Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot sign certificate with Trezor as SSH CA #491

Open
movefasta opened this issue Oct 18, 2024 · 1 comment
Open

Cannot sign certificate with Trezor as SSH CA #491

movefasta opened this issue Oct 18, 2024 · 1 comment
Labels
enhancement SSH

Comments

@movefasta
Copy link

Device: Trezor Model T
OS: NixOS 24.11.20241015.7881fbf (Vicuna)
Versions: trezor-agent=0.12.0, libagent=0.15.0

When i try to sign file it works fine:

> trezor-agent -e ed25519 [email protected] -- ssh-keygen -Y sign -f ~/.ssh/trezor-github.pub -n file README.md        
Signing file README.md
Write signature to README.md.sig
> cat README.md.sig                                                                                                                                                                                                                                               
-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgAtOko3bPtNBNxLlyDKYV2MUt00
R5nHcDqYgXKOK7Y6cAAAAEZmlsZQAAAAAAAAAGc2hhNTEyAAAAUwAAAAtzc2gtZWQyNTUx
OQAAAEAw7ANBx73olTBSW0TcbjozUJ8mgOeZuNCnc8wcY60IkeaZi0zXvv3DpIxF2Fd/MO
5UvTSCgAyM+XwzZahWsrIB
-----END SSH SIGNATURE-----

If i try to sign pubkey to create certificate with SSH libagent return EOFError:

trezor-agent -e ed25519 [email protected] -- ssh-keygen -Us ~/.ssh/trezor-github.pub -I 2024_ed25519 2024_ed25519.pub
2024-10-18 13:46:39,513 ERROR        signature with "<ssh://[email protected]|ed25519>" key failed                               [protocol.py:151]
Traceback (most recent call last):
  File "/nix/store/x4dypckndkdvqh3lvfv58wnayj2a0bla-python3.12-libagent-0.15.0/lib/python3.12/site-packages/libagent/ssh/protocol.py", line 147, in sign_message
    signature = self.conn.sign(blob=blob, identity=key['identity'])
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/nix/store/x4dypckndkdvqh3lvfv58wnayj2a0bla-python3.12-libagent-0.15.0/lib/python3.12/site-packages/libagent/ssh/__init__.py", line 279, in sign
    return conn.sign_ssh_challenge(blob=blob, identity=identity)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/nix/store/x4dypckndkdvqh3lvfv58wnayj2a0bla-python3.12-libagent-0.15.0/lib/python3.12/site-packages/libagent/ssh/client.py", line 35, in sign_ssh_challenge
    msg = parse_ssh_blob(blob)
          ^^^^^^^^^^^^^^^^^^^^
  File "/nix/store/x4dypckndkdvqh3lvfv58wnayj2a0bla-python3.12-libagent-0.15.0/lib/python3.12/site-packages/libagent/ssh/client.py", line 71, in parse_ssh_blob
    res['user'] = util.read_frame(i)
                  ^^^^^^^^^^^^^^^^^^
  File "/nix/store/x4dypckndkdvqh3lvfv58wnayj2a0bla-python3.12-libagent-0.15.0/lib/python3.12/site-packages/libagent/util.py", line 53, in read_frame
    return recv(conn, size)
           ^^^^^^^^^^^^^^^^
  File "/nix/store/x4dypckndkdvqh3lvfv58wnayj2a0bla-python3.12-libagent-0.15.0/lib/python3.12/site-packages/libagent/util.py", line 40, in recv
    raise EOFError
EOFError
Couldn't certify 2024_ed25519.pub via agent: communication with agent failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement SSH
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@romanz @movefasta