Explore all Authentication open source software, libraries, packages, source code, cloud functions and APIs.
Popular New Releases in Authentication
supabase
March 2022: Launch Week Special
monica
v3.7.0
authelia
v4.35.0
hydra
v1.11.7
jwt-auth
1.0.2 Release
Popular Libraries in Authentication
supabase
by supabase 
typescript
31360 Apache-2.0
The open source Firebase alternative. Follow to stay updated about our public Beta.
iosched
by google kotlin
20748 NOASSERTION
The Google I/O Android App
monica
by monicahq php
16226 AGPL-3.0
Personal CRM. Remember everything about your friends, family and business relationships.
authelia
by authelia go
12699 Apache-2.0
The Single Sign-On Multi-Factor portal for web apps
hydra
by ory go
12436 Apache-2.0
OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid.
jwt-auth
by tymondesigns php
10488 MIT
🔐 JSON Web Token Authentication for Laravel & Lumen
react-native-firebase
by invertase javascript
9925 NOASSERTION
🔥 A well-tested feature-rich modular Firebase implementation for React Native. Supports both iOS & Android platforms for all Firebase services.
next-auth
by nextauthjs typescript
9836 ISC
Authentication for Next.js
cas
by apereo java
9377 Apache-2.0
Apereo CAS - Identity & Single Sign On for all earthlings and beyond.
Trending New libraries in Authentication
supertokens-core
by supertokens java
5681 Apache-2.0
Open source alternative to Auth0 / Firebase Auth / AWS Cognito
sanctum
by laravel php
2266 MIT
Laravel Sanctum provides a featherweight authentication system for SPAs and simple APIs.
breeze
by laravel php
1728 MIT
Minimal Laravel authentication scaffolding with Blade and Tailwind.
fortify
by laravel php
1283 MIT
Backend controllers and scaffolding for Laravel authentication.
next-auth-example
by nextauthjs typescript
1053 ISC
An example project that shows how to use NextAuth.js
next-iron-session
by vvo javascript
871 MIT
🛠 Next.js stateless session utility using signed and encrypted cookies to store data
next-firebase-auth
by gladly-team javascript
713 MIT
Simple Firebase authentication for all Next.js rendering strategies
caddy-auth-portal
by greenpau go
662 Apache-2.0
Authentication Plugin for Caddy v2 implementing Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA with App Authenticators and Yubico.
IdentityServer
by DuendeSoftware javascript
637 NOASSERTION
The most flexible and standards-compliant OpenID Connect and OAuth 2.x framework for ASP.NET Core
Top Authors in Authentication
1
85 Libraries
26311
2
64 Libraries
3314
3
57 Libraries
1110
4
53 Libraries
9369
5
51 Libraries
2746
6
48 Libraries
5911
7
48 Libraries
1154
8
44 Libraries
47899
9
31 Libraries
3804
10
28 Libraries
4387
1
85 Libraries
26311
2
64 Libraries
3314
3
57 Libraries
1110
4
53 Libraries
9369
5
51 Libraries
2746
6
48 Libraries
5911
7
48 Libraries
1154
8
44 Libraries
47899
9
31 Libraries
3804
10
28 Libraries
4387
Trending Kits in Authentication
Two-factor authentication (2FA) is a multifactor security process where users must authenticate their identity with two different means. This ensures better protection of secured assets and information.
Traditional username and password combinations are prone to hacking and getting hacked has been on the rise. Implementing 2FA authentication will prevent hackers from accessing your accounts even if your password is stolen. 2FA is a recommended practice for securing all your online accounts and devices to protect sensitive information losses.
You will need a different set of components with features ranging from creating the secret codes, accessing and authenticating.
OTP:
Time-based One-Time Password involves generating a one-time password from a shared secret key and the current timestamp using cryptographic algorithms. These libraries will help you generate secrete one-time passwords
SMS
Typically the OTP codes are sent to the user's mobile phone using SMS. This also helps to validate the user's mobile number correctness. The user can then enter the secret code into the application to complete the multifactor authentication. The below libraries will help in sending SMS from your application.
The unique generated one-time password is sent via email to the user. The user uses the code from the email and enters the code into the application to confirm the authentication.
Biometric Authentication
Using Biometrics for authentication has been made easy with mobile devices. Biometrics can include different choices, such as using fingerprints, voice, and face as the secondary authentication mechanism.
Push Notifications
Typically, push notifications are sent to your mobile app to authorize login requests. It will include the details of the access device details and once authorized, the login to the application is allowed. Below libraries help in implementing the push notification-based authorization.
Trending Discussions on Authentication
`Firebase` package was successfully found. However, this package itself specifies a `main` module field that could not be resolved
How to solve Invalid credentials problem in bitbucket?
Unauthorized (Invalid Token) when authenticating with JWT Bearer Token after update to .NET 6
Bitbucket Cloud recently stopped supporting account passwords for Git authentication
"fatal: Authentication failed for" when pushing to GitHub from Visual Studio Code (1.62.2)
Which Android device has BIOMETRIC_STRONG (Class 3) face authentication?
Use token to push some code to GitHub - "Support for password authentication was removed"
Paramiko authentication fails with "Agreed upon 'rsa-sha2-512' pubkey algorithm" (and "unsupported public key algorithm: rsa-sha2-512" in sshd log)
refusing to allow a Personal Access Token to create or update workflow
'AmplifySignOut' is not exported from '@aws-amplify/ui-react'
QUESTION
`Firebase` package was successfully found. However, this package itself specifies a `main` module field that could not be resolved
Asked 2022-Apr-02 at 17:19I'm trying to read and write to firestore, use firebase's authentication, and firebase's storage within a expo managed react-native application.
Full Error:
1While trying to resolve module `firebase` from file `C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\firebase.js`, the package `C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\node_modules\firebase\package.json` was successfully found. However, this package itself specifies a `main` module field that could not be resolved (`C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\node_modules\firebase\index`. Indeed, none of these files exist:
2
3 * C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\node_modules\firebase\index(.native|.android.ts|.native.ts|.ts|.android.tsx|.native.tsx|.tsx|.android.js|.native.js|.js|.android.jsx|.native.jsx|.jsx|.android.json|.native.json|.json)
4 * C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\node_modules\firebase\index\index(.native|.android.ts|.native.ts|.ts|.android.tsx|.native.tsx|.tsx|.android.js|.native.js|.js|.android.jsx|.native.jsx|.jsx|.android.json|.native.json|.json)
5My firebase config file:
1While trying to resolve module `firebase` from file `C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\firebase.js`, the package `C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\node_modules\firebase\package.json` was successfully found. However, this package itself specifies a `main` module field that could not be resolved (`C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\node_modules\firebase\index`. Indeed, none of these files exist:
2
3 * C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\node_modules\firebase\index(.native|.android.ts|.native.ts|.ts|.android.tsx|.native.tsx|.tsx|.android.js|.native.js|.js|.android.jsx|.native.jsx|.jsx|.android.json|.native.json|.json)
4 * C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\node_modules\firebase\index\index(.native|.android.ts|.native.ts|.ts|.android.tsx|.native.tsx|.tsx|.android.js|.native.js|.js|.android.jsx|.native.jsx|.jsx|.android.json|.native.json|.json)
5import firebase from "firebase";
6import { initializeApp } from "firebase/app";
7import "firebase/firestore";
8import "firebase/auth";
9import "firebase/storage";
10
11// I'm using the example key here, I have the correct config
12const firebaseConfig = {
13 apiKey: "api-key",
14 authDomain: "project-id.firebaseapp.com",
15 databaseURL: "https://project-id.firebaseio.com",
16 projectId: "project-id",
17 storageBucket: "project-id.appspot.com",
18 messagingSenderId: "sender-id",
19 appId: "app-id",
20 measurementId: "G-measurement-id",
21};
22
23if (firebase.apps.length === 0) {
24 initializeApp(firebaseConfig);
25}
26
27const db = firebase.firestore();
28const auth = firebase.auth();
29const storage = firebase.storage();
30
31export { db, auth, storage };
32I installed the firebase package with:
1While trying to resolve module `firebase` from file `C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\firebase.js`, the package `C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\node_modules\firebase\package.json` was successfully found. However, this package itself specifies a `main` module field that could not be resolved (`C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\node_modules\firebase\index`. Indeed, none of these files exist:
2
3 * C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\node_modules\firebase\index(.native|.android.ts|.native.ts|.ts|.android.tsx|.native.tsx|.tsx|.android.js|.native.js|.js|.android.jsx|.native.jsx|.jsx|.android.json|.native.json|.json)
4 * C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\node_modules\firebase\index\index(.native|.android.ts|.native.ts|.ts|.android.tsx|.native.tsx|.tsx|.android.js|.native.js|.js|.android.jsx|.native.jsx|.jsx|.android.json|.native.json|.json)
5import firebase from "firebase";
6import { initializeApp } from "firebase/app";
7import "firebase/firestore";
8import "firebase/auth";
9import "firebase/storage";
10
11// I'm using the example key here, I have the correct config
12const firebaseConfig = {
13 apiKey: "api-key",
14 authDomain: "project-id.firebaseapp.com",
15 databaseURL: "https://project-id.firebaseio.com",
16 projectId: "project-id",
17 storageBucket: "project-id.appspot.com",
18 messagingSenderId: "sender-id",
19 appId: "app-id",
20 measurementId: "G-measurement-id",
21};
22
23if (firebase.apps.length === 0) {
24 initializeApp(firebaseConfig);
25}
26
27const db = firebase.firestore();
28const auth = firebase.auth();
29const storage = firebase.storage();
30
31export { db, auth, storage };
32expo install firebase
33Any help would be greatly appreciated. Thank you!
