.archlinux.org/cgit/aur.git/ … gle-chrome). It's used by a lot o people, so I assumed it's checked good.
From wiki: bin should be added if there are sources available (this is not open source).
I've used msg2 to clearly say to the user that there is change in file mode and it's special one used: 4755. I think is important from security perspective and user should be informed. 
I'll fix unqoted variables.

I'll try to find and add license file (It's weird tat they didn't add it to deb package).

Thanks!

Offline

#10 2019-11-27 23:44:45

loqs
Member
Registered: 2014-03-06
Posts: 17,196

Re: [SOLVED] Cannot authenticate to AUR using SSH keys

You have already mentioned you are aware of the dependency issues.  From namcap

keeper-password-manager W: Referenced library 'libsmime3.so' is an uninstalled dependency
keeper-password-manager W: Referenced library 'libpango-1.0.so.0' is an uninstalled dependency
keeper-password-manager W: Referenced library 'libatspi.so.0' is an uninstalled dependency
keeper-password-manager W: Referenced library 'libXrandr.so.2' is an uninstalled dependency
keeper-password-manager W: Referenced library 'libXdamage.so.1' is an uninstalled dependency
keeper-password-manager W: Referenced library 'libnssutil3.so' is an uninstalled dependency
keeper-password-manager W: Referenced library 'libgtk-3.so.0' is an uninstalled dependency
keeper-password-manager W: Referenced library 'libgdk-3.so.0' is an uninstalled dependency
keeper-password-manager W: Referenced library 'libnspr4.so' is an uninstalled dependency
keeper-password-manager W: Referenced library 'libcairo.so.2' is an uninstalled dependency
keeper-password-manager W: Referenced library 'libXtst.so.6' is an uninstalled dependency
keeper-password-manager W: Referenced library 'libatk-bridge-2.0.so.0' is an uninstalled dependency
keeper-password-manager W: Referenced library 'libXrender.so.1' is an uninstalled dependency
keeper-password-manager W: Referenced library 'libpangocairo-1.0.so.0' is an uninstalled dependency
keeper-password-manager W: Referenced library 'libatk-1.0.so.0' is an uninstalled dependency
keeper-password-manager W: Referenced library 'libcups.so.2' is an uninstalled dependency
keeper-password-manager W: Referenced library 'libXfixes.so.3' is an uninstalled dependency
keeper-password-manager W: Referenced library 'libffmpeg.so' is an uninstalled dependency
keeper-password-manager W: Referenced library 'libnss3.so' is an uninstalled dependency
keeper-password-manager W: Referenced library 'libgdk_pixbuf-2.0.so.0' is an uninstalled dependency
keeper-password-manager W: Referenced library 'libXi.so.6' is an uninstalled dependency
keeper-password-manager W: Referenced library 'libXss.so.1' is an uninstalled dependency
keeper-password-manager W: Referenced library 'libXcomposite.so.1' is an uninstalled dependency
keeper-password-manager W: Referenced library 'libXcursor.so.1' is an uninstalled dependency
keeper-password-manager W: Referenced library 'libasound.so.2' is an uninstalled dependency
keeper-password-manager E: Dependency libsecret detected and not included (libraries ['usr/lib/libsecret-1.so.0'] needed in files ['usr/lib/keeperpasswordmanager/resources/app.asar.unpacked/node_modules/keytar/build/Release/obj.target/keytar.node'])
keeper-password-manager E: Dependency dbus detected and not included (libraries ['usr/lib/libdbus-1.so.3'] needed in files ['usr/lib/keeperpasswordmanager/keeperpasswordmanager'])
keeper-password-manager W: Dependency included and not needed ('xdg-utils')

In data.tar.gz there are usr/share/doc/keeperpasswordmanager/copyright although that has copyright github and it is unclear what it covers
also in that archive usr/lib/keeperpasswordmanager/LICENSES.chromium.html which should cover the chromium libs

a821 covered the other main points I noticed.

Very minor but I would have used bsdtar instead of tar although both are available in base-devel and extracted the files directly in place,  if you only want usr filter that during extraction.

  bsdtar -xf data.tar.xz -C "$pkgdir" usr

Last edited by loqs (2019-11-28 00:11:04)

Offline

#11 2019-11-28 08:26:34

a821
Member
Registered: 2012-10-31
Posts: 381

Re: [SOLVED] Cannot authenticate to AUR using SSH keys

daniel666 wrote:

From wiki: bin should be added if there are sources available (this is not open source).

Yes, I missed that.

daniel666 wrote:

I've used msg2 to clearly say to the user that there is change in file mode...

My point was that `msg2` is an internal makepkg function and not meant to be used. This is what I have read here in the forums, see for example this Scimmia comment and this thread.

(and anyway, everyone reads the PKGBUILD smile)

Offline

#12 2019-11-29 07:53:10

daniel666
Member
Registered: 2019-11-22
Posts: 6

Re: [SOLVED] Cannot authenticate to AUR using SSH keys

Thanks guys!

namcap is very useful tool. I didn't know about it till now.

I'll do needed changes.

loqs wrote:

In data.tar.gz there are usr/share/doc/keeperpasswordmanager/copyright although that has copyright github and it is unclear what it covers

I saw this and decided that this is added by mistake (probably they are using github as CSV), so it is not needed in package itself.

loqs wrote:

also in that archive usr/lib/keeperpasswordmanager/LICENSES.chromium.html which should cover the chromium libs

I'll fix that smile.

loqs wrote:

Very minor but I would have used bsdtar instead of tar although both are available in base-devel and extracted the files directly in place,  if you only want usr filter that during extraction.

  bsdtar -xf data.tar.xz -C "$pkgdir" usr

It's simpler and do not need to change directory and copy files after unpacking. Thanks!



a821 wrote:

My point was that `msg2` is an internal makepkg function and not meant to be used.

You're right. I've changed that to simple echo instead smile.

Last edited by daniel666 (2019-11-29 08:19:12)

Offline

Board footer

Powered by FluxBB