git push failing with SSH Keys in 1password

guyp
guyp
Community Member
in SSH

I have SSH keys setup and working just fine on my Mac and windows systems.

I also had it working on my linux system yesterday, however after a reboot it seems no longer to work. I've restarted 1password and disabled and re-enabled SSH Agent, etc. So far all to no sucess.

I can SSH login to remote hosts, however when I attempt to "git pull/push" I'm getting several errors.

└─$ git push fatal: protocol error: bad line length character: Warn fatal: the remote end hung up unexpectedly remote: remote: ======================================================================== remote: remote: rpc error: code = Canceled desc = user canceled the push remote: remote: ======================================================================== remote:

I have .ssh/config file entry which points to the 1password key

Host gitlab Hostname gitlab IdentityAgent "~/.1password/agent.sock" IdentityFile ~/.ssh/gitlab.ed25519.pub IdentitiesOnly yes

sshg -vT git@gitlab, does appear to work. it's happy to tell me "Welcome to GitLab, @guy!"

I've looked in the 1Password/logs but they don't show anything interesting..

INFO 2023-05-26T14:27:41.663 invocation_loop(ThreadId(29)) [1P:op-app/src/app/backend/auth_prompt.rs:46] invoked auth prompt unlock

Any ideas/help please?

Thanks
---Guy

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • brian.f_1P
    brian.f_1P

    That's an interesting one!

    It looks like gitlab is responding with something your git client doesn't understand, but I'm not sure why that would be.

    In your ~./ssh/config, could you try setting your Hostname to gitlab.com?

    It would also be help to see more verbose ssh output. Could you run GIT_SSH_COMMAND="ssh -v" git fetch? That should get us more information to work with.

  • guyp
    guyp
    Community Member

    OpenSSH_9.2p1 Debian-2, OpenSSL 3.0.8 7 Feb 2023
    debug1: Reading configuration data /home/m0guy/.ssh/config
    debug1: /home/m0guy/.ssh/config line 13: Applying options for gitlab.int.britewhite.net
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Reading configuration data /etc/ssh/ssh_config.d/kali-wide-compat.conf
    debug1: /etc/ssh/ssh_config.d/kali-wide-compat.conf line 7: Applying options for *
    debug1: /etc/ssh/ssh_config line 21: Applying options for *
    debug1: Connecting to gitlab.int.britewhite.net [192.168.230.189] port 22.
    debug1: Connection established.
    debug1: identity file /home/m0guy/.ssh/gitlab.int.id_ed25519.pub type 3
    debug1: identity file /home/m0guy/.ssh/gitlab.int.id_ed25519.pub-cert type -1
    debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2
    debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.7
    debug1: compat_banner: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.7 pat OpenSSH* compat 0x04000000
    debug1: Authenticating to gitlab.int.britewhite.net:22 as 'git'
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: algorithm: curve25519-sha256
    debug1: kex: host key algorithm: ssh-ed25519
    debug1: kex: server->client cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
    debug1: kex: client->server cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug1: SSH2_MSG_KEX_ECDH_REPLY received
    debug1: Server host key: ssh-ed25519 SHA256:qF1Ktk+2wciRU4V+7t4K4vJTZjcK+S/AQIcKkWPWad8
    debug1: load_hostkeys: fopen /home/m0guy/.ssh/known_hosts2: No such file or directory
    debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
    debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
    debug1: Host 'gitlab.int.britewhite.net' is known and matches the ED25519 host key.
    debug1: Found key in /home/m0guy/.ssh/known_hosts:1
    debug1: rekey out after 4294967296 blocks
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: rekey in after 4294967296 blocks
    debug1: get_agent_identities: agent returned 11 keys
    debug1: Will attempt key: /home/m0guy/.ssh/gitlab.int.id_ed25519.pub ED25519 SHA256:eT+ONakYJ5jGPONfaPtrLai6yOKOCvXCw0ScVpcFdGM explicit agent
    debug1: SSH2_MSG_EXT_INFO received
    debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com>
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,password
    debug1: Next authentication method: publickey
    debug1: Offering public key: /home/m0guy/.ssh/gitlab.int.id_ed25519.pub ED25519 SHA256:eT+ONakYJ5jGPONfaPtrLai6yOKOCvXCw0ScVpcFdGM explicit agent
    debug1: Server accepts key: /home/m0guy/.ssh/gitlab.int.id_ed25519.pub ED25519 SHA256:eT+ONakYJ5jGPONfaPtrLai6yOKOCvXCw0ScVpcFdGM explicit agent
    Authenticated to gitlab.int.britewhite.net ([192.168.230.189]:22) using "publickey".
    debug1: channel 0: new session [client-session] (inactive timeout: 0)
    debug1: Requesting no-more-sessions@openssh.com
    fatal: protocol error: bad line length character: Warn
    debug1: Entering interactive session.
    debug1: pledge: exec