ANSWER
Answered 2021-Nov-03 at 05:52To reduce the size of the app, firebase SDK (v9.0.0) became modular. You can no longer do the import statement like before on v8.
You have two options.
- Use the backwards compatible way. (it will be later removed):
This:
1While trying to resolve module `firebase` from file `C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\firebase.js`, the package `C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\node_modules\firebase\package.json` was successfully found. However, this package itself specifies a `main` module field that could not be resolved (`C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\node_modules\firebase\index`. Indeed, none of these files exist:
2
3 * C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\node_modules\firebase\index(.native|.android.ts|.native.ts|.ts|.android.tsx|.native.tsx|.tsx|.android.js|.native.js|.js|.android.jsx|.native.jsx|.jsx|.android.json|.native.json|.json)
4 * C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\node_modules\firebase\index\index(.native|.android.ts|.native.ts|.ts|.android.tsx|.native.tsx|.tsx|.android.js|.native.js|.js|.android.jsx|.native.jsx|.jsx|.android.json|.native.json|.json)
5import firebase from "firebase";
6import { initializeApp } from "firebase/app";
7import "firebase/firestore";
8import "firebase/auth";
9import "firebase/storage";
10
11// I'm using the example key here, I have the correct config
12const firebaseConfig = {
13 apiKey: "api-key",
14 authDomain: "project-id.firebaseapp.com",
15 databaseURL: "https://project-id.firebaseio.com",
16 projectId: "project-id",
17 storageBucket: "project-id.appspot.com",
18 messagingSenderId: "sender-id",
19 appId: "app-id",
20 measurementId: "G-measurement-id",
21};
22
23if (firebase.apps.length === 0) {
24 initializeApp(firebaseConfig);
25}
26
27const db = firebase.firestore();
28const auth = firebase.auth();
29const storage = firebase.storage();
30
31export { db, auth, storage };
32expo install firebase
33import firebase from 'firebase/app';
34import 'firebase/auth';
35import 'firebase/firestore';
36Should be changed to:
1While trying to resolve module `firebase` from file `C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\firebase.js`, the package `C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\node_modules\firebase\package.json` was successfully found. However, this package itself specifies a `main` module field that could not be resolved (`C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\node_modules\firebase\index`. Indeed, none of these files exist:
2
3 * C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\node_modules\firebase\index(.native|.android.ts|.native.ts|.ts|.android.tsx|.native.tsx|.tsx|.android.js|.native.js|.js|.android.jsx|.native.jsx|.jsx|.android.json|.native.json|.json)
4 * C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\node_modules\firebase\index\index(.native|.android.ts|.native.ts|.ts|.android.tsx|.native.tsx|.tsx|.android.js|.native.js|.js|.android.jsx|.native.jsx|.jsx|.android.json|.native.json|.json)
5import firebase from "firebase";
6import { initializeApp } from "firebase/app";
7import "firebase/firestore";
8import "firebase/auth";
9import "firebase/storage";
10
11// I'm using the example key here, I have the correct config
12const firebaseConfig = {
13 apiKey: "api-key",
14 authDomain: "project-id.firebaseapp.com",
15 databaseURL: "https://project-id.firebaseio.com",
16 projectId: "project-id",
17 storageBucket: "project-id.appspot.com",
18 messagingSenderId: "sender-id",
19 appId: "app-id",
20 measurementId: "G-measurement-id",
21};
22
23if (firebase.apps.length === 0) {
24 initializeApp(firebaseConfig);
25}
26
27const db = firebase.firestore();
28const auth = firebase.auth();
29const storage = firebase.storage();
30
31export { db, auth, storage };
32expo install firebase
33import firebase from 'firebase/app';
34import 'firebase/auth';
35import 'firebase/firestore';
36// v9 compat packages are API compatible with v8 code
37import firebase from 'firebase/compat/app';
38import 'firebase/compat/auth';
39import 'firebase/compat/firestore';
40- Refactor your code now.
From this:
1While trying to resolve module `firebase` from file `C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\firebase.js`, the package `C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\node_modules\firebase\package.json` was successfully found. However, this package itself specifies a `main` module field that could not be resolved (`C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\node_modules\firebase\index`. Indeed, none of these files exist:
2
3 * C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\node_modules\firebase\index(.native|.android.ts|.native.ts|.ts|.android.tsx|.native.tsx|.tsx|.android.js|.native.js|.js|.android.jsx|.native.jsx|.jsx|.android.json|.native.json|.json)
4 * C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\node_modules\firebase\index\index(.native|.android.ts|.native.ts|.ts|.android.tsx|.native.tsx|.tsx|.android.js|.native.js|.js|.android.jsx|.native.jsx|.jsx|.android.json|.native.json|.json)
5import firebase from "firebase";
6import { initializeApp } from "firebase/app";
7import "firebase/firestore";
8import "firebase/auth";
9import "firebase/storage";
10
11// I'm using the example key here, I have the correct config
12const firebaseConfig = {
13 apiKey: "api-key",
14 authDomain: "project-id.firebaseapp.com",
15 databaseURL: "https://project-id.firebaseio.com",
16 projectId: "project-id",
17 storageBucket: "project-id.appspot.com",
18 messagingSenderId: "sender-id",
19 appId: "app-id",
20 measurementId: "G-measurement-id",
21};
22
23if (firebase.apps.length === 0) {
24 initializeApp(firebaseConfig);
25}
26
27const db = firebase.firestore();
28const auth = firebase.auth();
29const storage = firebase.storage();
30
31export { db, auth, storage };
32expo install firebase
33import firebase from 'firebase/app';
34import 'firebase/auth';
35import 'firebase/firestore';
36// v9 compat packages are API compatible with v8 code
37import firebase from 'firebase/compat/app';
38import 'firebase/compat/auth';
39import 'firebase/compat/firestore';
40import firebase from "firebase/compat/app";
41import "firebase/compat/auth";
42
43const auth = firebase.auth();
44auth.onAuthStateChanged(user => {
45 // Check for user status
46});
47To this:
1While trying to resolve module `firebase` from file `C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\firebase.js`, the package `C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\node_modules\firebase\package.json` was successfully found. However, this package itself specifies a `main` module field that could not be resolved (`C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\node_modules\firebase\index`. Indeed, none of these files exist:
2
3 * C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\node_modules\firebase\index(.native|.android.ts|.native.ts|.ts|.android.tsx|.native.tsx|.tsx|.android.js|.native.js|.js|.android.jsx|.native.jsx|.jsx|.android.json|.native.json|.json)
4 * C:\Users\joshu\Desktop\VSProjects\VolleyballConnect\node_modules\firebase\index\index(.native|.android.ts|.native.ts|.ts|.android.tsx|.native.tsx|.tsx|.android.js|.native.js|.js|.android.jsx|.native.jsx|.jsx|.android.json|.native.json|.json)
5import firebase from "firebase";
6import { initializeApp } from "firebase/app";
7import "firebase/firestore";
8import "firebase/auth";
9import "firebase/storage";
10
11// I'm using the example key here, I have the correct config
12const firebaseConfig = {
13 apiKey: "api-key",
14 authDomain: "project-id.firebaseapp.com",
15 databaseURL: "https://project-id.firebaseio.com",
16 projectId: "project-id",
17 storageBucket: "project-id.appspot.com",
18 messagingSenderId: "sender-id",
19 appId: "app-id",
20 measurementId: "G-measurement-id",
21};
22
23if (firebase.apps.length === 0) {
24 initializeApp(firebaseConfig);
25}
26
27const db = firebase.firestore();
28const auth = firebase.auth();
29const storage = firebase.storage();
30
31export { db, auth, storage };
32expo install firebase
33import firebase from 'firebase/app';
34import 'firebase/auth';
35import 'firebase/firestore';
36// v9 compat packages are API compatible with v8 code
37import firebase from 'firebase/compat/app';
38import 'firebase/compat/auth';
39import 'firebase/compat/firestore';
40import firebase from "firebase/compat/app";
41import "firebase/compat/auth";
42
43const auth = firebase.auth();
44auth.onAuthStateChanged(user => {
45 // Check for user status
46});
47import { getAuth, onAuthStateChanged } from "firebase/auth";
48
49const auth = getAuth(firebaseApp);
50onAuthStateChanged(auth, user => {
51 // Check for user status
52});
53You should definitely check the documentation
QUESTION
How to solve Invalid credentials problem in bitbucket?
