Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
AIX 7.2 openssh client attempting connection to Bitbucket 5.16.0 containing Mina 2.0.19
Description
There is a potential bug in Mina in handling a custom SSH packet type 106. "Unassigned" according to https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml
My scenario is attempting to git clone from the ssh server inside Bitbucket 5.16.0, which is Mina 2.0.19.
On Linux if I set:
export GIT_SSH_COMMAND="ssh -vvv"
Then I get this log fragment from my git clone failing:
debug1: Host '[bitbucketdev]:7999' is known and matches the RSA host key.
debug1: Found key in /home/<...>/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug2: key: /home/<...>/.ssh/id_rsa (200855b8)
debug2: key: /home/<...>/.ssh/id_dsa (0)
debug2: key: /home/<...>/.ssh/id_ecdsa (0)
debug2: key: /home/<...>/.ssh/id_ed25519 (0)
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/<...>/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp SHA256:<...>
debug3: sign_and_send_pubkey: RSA SHA256:<...>
debug3: send packet: type 106
debug1: Sent ALLOW_PKCS12_KEYSTORE_CLIENT_FLAG packet
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/<...>/.ssh/id_dsa
debug3: no such identity: /home/<...>/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/<...>/.ssh/id_ecdsa
debug3: no such identity: /home/<...>/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/<...>/.ssh/id_ed25519
debug3: no such identity: /home/<...>/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
fatal: Could not read from remote repository.Please make sure you have the correct access rights
and the repository exists.
After my key is sent to Mina and accepted with Server accepts key (and Bitbucket logs the acceptance), the AIX openssh client sends packet type 106, then the key is rejected.
The workaround is to set an option in my ~/.ssh/config file:
AllowPKCS12keystoreAutoOpen no
Then I can git clone successfully.
This ssh option is custom and unrecognized on Linux openssh client.