Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth fails with "error in libcrypto" #20

Open
daguej opened this issue Jun 16, 2023 · 5 comments
Open

Auth fails with "error in libcrypto" #20

daguej opened this issue Jun 16, 2023 · 5 comments

Comments

@daguej
Copy link

daguej commented Jun 16, 2023

Setting up a new device (Yoga Tab 11) and am unable to successfully connect to my server.

Key generation seemed to work fine and ssh-keygen reports the key is available:

$ ssh-keygen -D $PREFIX/lib/libtergent.so
ssh-rsa AAAA... josh

...and I added the public key to my server. However, connecting fails with a cryptic error:

$ ssh -v josh@server
...
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: josh RSA SHA256:... token
debug1: Server accepts key: josh RSA SHA256:... token
debug1: pkcs11_check_obj_bool_attrib: provider "/data/data/com.termux/files/usr/lib/libtergent.so" slot 0 object 0: attrib 514 = 0
debug1: identity_sign: sshkey_sign: error in libcrypto
sign_and_send_pubkey: signing failed for RSA "josh": error in libcrypto
debug1: pkcs11_k11_free: parent 0xb400007b97d32690 ptr 0x0 idx 1
debug1: No more authentication methods to try.

Any idea what's happening or how I can get more information about the error in libcrypto?
@daguej
Copy link
Author

daguej commented Jun 16, 2023

Additionally:

$ termux-keystore list
[
  {
    "alias": "josh",
    "algorithm": "RSA",
    "size": 2048,
    "inside_secure_hardware": true,
    "user_authentication": {
      "required": false,
      "enforced_by_secure_hardware": false,
      "validity_duration_seconds": 0
    }
  }
]

@daguej
Copy link
Author

daguej commented Jun 29, 2023

It appears this only happens with RSA keys.

I deleted the RSA key and generated a new EC key, and that works. Not sure if there's something wrong in the code or if I just passed a bad arg to termux-api Keystore -e command generate. (Is the README incorrect? It's unclear what you're supposed to use for ALGORITHM.)

@bretello
Copy link

This started happening after upgrading to Android 14.

Might be related to termux/termux-api#661 since the fingerprint confirmation does not show.

@JacobTDC
Copy link

This started happening after upgrading to Android 14.

Might be related to termux/termux-api#661 since the fingerprint confirmation does not show.

I believe it is, because tergent was how I first noticed the issue, as well (author of referenced issue).

@daguej
Copy link
Author

daguej commented Apr 25, 2024

While both issues result in failed ssh connections, I don't think the error in this issue is related to termux/termux-api#661, termux-fingerprint on Android 14.

I'm also now seeing the fingerprint problem on Android 14. However, super hacky workaround: I opened Google Wallet and clicked the "Verify it's you" button, triggering the system fingerprint prompt. I then immediately switched back to Termux and initiated a ssh connection, which worked. This did the trick since it doesn't really matter what app triggers fingerprint auth; the secure enclave only cares that auth has happened recently.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@daguej @bretello @JacobTDC