Asked 2022-Mar-31 at 13:55My bitbucket password is correct because I can easily login with this password. When I try to push a project or file to bitbucket it shows Invalid credentials error.
1$ git push -u origin master
2fatal: Invalid credentials
3Password for 'https://username@bitbucket.org':
4remote: Bitbucket Cloud recently stopped supporting account passwords for Git authentication.
5remote: See our community post for more details: https://atlassian.community/t5/x/x/ba-p/1948231
6remote: App passwords are recommended for most use cases and can be created in your Personal settings:
7remote: https://bitbucket.org/account/settings/app-passwords/
8fatal: Authentication failed for 'https://bitbucket.org/username/demo.git/'
9How can I solve this issue?
ANSWER
Answered 2022-Mar-07 at 11:47Go to credential Manager -> Windown Credential -> Add a generic credential fill up the fields Network address: git:https://bitbucket.org Username: App Password: Solver from Here
QUESTION
Unauthorized (Invalid Token) when authenticating with JWT Bearer Token after update to .NET 6
Asked 2022-Mar-23 at 10:13After updating the package Microsoft.AspNetCore.Authentication.JwtBearer from version 3.1.14 to 6.0.1, requests with authentication fail with 401 Unauthorized "invalid token".
What needs to be changed with the new package version?
ANSWER
Answered 2022-Jan-20 at 13:18This seems to be a bug. Adding an event handler (JwtBearerEvents), the failure could be identified as a MissingMethodException:
1Method not found: 'Void Microsoft.IdentityModel.Tokens.InternalValidators.ValidateLifetimeAndIssuerAfterSignatureNotValidatedJwt(Microsoft.IdentityModel.Tokens.SecurityToken, System.Nullable`1<System.DateTime>, System.Nullable`1<System.DateTime>, System.String, Microsoft.IdentityModel.Tokens.TokenValidationParameters, System.Text.StringBuilder)'.
2with stack trace
1Method not found: 'Void Microsoft.IdentityModel.Tokens.InternalValidators.ValidateLifetimeAndIssuerAfterSignatureNotValidatedJwt(Microsoft.IdentityModel.Tokens.SecurityToken, System.Nullable`1<System.DateTime>, System.Nullable`1<System.DateTime>, System.String, Microsoft.IdentityModel.Tokens.TokenValidationParameters, System.Text.StringBuilder)'.
2at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
3at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
4at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()",
5Simply adding the current version of System.IdentityModel.Tokens.Jwt solved the problem.
Update: Please also note the comment by @Rubenisme below.
QUESTION
Bitbucket Cloud recently stopped supporting account passwords for Git authentication
Asked 2022-Mar-16 at 20:19I have pushed the code in the morning it was working fine but now I'm trying to push code but getting this error: Bitbucket Cloud recently stopped supporting account passwords for Git authentication
ANSWER
Answered 2022-Mar-15 at 05:06I've also faced this issue..
- Then I opened my Bitbucket account. 2)Then at the bottom left corner you will find an icon with your username's initials. 3)Click on that and go to settings and click on Personal Settings 4)In personal Settings, in the left panel you will find "access management"
- Under that you will find "app passwords"
- Click on that --> Then you will routed to create app password page
- There you can give the required permissions and create password (Note: You have to store that password somewhere as it will be displayed only once) 8)When you push the code to any repo...use your app password instead of your account password (No need to change any settings in the git_config file)
Happy programming :) !
QUESTION
"fatal: Authentication failed for" when pushing to GitHub from Visual Studio Code (1.62.2)
Asked 2022-Feb-23 at 05:40A lot of us are currently having the issue where we aren't able to push changes to GitHub anymore and getting a
fatal: Authentication failed for error. This has been observed on Linux.
This is because the newest version of Visual Studio Code (1.62.2) introduced this bug.
Is there a fix for this version, or otherwise a workaround?
ANSWER
Answered 2021-Nov-17 at 16:12The way I solved it was by downgrading it to 1.62.1, and now it works perfectly again.
I'm on Linux, so this may not apply or work for you, but it should if all Visual Studio Code versions are the same across all OSes.
The Visual Studio Code team has confirmed that it will be fixed on 1.62.3
If you use openSUSE Tumbleweed like me, you can run the following command in the terminal to downgrade:
$ sudo zypper install --oldpackage code-1.62.1
QUESTION
Which Android device has BIOMETRIC_STRONG (Class 3) face authentication?
Asked 2022-Feb-02 at 10:46I have implemented biometric authentication in my application with biometric level BIOMETRIC_STRONG (Class 3). The fingerprint authentication is working as expected but I couldn't able to test the face authentication on any of my devices (Samsung Galaxy S10, Oppo A3S, etc.). I think the face authentication in those devices is not falling under Class 3.
Are there any Android devices with BIOMETRIC_STRONG (Class 3) face authentication? It would be helpful if someone can provide a list.
ANSWER
Answered 2022-Feb-02 at 10:46Pixel 4 is currently the only device with face authentication that qualifies as BIOMETRIC_STRONG (Class 3).
Face authentication was not added to pixel 5, and looks like there are no plans to add it back with Pixel 6 either.
This is true as of 5th October 2021, but there might be more devices that support in the future.
QUESTION
Use token to push some code to GitHub - "Support for password authentication was removed"
Asked 2022-Jan-28 at 13:43Error message when using git push:
Support for password authentication was removed on August 13, 2021. Please use a personal access token instead. remote: Please see https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information. fatal: unable to access 'https://github.com/codingTheWorld777/react-mini-projects.git/': The requested URL returned error: 403"***
I cannot use my token to access GitHub, so how can I push code to GitHub?
ANSWER
Answered 2021-Sep-05 at 20:46You need to create a personal access token. You can find the instructions on creating personal access token in Creating a personal access token
Make sure you keep the access token secure & secret. After that you need to replace your current saved password in the device (laptop/desktop) with the access token. In macOS you can search for Keychain and find GitHub with an Internet password and replace it with your access token. For instructions, see Updating credentials from the macOS Keychain.
In Windows, it might be Credential Manager (I'm not sure). Check this out: How to update your Git credentials on Windows
QUESTION
Paramiko authentication fails with "Agreed upon 'rsa-sha2-512' pubkey algorithm" (and "unsupported public key algorithm: rsa-sha2-512" in sshd log)
Asked 2022-Jan-13 at 14:49I have a Python 3 application running on CentOS Linux 7.7 executing SSH commands against remote hosts. It works properly but today I encountered an odd error executing a command against a "new" remote server (server based on RHEL 6.10):
encountered RSA key, expected OPENSSH key
Executing the same command from the system shell (using the same private key of course) works perfectly fine.
On the remote server I discovered in /var/log/secure that when SSH connection and commands are issued from the source server with Python (using Paramiko) sshd complains about unsupported public key algorithm:
userauth_pubkey: unsupported public key algorithm: rsa-sha2-512
Note that target servers with higher RHEL/CentOS like 7.x don't encounter the issue.
It seems like Paramiko picks/offers the wrong algorithm when negotiating with the remote server when on the contrary SSH shell performs the negotiation properly in the context of this "old" target server. How to get the Python program to work as expected?