    ┌──(m0guy㉿kali)-[~/Projects/Home/octotrack]
    └─$ debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
    debug1: client_input_hostkeys: searching /home/m0guy/.ssh/known_hosts for gitlab.int.britewhite.net / (none)
    debug1: client_input_hostkeys: searching /home/m0guy/.ssh/known_hosts2 for gitlab.int.britewhite.net / (none)
    debug1: client_input_hostkeys: hostkeys file /home/m0guy/.ssh/known_hosts2 does not exist
    debug1: Remote: /var/opt/gitlab/.ssh/authorized_keys:26: key options: command user-rc
    debug1: Remote: /var/opt/gitlab/.ssh/authorized_keys:26: key options: command user-rc
    debug1: Sending environment.
    debug1: channel 0: setting env LANG = "en_GB.UTF-8"
    debug1: Sending command: git-receive-pack 'Home/octotrack.git'
    debug1: client_global_hostkeys_prove_confirm: server used untrusted RSA signature algorithm ssh-rsa for key 0, disregarding
    debug1: update_known_hosts: known hosts file /home/m0guy/.ssh/known_hosts2 does not exist
    debug1: pledge: fork
    fatal: the remote end hung up unexpectedly
    debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
    debug1: channel 0: free: client-session, nchannels 1
    Transferred: sent 3204, received 3056 bytes, in 0.6 seconds
    Bytes per second: sent 5512.4, received 5257.7
    debug1: Exit status 1

  • brian.f_1P
    brian.f_1P

    Looks like the ssh authentication is working, and then there's a git protocol error.

    Have you been able to test with a different git host, like GitHub.com or gitlab.com?

  • guyp
    guyp
    Community Member

    Yes I have two different gitlab environments and github.com accounts.. none of them work on this laptop, but they all work just fine when using my Mac with the same 1password database and config file. (Edited for sock location)

  • brian.f_1P
    brian.f_1P

    Looking at your logs, you are able to authenticate with the server:

    Authenticated to SERVER (IP) using "publickey"

    This part looks unusual though:

    debug1: Requesting no-more-sessions@openssh.com
    fatal: protocol error: bad line length character: Warn
    debug1: Entering interactive session.
    debug1: pledge: exec

    ┌──(USER㉿HOST)-[~]
    └─$

    That first request for no-more-settions@openssh.com is expected.

    The next line is coming from git, saying it received an invalid response.

    The rest seems to indicate an interactive session is being started, which would
    not be expected. If you're able to perform git operations against the same
    server with your other systems, then it's likely something configured locally
    on your linux system. Are there any differences in your ssh or git
    configurations on this linux machine?

  • brian.f_1P
    brian.f_1P

    For a little more info, it could be your ssh or git configs. It could also be an environment variable that's being passed through, or even an rc/profile file on the remote server.

    If you can use the same git remotes from your Mac, it could be worth running the same command (GIT_SSH_COMMAND="ssh -v" git fetch) from that machine against the same git server. The comparison might provide insight as well.

  • guyp
    guyp
    Community Member

    on my mac where it does work.. the difference is around here:

    debug1: channel 0: new [client-session]
    debug1: Requesting no-more-sessions@openssh.com
    debug1: Entering interactive session.
    debug1: pledge: filesystem
    debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0

    mainly the pledge:filesystem v pledge: exec

  • guyp
    guyp
    Community Member

    ok found the issue.. kali-tweaks had set some very restrictive configs for SSH in /etc/ssh_config.d/

    Thanks for the help

This discussion has been closed.