FS#70116 - [openssh] Can't use SSH keys with github

Attached to Project: Arch Linux
Opened by Fabio Mazza (fabmazz) - Sunday, 21 March 2021, 18:57 GMT
Last edited by Giancarlo Razzolini (grazzolini) - Tuesday, 06 April 2021, 13:10 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Lukas Fleischer (lfleischer)
Levente Polyak (anthraxx)
Giancarlo Razzolini (grazzolini)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

Trying to enter host git@github.com with the version 8.5p1 of openssh hangs after login. This prevents login on SSH with other host, as the system hangs.
I have downgraded openssh to 8.4p1 and it works perfectly.

Additional info:
* package version(s): openssh-8.5p1-1
* config and/or log files etc.

* link to upstream bug report, if any

Steps to reproduce:
run "ssh -vvvT git@github.com"

This task depends upon

Closed by  Giancarlo Razzolini (grazzolini)
Tuesday, 06 April 2021, 13:10 GMT
Reason for closing:  Not a bug
Comment by Fabio Mazza (fabmazz) - Sunday, 21 March 2021, 19:00 GMT
I just realized I haven't mentioned I have a ed25519 ssh key
Comment by Doug Newgard (Scimmia) - Monday, 22 March 2021, 02:22 GMT
So you're just using ssh, nothing to do with git? Seems to work fine for me.
Comment by Fabio Mazza (fabmazz) - Monday, 22 March 2021, 08:25 GMT
Yes, I'm just using SSH.
The problem appears when launching this command, but connecting to other hosts (non-git related) works fine. It is also related to my wifi network, which has two routers in cascade. I've tried disabling any sort of filtering/firewall, but it didn't solve the problem.
I've tried with another PC running fedora 33, same setup (SSH ed25519 key, same command), same wifi network, and it worked, but with version 8.4p1. That's when I tried to downgrade the package on arch linux.
I can provide more details, and try running some commands if you need me to.
Comment by Giancarlo Razzolini (grazzolini) - Monday, 22 March 2021, 18:26 GMT
It is working here, ssh -T git@github.com:

Hi grazzolini! You've successfully authenticated, but GitHub does not provide shell access.

I also use an ed25519 key. Are you using ControlMaster? If so, it might be the case your connection is hung up, try using ssh -O exit. Other than that, if you also have a config file for ssh, it might helpful to paste it.
Comment by Amin Vakil (aminvakil) - Monday, 22 March 2021, 18:35 GMT
Works for me too.
openssh 8.5p1-1
git 2.31.0-1

$ ssh -T git@github.com
Hi aminvakil! You've successfully authenticated, but GitHub does not provide shell access.
Comment by Fabio Mazza (fabmazz) - Monday, 22 March 2021, 22:52 GMT
For me, just running with `-T`, it hangs. If I'm on different wifi network (like tethering from phone), it works, and it shows the same message.

This doesn't happen with version 8.4p1.

I have a few hosts set up in my .ssh/config, but they are not related to github (just other ssh logins). I tried deleting known_hosts, but the problem is still there.

I don't know what ControlMaster is, so I very probably am not using.

I have just run a full system upgrade and the problem is still present (same versions as @aminvakli mentioned). I've pasted a full log here: https://pastebin.com/qBXP6M4k

This is what happens with openssh 8.4p1 instead https://pastebin.com/5YmPHvak
Comment by Fabio Mazza (fabmazz) - Monday, 22 March 2021, 23:09 GMT
I've tried with another host (for git over ssh), and the same happens. The connection just hangs, and stays there for several minutes (I have to send a Ctrl^C each time).

I've put the log here: https://pastebin.com/XZzAxTvH
Comment by Giancarlo Razzolini (grazzolini) - Tuesday, 23 March 2021, 12:59 GMT
If you can pinpoint this to a specific network, it could be this network has PMTU issues or something like that, that is preventing the response from ever coming back. From your debug, you are authenticated and requested an interactive session, only the response from the server is not coming back. I suggest you try to use tcpdump/wireshark, to determine if you're having networking issues. Having said that, openssh has changed the way it sets the TOS/DSCP:

* ssh(1), sshd(8): set the TOS/DSCP specified in the configuration
for interactive use prior to TCP connect. The connection phase of
the SSH session is time-sensitive and often explicitly interactive.
The ultimate interactive/bulk TOS/DSCP will be set after
authentication completes

So, if your router for that particular network doesn't honor or doesn't like TOS/DSCP, this might explain why 8.4p1 works.
Comment by Fabio Mazza (fabmazz) - Tuesday, 06 April 2021, 09:10 GMT
I worked out by trial and error that the problem lies in the latest router, which is an Archer C6. I tried changing every possible setting in the router, but nothing changed.

It is as you said, probably. I tried capturing the packets with wireshark but I don't have any idea how to filter the ones relevant to the problem.
Comment by Giancarlo Razzolini (grazzolini) - Tuesday, 06 April 2021, 13:10 GMT
I suggest you try forcing a lower mtu on your card. Probably that router is breaking the PMTU discovery.

Loading...