Python code
1import paramiko
2import logging
3
4ssh_user = "my_user"
5ssh_keypath = "/path/to/.ssh/my_key.rsa"
6server = "server.tld"
7
8ssh_client = paramiko.SSHClient()
9ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
10ssh_client.connect(server,port=22,username=ssh_user, key_filename=ssh_keypath)
11
12# SSH command
13cmd = "echo TEST : $(hostname)"
14
15stdin, stdout, stderr = ssh_client.exec_command(cmd, get_pty=True)
16exit_code = stdout.channel.recv_exit_status()
17
18cmd_raw_output = stdout.readlines()
19out = "".join(cmd_raw_output)
20out_msg = out.strip()
21
22# Ouput (logger code omitted)
23logger.debug(out_msg)
24
25if ssh_client is not None:
26 ssh_client.close()
27Shell command equivalent
1import paramiko
2import logging
3
4ssh_user = "my_user"
5ssh_keypath = "/path/to/.ssh/my_key.rsa"
6server = "server.tld"
7
8ssh_client = paramiko.SSHClient()
9ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
10ssh_client.connect(server,port=22,username=ssh_user, key_filename=ssh_keypath)
11
12# SSH command
13cmd = "echo TEST : $(hostname)"
14
15stdin, stdout, stderr = ssh_client.exec_command(cmd, get_pty=True)
16exit_code = stdout.channel.recv_exit_status()
17
18cmd_raw_output = stdout.readlines()
19out = "".join(cmd_raw_output)
20out_msg = out.strip()
21
22# Ouput (logger code omitted)
23logger.debug(out_msg)
24
25if ssh_client is not None:
26 ssh_client.close()
27ssh -i /path/to/.ssh/my_key.rsa my_user@server.tld "echo TEST : $(hostname)"
28Paramiko logs (DEBUG)
1import paramiko
2import logging
3
4ssh_user = "my_user"
5ssh_keypath = "/path/to/.ssh/my_key.rsa"
6server = "server.tld"
7
8ssh_client = paramiko.SSHClient()
9ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
10ssh_client.connect(server,port=22,username=ssh_user, key_filename=ssh_keypath)
11
12# SSH command
13cmd = "echo TEST : $(hostname)"
14
15stdin, stdout, stderr = ssh_client.exec_command(cmd, get_pty=True)
16exit_code = stdout.channel.recv_exit_status()
17
18cmd_raw_output = stdout.readlines()
19out = "".join(cmd_raw_output)
20out_msg = out.strip()
21
22# Ouput (logger code omitted)
23logger.debug(out_msg)
24
25if ssh_client is not None:
26 ssh_client.close()
27ssh -i /path/to/.ssh/my_key.rsa my_user@server.tld "echo TEST : $(hostname)"
28DEB [YYYYmmdd-HH:MM:30.475] thr=1 paramiko.transport: starting thread (client mode): 0xf6054ac8
29DEB [YYYYmmdd-HH:MM:30.476] thr=1 paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.9.1
30DEB [YYYYmmdd-HH:MM:30.490] thr=1 paramiko.transport: Remote version/idstring: SSH-2.0-OpenSSH_5.3
31INF [YYYYmmdd-HH:MM:30.490] thr=1 paramiko.transport: Connected (version 2.0, client OpenSSH_5.3)
32DEB [YYYYmmdd-HH:MM:30.498] thr=1 paramiko.transport: === Key exchange possibilities ===
33DEB [YYYYmmdd-HH:MM:30.498] thr=1 paramiko.transport: kex algos: diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
34DEB [YYYYmmdd-HH:MM:30.498] thr=1 paramiko.transport: server key: ssh-rsa, ssh-dss
35DEB [YYYYmmdd-HH:MM:30.498] thr=1 paramiko.transport: client encrypt: aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
36DEB [YYYYmmdd-HH:MM:30.498] thr=1 paramiko.transport: server encrypt: aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
37DEB [YYYYmmdd-HH:MM:30.499] thr=1 paramiko.transport: client mac: hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
38DEB [YYYYmmdd-HH:MM:30.499] thr=1 paramiko.transport: server mac: hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
39DEB [YYYYmmdd-HH:MM:30.499] thr=1 paramiko.transport: client compress: none, zlib@openssh.com
40DEB [YYYYmmdd-HH:MM:30.499] thr=1 paramiko.transport: server compress: none, zlib@openssh.com
41DEB [YYYYmmdd-HH:MM:30.499] thr=1 paramiko.transport: client lang: <none>
42DEB [YYYYmmdd-HH:MM:30.499] thr=1 paramiko.transport: server lang: <none>.
43DEB [YYYYmmdd-HH:MM:30.499] thr=1 paramiko.transport: kex follows: False
44DEB [YYYYmmdd-HH:MM:30.500] thr=1 paramiko.transport: === Key exchange agreements ===
45DEB [YYYYmmdd-HH:MM:30.500] thr=1 paramiko.transport: Kex: diffie-hellman-group-exchange-sha256
46DEB [YYYYmmdd-HH:MM:30.500] thr=1 paramiko.transport: HostKey: ssh-rsa
47DEB [YYYYmmdd-HH:MM:30.500] thr=1 paramiko.transport: Cipher: aes128-ctr
48DEB [YYYYmmdd-HH:MM:30.500] thr=1 paramiko.transport: MAC: hmac-sha2-256
49DEB [YYYYmmdd-HH:MM:30.501] thr=1 paramiko.transport: Compression: none
50DEB [YYYYmmdd-HH:MM:30.501] thr=1 paramiko.transport: === End of kex handshake ===
51DEB [YYYYmmdd-HH:MM:30.548] thr=1 paramiko.transport: Got server p (2048 bits)
52DEB [YYYYmmdd-HH:MM:30.666] thr=1 paramiko.transport: kex engine KexGexSHA256 specified hash_algo <built-in function openssl_sha256>
53DEB [YYYYmmdd-HH:MM:30.667] thr=1 paramiko.transport: Switch to new keys ...
54DEB [YYYYmmdd-HH:MM:30.669] thr=2 paramiko.transport: Adding ssh-rsa host key for server.tld: b'caea********************.'
55DEB [YYYYmmdd-HH:MM:30.674] thr=2 paramiko.transport: Trying discovered key b'b49c********************' in /path/to/.ssh/my_key.rsa
56DEB [YYYYmmdd-HH:MM:30.722] thr=1 paramiko.transport: userauth is OK
57DEB [YYYYmmdd-HH:MM:30.722] thr=1 paramiko.transport: Finalizing pubkey algorithm for key of type 'ssh-rsa'
58DEB [YYYYmmdd-HH:MM:30.722] thr=1 paramiko.transport: Our pubkey algorithm list: ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-rsa']
59DEB [YYYYmmdd-HH:MM:30.723] thr=1 paramiko.transport: Server-side algorithm list: ['']
60DEB [YYYYmmdd-HH:MM:30.723] thr=1 paramiko.transport: Agreed upon 'rsa-sha2-512' pubkey algorithm
61INF [YYYYmmdd-HH:MM:30.735] thr=1 paramiko.transport: Authentication (publickey) failed.
62DEB [YYYYmmdd-HH:MM:30.739] thr=2 paramiko.transport: Trying SSH agent key b'9d37********************'
63DEB [YYYYmmdd-HH:MM:30.747] thr=1 paramiko.transport: userauth is OK.
64DEB [YYYYmmdd-HH:MM:30.748] thr=1 paramiko.transport: Finalizing pubkey algorithm for key of type 'ssh-rsa'
65DEB [YYYYmmdd-HH:MM:30.748] thr=1 paramiko.transport: Our pubkey algorithm list: ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-rsa']
66DEB [YYYYmmdd-HH:MM:30.748] thr=1 paramiko.transport: Server-side algorithm list: ['']
67DEB [YYYYmmdd-HH:MM:30.748] thr=1 paramiko.transport: Agreed upon 'rsa-sha2-512' pubkey algorithm
68INF [YYYYmmdd-HH:MM:30.868] thr=1 paramiko.transport: Authentication (publickey) failed...
69Shell command logs
1import paramiko
2import logging
3
4ssh_user = "my_user"
5ssh_keypath = "/path/to/.ssh/my_key.rsa"
6server = "server.tld"
7
8ssh_client = paramiko.SSHClient()
9ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
10ssh_client.connect(server,port=22,username=ssh_user, key_filename=ssh_keypath)
11
12# SSH command
13cmd = "echo TEST : $(hostname)"
14
15stdin, stdout, stderr = ssh_client.exec_command(cmd, get_pty=True)
16exit_code = stdout.channel.recv_exit_status()
17
18cmd_raw_output = stdout.readlines()
19out = "".join(cmd_raw_output)
20out_msg = out.strip()
21
22# Ouput (logger code omitted)
23logger.debug(out_msg)
24
25if ssh_client is not None:
26 ssh_client.close()
27ssh -i /path/to/.ssh/my_key.rsa my_user@server.tld "echo TEST : $(hostname)"
28DEB [YYYYmmdd-HH:MM:30.475] thr=1 paramiko.transport: starting thread (client mode): 0xf6054ac8
29DEB [YYYYmmdd-HH:MM:30.476] thr=1 paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.9.1
30DEB [YYYYmmdd-HH:MM:30.490] thr=1 paramiko.transport: Remote version/idstring: SSH-2.0-OpenSSH_5.3
31INF [YYYYmmdd-HH:MM:30.490] thr=1 paramiko.transport: Connected (version 2.0, client OpenSSH_5.3)
32DEB [YYYYmmdd-HH:MM:30.498] thr=1 paramiko.transport: === Key exchange possibilities ===
33DEB [YYYYmmdd-HH:MM:30.498] thr=1 paramiko.transport: kex algos: diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
34DEB [YYYYmmdd-HH:MM:30.498] thr=1 paramiko.transport: server key: ssh-rsa, ssh-dss
35DEB [YYYYmmdd-HH:MM:30.498] thr=1 paramiko.transport: client encrypt: aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
36DEB [YYYYmmdd-HH:MM:30.498] thr=1 paramiko.transport: server encrypt: aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
37DEB [YYYYmmdd-HH:MM:30.499] thr=1 paramiko.transport: client mac: hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
38DEB [YYYYmmdd-HH:MM:30.499] thr=1 paramiko.transport: server mac: hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
39DEB [YYYYmmdd-HH:MM:30.499] thr=1 paramiko.transport: client compress: none, zlib@openssh.com
40DEB [YYYYmmdd-HH:MM:30.499] thr=1 paramiko.transport: server compress: none, zlib@openssh.com
41DEB [YYYYmmdd-HH:MM:30.499] thr=1 paramiko.transport: client lang: <none>
42DEB [YYYYmmdd-HH:MM:30.499] thr=1 paramiko.transport: server lang: <none>.
43DEB [YYYYmmdd-HH:MM:30.499] thr=1 paramiko.transport: kex follows: False
44DEB [YYYYmmdd-HH:MM:30.500] thr=1 paramiko.transport: === Key exchange agreements ===
45DEB [YYYYmmdd-HH:MM:30.500] thr=1 paramiko.transport: Kex: diffie-hellman-group-exchange-sha256
46DEB [YYYYmmdd-HH:MM:30.500] thr=1 paramiko.transport: HostKey: ssh-rsa
47DEB [YYYYmmdd-HH:MM:30.500] thr=1 paramiko.transport: Cipher: aes128-ctr
48DEB [YYYYmmdd-HH:MM:30.500] thr=1 paramiko.transport: MAC: hmac-sha2-256
49DEB [YYYYmmdd-HH:MM:30.501] thr=1 paramiko.transport: Compression: none
50DEB [YYYYmmdd-HH:MM:30.501] thr=1 paramiko.transport: === End of kex handshake ===
51DEB [YYYYmmdd-HH:MM:30.548] thr=1 paramiko.transport: Got server p (2048 bits)
52DEB [YYYYmmdd-HH:MM:30.666] thr=1 paramiko.transport: kex engine KexGexSHA256 specified hash_algo <built-in function openssl_sha256>
53DEB [YYYYmmdd-HH:MM:30.667] thr=1 paramiko.transport: Switch to new keys ...
54DEB [YYYYmmdd-HH:MM:30.669] thr=2 paramiko.transport: Adding ssh-rsa host key for server.tld: b'caea********************.'
55DEB [YYYYmmdd-HH:MM:30.674] thr=2 paramiko.transport: Trying discovered key b'b49c********************' in /path/to/.ssh/my_key.rsa
56DEB [YYYYmmdd-HH:MM:30.722] thr=1 paramiko.transport: userauth is OK
57DEB [YYYYmmdd-HH:MM:30.722] thr=1 paramiko.transport: Finalizing pubkey algorithm for key of type 'ssh-rsa'
58DEB [YYYYmmdd-HH:MM:30.722] thr=1 paramiko.transport: Our pubkey algorithm list: ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-rsa']
59DEB [YYYYmmdd-HH:MM:30.723] thr=1 paramiko.transport: Server-side algorithm list: ['']
60DEB [YYYYmmdd-HH:MM:30.723] thr=1 paramiko.transport: Agreed upon 'rsa-sha2-512' pubkey algorithm
61INF [YYYYmmdd-HH:MM:30.735] thr=1 paramiko.transport: Authentication (publickey) failed.
62DEB [YYYYmmdd-HH:MM:30.739] thr=2 paramiko.transport: Trying SSH agent key b'9d37********************'
63DEB [YYYYmmdd-HH:MM:30.747] thr=1 paramiko.transport: userauth is OK.
64DEB [YYYYmmdd-HH:MM:30.748] thr=1 paramiko.transport: Finalizing pubkey algorithm for key of type 'ssh-rsa'
65DEB [YYYYmmdd-HH:MM:30.748] thr=1 paramiko.transport: Our pubkey algorithm list: ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-rsa']
66DEB [YYYYmmdd-HH:MM:30.748] thr=1 paramiko.transport: Server-side algorithm list: ['']
67DEB [YYYYmmdd-HH:MM:30.748] thr=1 paramiko.transport: Agreed upon 'rsa-sha2-512' pubkey algorithm
68INF [YYYYmmdd-HH:MM:30.868] thr=1 paramiko.transport: Authentication (publickey) failed...
69OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
70debug1: Reading configuration data /etc/ssh/ssh_config
71debug1: /etc/ssh/ssh_config line 58: Applying options for *
72debug2: resolving "server.tld" port 22
73debug2: ssh_connect_direct: needpriv 0
74debug1: Connecting to server.tld [server.tld] port 22.
75debug1: Connection established.
76debug1: permanently_set_uid: 0/0
77debug1: key_load_public: No such file or directory
78debug1: identity file /path/to/.ssh/my_key.rsa type -1
79debug1: key_load_public: No such file or directory
80debug1: identity file /path/to/.ssh/my_key.rsa-cert type -1
81debug1: Enabling compatibility mode for protocol 2.0
82debug1: Local version string SSH-2.0-OpenSSH_7.4
83debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
84debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000
85debug2: fd 3 setting O_NONBLOCK
86debug1: Authenticating to server.tld:22 as 'my_user'
87debug3: hostkeys_foreach: reading file "/path/to/.ssh/known_hosts"
88debug3: record_hostkey: found key type RSA in file /path/to/.ssh/known_hosts:82
89debug3: load_hostkeys: loaded 1 keys from server.tld
90debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
91debug3: send packet: type 20
92debug1: SSH2_MSG_KEXINIT sent
93debug3: receive packet: type 20
94debug1: SSH2_MSG_KEXINIT received
95debug2: local client KEXINIT proposal
96debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
97debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
98debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
99debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
100debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
101debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
102debug2: compression ctos: none,zlib@openssh.com,zlib
103debug2: compression stoc: none,zlib@openssh.com,zlib
104debug2: languages ctos:
105debug2: languages stoc:
106debug2: first_kex_follows 0
107debug2: reserved 0
108debug2: peer server KEXINIT proposal
109debug2: KEX algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
110debug2: host key algorithms: ssh-rsa,ssh-dss
111debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
112debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
113debug2: MACs ctos: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
114debug2: MACs stoc: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
115debug2: compression ctos: none,zlib@openssh.com
116debug2: compression stoc: none,zlib@openssh.com
117debug2: languages ctos:
118debug2: languages stoc:
119debug2: first_kex_follows 0
120debug2: reserved 0
121debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
122debug1: kex: host key algorithm: ssh-rsa
123debug1: kex: server->client cipher: aes128-ctr MAC: umac-64@openssh.com compression: none
124debug1: kex: client->server cipher: aes128-ctr MAC: umac-64@openssh.com compression: none
125debug1: kex: diffie-hellman-group-exchange-sha256 need=16 dh_need=16
126debug1: kex: diffie-hellman-group-exchange-sha256 need=16 dh_need=16
127debug3: send packet: type 34
128debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
129debug3: receive packet: type 31
130debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
131debug2: bits set: 1502/3072
132debug3: send packet: type 32
133debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
134debug3: receive packet: type 33
135debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
136debug1: Server host key: ssh-.:**************************************************
137debug3: hostkeys_foreach: reading file "/path/to/.ssh/known_hosts"
138debug3: record_hostkey: found key type RSA in file /path/to/.ssh/known_hosts:8..2
139debug3: load_hostkeys: loaded 1 keys from server.tld
140debug1: Host 'server.tld' is known and matches the RSA host key.
141debug1: Found key in /path/to/.ssh/known_hosts:82
142debug2: bits set: 1562/3072
143debug3: send packet: type 21
144debug2: set_newkeys: mode 1
145debug1: rekey after 4294967296 blocks
146debug1: SSH2_MSG_NEWKEYS sent
147debug1: expecting SSH2_MSG_NEWKEYS
148debug3: receive packet: type 21
149debug1: SSH2_MSG_NEWKEYS received
150debug2: set_newkeys: mode 0
151debug1: rekey after 4294967296 blocks
152debug2: key: <foo> (0x55bcf6d1d320), agent
153debug2: key: /path/to/.ssh/my_key.rsa ((nil)), explicit
154debug3: send packet: type 5
155debug3: receive packet: type 6
156debug2: service_accept: ssh-userauth
157debug1: SSH2_MSG_SERVICE_ACCEPT received
158debug3: send packet: type 50
159debug3: receive packet: type 51
160debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
161debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
162debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
163debug3: authmethod_lookup gssapi-keyex
164debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
165debug3: authmethod_is_enabled gssapi-keyex
166debug1: Next authentication method: gssapi-keyex
167debug1: No valid Key exchange context
168debug2: we did not send a packet, disable method
169debug3: authmethod_lookup gssapi-with-mic
170debug3: remaining preferred: publickey,keyboard-interactive,password
171debug3: authmethod_is_enabled gssapi-with-mic
172debug1: Next authentication method: gssapi-with-mic
173debug1: Unspecified GSS failure. Minor code may provide more information
174No Kerberos credentials available (default cache: KEYRING:persistent:0)
175
176debug1: Unspecified GSS failure. Minor code may provide more information
177No Kerberos credentials available (default cache: KEYRING:persistent:0)
178
179debug2: we did not send a packet, disable method
180debug3: authmethod_lookup publickey
181debug3: remaining preferred: keyboard-interactive,password
182debug3: authmethod_is_enabled publickey
183debug1: Next authentication method: publickey
184debug1: Offering RSA public key: <foo>
185debug3: send_pubkey_test
186debug3: send packet: type 50
187debug2: we sent a publickey packet, wait for reply
188debug3: receive packet: type 51
189debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
190debug1: Trying private key: /path/to/.ssh/my_key.rsa
191debug3: sign_and_send_pubkey: RSA SHA256:**********************************
192debug3: send packet: type 50
193debug2: we sent a publickey packet, wait for reply
194debug3: receive packet: type 52
195debug1: Authentication succeeded (publickey).
196Authenticated to server.tld ([server.tld]:22).
197debug1: channel 0: new [client-session]
198debug3: ssh_session2_open: channel_new: 0
199debug2: channel 0: send open
200debug3: send packet: type 90
201debug1: Requesting no-more-sessions@openssh.com
202debug3: send packet: type 80
203debug1: Entering interactive session.
204debug1: pledge: network
205debug3: receive packet: type 91
206debug2: callback start
207debug2: fd 3 setting TCP_NODELAY
208debug3: ssh_packet_set_tos: set IP_TOS 0x08
209debug2: client_session2_setup: id 0
210debug1: Sending environment.
211debug3: Ignored env XDG_SESSION_ID
212debug3: Ignored env HOSTNAME
213debug3: Ignored env SELINUX_ROLE_REQUESTED
214debug3: Ignored env TERM
215debug3: Ignored env SHELL
216debug3: Ignored env HISTSIZE
217debug3: Ignored env SSH_CLIENT
218debug3: Ignored env SELINUX_USE_CURRENT_RANGE
219debug3: Ignored env SSH_TTY
220debug3: Ignored env CDPATH
221debug3: Ignored env USER
222debug3: Ignored env LS_COLORS
223debug3: Ignored env SSH_AUTH_SOCK
224debug3: Ignored env MAIL
225debug3: Ignored env PATH
226debug3: Ignored env PWD
227debug1: Sending env LANG = xx_XX.UTF-8
228debug2: channel 0: request env confirm 0
229debug3: send packet: type 98
230debug3: Ignored env SELINUX_LEVEL_REQUESTED
231debug3: Ignored env HISTCONTROL
232debug3: Ignored env SHLVL
233debug3: Ignored env HOME
234debug3: Ignored env LOGNAME
235debug3: Ignored env SSH_CONNECTION
236debug3: Ignored env LESSOPEN
237debug3: Ignored env XDG_RUNTIME_DIR
238debug3: Ignored env _
239debug1: Sending command: echo TEST : $(hostname)
240debug2: channel 0: request exec confirm 1
241debug3: send packet: type 98
242debug2: callback done
243debug2: channel 0: open confirm rwindow 0 rmax 32768
244debug2: channel 0: rcvd adjust 2097152
245debug3: receive packet: type 99
246debug2: channel_input_status_confirm: type 99 id 0
247debug2: exec request accepted on channel 0
248TEST : server.tld
249debug3: receive packet: type 96
250debug2: channel 0: rcvd eof
251debug2: channel 0: output open -> drain
252debug2: channel 0: obuf empty
253debug2: channel 0: close_write
254debug2: channel 0: output drain -> closed
255debug3: receive packet: type 98
256debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
257debug3: receive packet: type 98
258debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
259debug2: channel 0: rcvd eow
260debug2: channel 0: close_read
261debug2: channel 0: input open -> closed
262debug3: receive packet: type 97
263debug2: channel 0: rcvd close
264debug3: channel 0: will not send data after close
265debug2: channel 0: almost dead
266debug2: channel 0: gc: notify user
267debug2: channel 0: gc: user detached
268debug2: channel 0: send close
269debug3: send packet: type 97
270debug2: channel 0: is dead
271debug2: channel 0: garbage collecting
272debug1: channel 0: free: client-session, nchannels 1
273debug3: channel 0: status: The following connections are open:
274 #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)
275
276debug3: send packet: type 1
277Transferred: sent 3264, received 2656 bytes, in 0.0 seconds.
278Bytes per second: sent 92349.8, received 75147.4
279debug1: Exit status 0
280.
281ANSWER
Answered 2022-Jan-13 at 14:49Imo, it's a bug in Paramiko. It does not handle correctly absence of server-sig-algs extension on the server side.
Try disabling rsa-sha2-* on Paramiko side altogether:
1import paramiko
2import logging
3
4ssh_user = "my_user"
5ssh_keypath = "/path/to/.ssh/my_key.rsa"
6server = "server.tld"
7
8ssh_client = paramiko.SSHClient()
9ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
10ssh_client.connect(server,port=22,username=ssh_user, key_filename=ssh_keypath)
11
12# SSH command
13cmd = "echo TEST : $(hostname)"
14
15stdin, stdout, stderr = ssh_client.exec_command(cmd, get_pty=True)
16exit_code = stdout.channel.recv_exit_status()
17
18cmd_raw_output = stdout.readlines()
19out = "".join(cmd_raw_output)
20out_msg = out.strip()
21
22# Ouput (logger code omitted)
23logger.debug(out_msg)
24
25if ssh_client is not None:
26 ssh_client.close()
27ssh -i /path/to/.ssh/my_key.rsa my_user@server.tld "echo TEST : $(hostname)"
28DEB [YYYYmmdd-HH:MM:30.475] thr=1 paramiko.transport: starting thread (client mode): 0xf6054ac8
29DEB [YYYYmmdd-HH:MM:30.476] thr=1 paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.9.1
30DEB [YYYYmmdd-HH:MM:30.490] thr=1 paramiko.transport: Remote version/idstring: SSH-2.0-OpenSSH_5.3
31INF [YYYYmmdd-HH:MM:30.490] thr=1 paramiko.transport: Connected (version 2.0, client OpenSSH_5.3)
32DEB [YYYYmmdd-HH:MM:30.498] thr=1 paramiko.transport: === Key exchange possibilities ===
33DEB [YYYYmmdd-HH:MM:30.498] thr=1 paramiko.transport: kex algos: diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
34DEB [YYYYmmdd-HH:MM:30.498] thr=1 paramiko.transport: server key: ssh-rsa, ssh-dss
35DEB [YYYYmmdd-HH:MM:30.498] thr=1 paramiko.transport: client encrypt: aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
36DEB [YYYYmmdd-HH:MM:30.498] thr=1 paramiko.transport: server encrypt: aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
37DEB [YYYYmmdd-HH:MM:30.499] thr=1 paramiko.transport: client mac: hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
38DEB [YYYYmmdd-HH:MM:30.499] thr=1 paramiko.transport: server mac: hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
39DEB [YYYYmmdd-HH:MM:30.499] thr=1 paramiko.transport: client compress: none, zlib@openssh.com
40DEB [YYYYmmdd-HH:MM:30.499] thr=1 paramiko.transport: server compress: none, zlib@openssh.com
41DEB [YYYYmmdd-HH:MM:30.499] thr=1 paramiko.transport: client lang: <none>
42DEB [YYYYmmdd-HH:MM:30.499] thr=1 paramiko.transport: server lang: <none>.
43DEB [YYYYmmdd-HH:MM:30.499] thr=1 paramiko.transport: kex follows: False
44DEB [YYYYmmdd-HH:MM:30.500] thr=1 paramiko.transport: === Key exchange agreements ===
45DEB [YYYYmmdd-HH:MM:30.500] thr=1 paramiko.transport: Kex: diffie-hellman-group-exchange-sha256
46DEB [YYYYmmdd-HH:MM:30.500] thr=1 paramiko.transport: HostKey: ssh-rsa
47DEB [YYYYmmdd-HH:MM:30.500] thr=1 paramiko.transport: Cipher: aes128-ctr
48DEB [YYYYmmdd-HH:MM:30.500] thr=1 paramiko.transport: MAC: hmac-sha2-256
49DEB [YYYYmmdd-HH:MM:30.501] thr=1 paramiko.transport: Compression: none
50DEB [YYYYmmdd-HH:MM:30.501] thr=1 paramiko.transport: === End of kex handshake ===
51DEB [YYYYmmdd-HH:MM:30.548] thr=1 paramiko.transport: Got server p (2048 bits)
52DEB [YYYYmmdd-HH:MM:30.666] thr=1 paramiko.transport: kex engine KexGexSHA256 specified hash_algo <built-in function openssl_sha256>
53DEB [YYYYmmdd-HH:MM:30.667] thr=1 paramiko.transport: Switch to new keys ...
54DEB [YYYYmmdd-HH:MM:30.669] thr=2 paramiko.transport: Adding ssh-rsa host key for server.tld: b'caea********************.'
55DEB [YYYYmmdd-HH:MM:30.674] thr=2 paramiko.transport: Trying discovered key b'b49c********************' in /path/to/.ssh/my_key.rsa
56DEB [YYYYmmdd-HH:MM:30.722] thr=1 paramiko.transport: userauth is OK
57DEB [YYYYmmdd-HH:MM:30.722] thr=1 paramiko.transport: Finalizing pubkey algorithm for key of type 'ssh-rsa'
58DEB [YYYYmmdd-HH:MM:30.722] thr=1 paramiko.transport: Our pubkey algorithm list: ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-rsa']
59DEB [YYYYmmdd-HH:MM:30.723] thr=1 paramiko.transport: Server-side algorithm list: ['']
60DEB [YYYYmmdd-HH:MM:30.723] thr=1 paramiko.transport: Agreed upon 'rsa-sha2-512' pubkey algorithm
61INF [YYYYmmdd-HH:MM:30.735] thr=1 paramiko.transport: Authentication (publickey) failed.
62DEB [YYYYmmdd-HH:MM:30.739] thr=2 paramiko.transport: Trying SSH agent key b'9d37********************'
63DEB [YYYYmmdd-HH:MM:30.747] thr=1 paramiko.transport: userauth is OK.
64DEB [YYYYmmdd-HH:MM:30.748] thr=1 paramiko.transport: Finalizing pubkey algorithm for key of type 'ssh-rsa'
65DEB [YYYYmmdd-HH:MM:30.748] thr=1 paramiko.transport: Our pubkey algorithm list: ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-rsa']
66DEB [YYYYmmdd-HH:MM:30.748] thr=1 paramiko.transport: Server-side algorithm list: ['']
67DEB [YYYYmmdd-HH:MM:30.748] thr=1 paramiko.transport: Agreed upon 'rsa-sha2-512' pubkey algorithm
68INF [YYYYmmdd-HH:MM:30.868] thr=1 paramiko.transport: Authentication (publickey) failed...
69OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
70debug1: Reading configuration data /etc/ssh/ssh_config
71debug1: /etc/ssh/ssh_config line 58: Applying options for *
72debug2: resolving "server.tld" port 22
73debug2: ssh_connect_direct: needpriv 0
74debug1: Connecting to server.tld [server.tld] port 22.
75debug1: Connection established.
76debug1: permanently_set_uid: 0/0
77debug1: key_load_public: No such file or directory
78debug1: identity file /path/to/.ssh/my_key.rsa type -1
79debug1: key_load_public: No such file or directory
80debug1: identity file /path/to/.ssh/my_key.rsa-cert type -1
81debug1: Enabling compatibility mode for protocol 2.0
82debug1: Local version string SSH-2.0-OpenSSH_7.4
83debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
84debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000
85debug2: fd 3 setting O_NONBLOCK
86debug1: Authenticating to server.tld:22 as 'my_user'
87debug3: hostkeys_foreach: reading file "/path/to/.ssh/known_hosts"
88debug3: record_hostkey: found key type RSA in file /path/to/.ssh/known_hosts:82
89debug3: load_hostkeys: loaded 1 keys from server.tld
90debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
91debug3: send packet: type 20
92debug1: SSH2_MSG_KEXINIT sent
93debug3: receive packet: type 20
94debug1: SSH2_MSG_KEXINIT received
95debug2: local client KEXINIT proposal
96debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
97debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
98debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
99debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
100debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
101debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
102debug2: compression ctos: none,zlib@openssh.com,zlib
103debug2: compression stoc: none,zlib@openssh.com,zlib
104debug2: languages ctos:
105debug2: languages stoc:
106debug2: first_kex_follows 0
107debug2: reserved 0
108debug2: peer server KEXINIT proposal
109debug2: KEX algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
110debug2: host key algorithms: ssh-rsa,ssh-dss
111debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
112debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
113debug2: MACs ctos: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
114debug2: MACs stoc: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
115debug2: compression ctos: none,zlib@openssh.com
116debug2: compression stoc: none,zlib@openssh.com
117debug2: languages ctos:
118debug2: languages stoc:
119debug2: first_kex_follows 0
120debug2: reserved 0
121debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
122debug1: kex: host key algorithm: ssh-rsa
123debug1: kex: server->client cipher: aes128-ctr MAC: umac-64@openssh.com compression: none
124debug1: kex: client->server cipher: aes128-ctr MAC: umac-64@openssh.com compression: none
125debug1: kex: diffie-hellman-group-exchange-sha256 need=16 dh_need=16
126debug1: kex: diffie-hellman-group-exchange-sha256 need=16 dh_need=16
127debug3: send packet: type 34
128debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
129debug3: receive packet: type 31
130debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
131debug2: bits set: 1502/3072
132debug3: send packet: type 32
133debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
134debug3: receive packet: type 33
135debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
136debug1: Server host key: ssh-.:**************************************************
137debug3: hostkeys_foreach: reading file "/path/to/.ssh/known_hosts"
138debug3: record_hostkey: found key type RSA in file /path/to/.ssh/known_hosts:8..2
139debug3: load_hostkeys: loaded 1 keys from server.tld
140debug1: Host 'server.tld' is known and matches the RSA host key.
141debug1: Found key in /path/to/.ssh/known_hosts:82
142debug2: bits set: 1562/3072
143debug3: send packet: type 21
144debug2: set_newkeys: mode 1
145debug1: rekey after 4294967296 blocks
146debug1: SSH2_MSG_NEWKEYS sent
147debug1: expecting SSH2_MSG_NEWKEYS
148debug3: receive packet: type 21
149debug1: SSH2_MSG_NEWKEYS received
150debug2: set_newkeys: mode 0
151debug1: rekey after 4294967296 blocks
152debug2: key: <foo> (0x55bcf6d1d320), agent
153debug2: key: /path/to/.ssh/my_key.rsa ((nil)), explicit
154debug3: send packet: type 5
155debug3: receive packet: type 6
156debug2: service_accept: ssh-userauth
157debug1: SSH2_MSG_SERVICE_ACCEPT received
158debug3: send packet: type 50
159debug3: receive packet: type 51
160debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
161debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
162debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
163debug3: authmethod_lookup gssapi-keyex
164debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
165debug3: authmethod_is_enabled gssapi-keyex
166debug1: Next authentication method: gssapi-keyex
167debug1: No valid Key exchange context
168debug2: we did not send a packet, disable method
169debug3: authmethod_lookup gssapi-with-mic
170debug3: remaining preferred: publickey,keyboard-interactive,password
171debug3: authmethod_is_enabled gssapi-with-mic
172debug1: Next authentication method: gssapi-with-mic
173debug1: Unspecified GSS failure. Minor code may provide more information
174No Kerberos credentials available (default cache: KEYRING:persistent:0)
175
176debug1: Unspecified GSS failure. Minor code may provide more information
177No Kerberos credentials available (default cache: KEYRING:persistent:0)
178
179debug2: we did not send a packet, disable method
180debug3: authmethod_lookup publickey
181debug3: remaining preferred: keyboard-interactive,password
182debug3: authmethod_is_enabled publickey
183debug1: Next authentication method: publickey
184debug1: Offering RSA public key: <foo>
185debug3: send_pubkey_test
186debug3: send packet: type 50
187debug2: we sent a publickey packet, wait for reply
188debug3: receive packet: type 51
189debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
190debug1: Trying private key: /path/to/.ssh/my_key.rsa
191debug3: sign_and_send_pubkey: RSA SHA256:**********************************
192debug3: send packet: type 50
193debug2: we sent a publickey packet, wait for reply
194debug3: receive packet: type 52
195debug1: Authentication succeeded (publickey).
196Authenticated to server.tld ([server.tld]:22).
197debug1: channel 0: new [client-session]
198debug3: ssh_session2_open: channel_new: 0
199debug2: channel 0: send open
200debug3: send packet: type 90
201debug1: Requesting no-more-sessions@openssh.com
202debug3: send packet: type 80
203debug1: Entering interactive session.
204debug1: pledge: network
205debug3: receive packet: type 91
206debug2: callback start
207debug2: fd 3 setting TCP_NODELAY
208debug3: ssh_packet_set_tos: set IP_TOS 0x08
209debug2: client_session2_setup: id 0
210debug1: Sending environment.
211debug3: Ignored env XDG_SESSION_ID
212debug3: Ignored env HOSTNAME
213debug3: Ignored env SELINUX_ROLE_REQUESTED
214debug3: Ignored env TERM
215debug3: Ignored env SHELL
216debug3: Ignored env HISTSIZE
217debug3: Ignored env SSH_CLIENT
218debug3: Ignored env SELINUX_USE_CURRENT_RANGE
219debug3: Ignored env SSH_TTY
220debug3: Ignored env CDPATH
221debug3: Ignored env USER
222debug3: Ignored env LS_COLORS
223debug3: Ignored env SSH_AUTH_SOCK
224debug3: Ignored env MAIL
225debug3: Ignored env PATH
226debug3: Ignored env PWD
227debug1: Sending env LANG = xx_XX.UTF-8
228debug2: channel 0: request env confirm 0
229debug3: send packet: type 98
230debug3: Ignored env SELINUX_LEVEL_REQUESTED
231debug3: Ignored env HISTCONTROL
232debug3: Ignored env SHLVL
233debug3: Ignored env HOME
234debug3: Ignored env LOGNAME
235debug3: Ignored env SSH_CONNECTION
236debug3: Ignored env LESSOPEN
237debug3: Ignored env XDG_RUNTIME_DIR
238debug3: Ignored env _
239debug1: Sending command: echo TEST : $(hostname)
240debug2: channel 0: request exec confirm 1
241debug3: send packet: type 98
242debug2: callback done
243debug2: channel 0: open confirm rwindow 0 rmax 32768
244debug2: channel 0: rcvd adjust 2097152
245debug3: receive packet: type 99
246debug2: channel_input_status_confirm: type 99 id 0
247debug2: exec request accepted on channel 0
248TEST : server.tld
249debug3: receive packet: type 96
250debug2: channel 0: rcvd eof
251debug2: channel 0: output open -> drain
252debug2: channel 0: obuf empty
253debug2: channel 0: close_write
254debug2: channel 0: output drain -> closed
255debug3: receive packet: type 98
256debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
257debug3: receive packet: type 98
258debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
259debug2: channel 0: rcvd eow
260debug2: channel 0: close_read
261debug2: channel 0: input open -> closed
262debug3: receive packet: type 97
263debug2: channel 0: rcvd close
264debug3: channel 0: will not send data after close
265debug2: channel 0: almost dead
266debug2: channel 0: gc: notify user
267debug2: channel 0: gc: user detached
268debug2: channel 0: send close
269debug3: send packet: type 97
270debug2: channel 0: is dead
271debug2: channel 0: garbage collecting
272debug1: channel 0: free: client-session, nchannels 1
273debug3: channel 0: status: The following connections are open:
274 #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)
275
276debug3: send packet: type 1
277Transferred: sent 3264, received 2656 bytes, in 0.0 seconds.
278Bytes per second: sent 92349.8, received 75147.4
279debug1: Exit status 0
280.
281ssh_client.connect(
282 server, username=ssh_user, key_filename=ssh_keypath,
283 disabled_algorithms=dict(pubkeys=["rsa-sha2-512", "rsa-sha2-256"]))
284(note that there's no need to specify port=22, as that's the default)
I've found related Paramiko issue:
RSA key auth failing from paramiko 2.9.x client to dropbear server
Though it refers to Paramiko 2.9.0 change log, which seems to imply that the behavior is deliberate:
When the server does not send
server-sig-algs, Paramiko will attempt the first algorithm in the above list. Clients connecting to legacy servers should thus usedisabled_algorithmsto turn off SHA2.
Since 2.9.2, Paramiko will say:
DEB [20220113-14:46:13.882] thr=1 paramiko.transport: Server did not send a server-sig-algs list; defaulting to our first preferred algo ('rsa-sha2-512')
DEB [20220113-14:46:13.882] thr=1 paramiko.transport: NOTE: you may use the 'disabled_algorithms' SSHClient/Transport init kwarg to disable that or other algorithms if your server does not support them!
Obligatory warning: Do not use AutoAddPolicy – You are losing a protection against MITM attacks by doing so. For a correct solution, see Paramiko "Unknown Server".
Your code for waiting for command to complete and reading its output is flawed too. See Wait to finish command executed with Python Paramiko. And for most purposes, the get_pty=True is not a good idea either.
QUESTION
refusing to allow a Personal Access Token to create or update workflow
Asked 2022-Jan-04 at 10:12Today when I added a workflow and push the code to GitHub remote repo, shows this error:
1refusing to allow a Personal Access Token to create or update workflow
2This is the full error output:
1refusing to allow a Personal Access Token to create or update workflow
2~/Documents/GitHub/flutter-netease-music on master ⌚ 12:25:13
3$ git push origin master ‹ruby-2.7.2›
4Username for 'https://github.com': username
5Password for 'https://jiangxiaoqiang@github.com':
6Enumerating objects: 19, done.
7Counting objects: 100% (19/19), done.
8Delta compression using up to 12 threads
9Compressing objects: 100% (11/11), done.
10Writing objects: 100% (13/13), 1.86 KiB | 1.86 MiB/s, done.
11Total 13 (delta 6), reused 0 (delta 0), pack-reused 0
12remote: Resolving deltas: 100% (6/6), completed with 4 local objects.
13To https://github.com/jiangxiaoqiang/flutter-netease-music.git
14 ! [remote rejected] master -> master (refusing to allow a Personal Access Token to create or update workflow `.github/workflows/main-ios.yml` without `workflow` scope)
15error: failed to push some refs to 'https://github.com/jiangxiaoqiang/flutter-netease-music.git'
16(base)
17I am auth with token and have privillege to modify the repo. Now I could not push using password. When I try to use my password, the error message is:
1refusing to allow a Personal Access Token to create or update workflow
2~/Documents/GitHub/flutter-netease-music on master ⌚ 12:25:13
3$ git push origin master ‹ruby-2.7.2›
4Username for 'https://github.com': username
5Password for 'https://jiangxiaoqiang@github.com':
6Enumerating objects: 19, done.
7Counting objects: 100% (19/19), done.
8Delta compression using up to 12 threads
9Compressing objects: 100% (11/11), done.
10Writing objects: 100% (13/13), 1.86 KiB | 1.86 MiB/s, done.
11Total 13 (delta 6), reused 0 (delta 0), pack-reused 0
12remote: Resolving deltas: 100% (6/6), completed with 4 local objects.
13To https://github.com/jiangxiaoqiang/flutter-netease-music.git
14 ! [remote rejected] master -> master (refusing to allow a Personal Access Token to create or update workflow `.github/workflows/main-ios.yml` without `workflow` scope)
15error: failed to push some refs to 'https://github.com/jiangxiaoqiang/flutter-netease-music.git'
16(base)
17~/Documents/GitHub/flutter-netease-music on master ⌚ 12:28:37
18$ git push origin master ‹ruby-2.7.2›
19Username for 'https://github.com': username
20Password for 'https://jiangxiaoqiang@github.com':
21remote: Support for password authentication was removed on August 13, 2021. Please use a personal access token instead.
22remote: Please see https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information.
23fatal: unable to access 'https://github.com/jiangxiaoqiang/flutter-netease-music.git/': The requested URL returned error: 403
24(base)
25Why would this happen and what should I do to fix it?
ANSWER
Answered 2021-Aug-17 at 05:15give workflow privillege when created token in GitHub:
QUESTION
'AmplifySignOut' is not exported from '@aws-amplify/ui-react'
Asked 2021-Dec-19 at 14:09I've run into this issue today, and it's only started today. Ran the usual sequence of installs and pushes to build the app...
1npx create-react-app exampleapp
2npm start
3amplify init
4amplify add api
5Amplify push
6npm install aws-amplify @aws-amplify/ui-react
7amplify add auth
8amplify push
9Make my changes to the index.js and ap.js as usual..
index.js:
1npx create-react-app exampleapp
2npm start
3amplify init
4amplify add api
5Amplify push
6npm install aws-amplify @aws-amplify/ui-react
7amplify add auth
8amplify push
9import React from 'react';
10import ReactDOM from 'react-dom';
11import './index.css';
12import App from './App';
13import reportWebVitals from './reportWebVitals';
14import Amplify from 'aws-amplify';
15import aws_exports from './aws-exports'
16
17Amplify.configure(aws_exports);
18
19ReactDOM.render(
20 <React.StrictMode>
21 <App />
22 </React.StrictMode>,
23 document.getElementById('root')
24);
25
26reportWebVitals();
27App.js:
1npx create-react-app exampleapp
2npm start
3amplify init
4amplify add api
5Amplify push
6npm install aws-amplify @aws-amplify/ui-react
7amplify add auth
8amplify push
9import React from 'react';
10import ReactDOM from 'react-dom';
11import './index.css';
12import App from './App';
13import reportWebVitals from './reportWebVitals';
14import Amplify from 'aws-amplify';
15import aws_exports from './aws-exports'
16
17Amplify.configure(aws_exports);
18
19ReactDOM.render(
20 <React.StrictMode>
21 <App />
22 </React.StrictMode>,
23 document.getElementById('root')
24);
25
26reportWebVitals();
27import React from 'react';
28import './App.css';
29import { withAuthenticator, AmplifySignOut, Authenticator } from '@aws-amplify/ui-react';
30import { Amplify, Auth } from 'aws-amplify';
31import awsExports from './aws-exports';
32
33import awsconfig from './aws-exports';
34
35Amplify.configure(awsconfig);
36Auth.configure(awsconfig);
37
38function App() {
39 return (
40 <div>
41 <h1>Help!</h1>
42 <AmplifySignOut />
43 </div>
44 );
45}
46
47export default withAuthenticator(App);
48If I add AmplifySignOut it throws the error: 'AmplifySignOut' is not exported from '@aws-amplify/ui-react'
If I remove AmplifySignOut, then the login appears but it has no formatting as per the Amazon Authentication style (orange button etc.).
I can add import '@aws-amplify/ui-react/styles.css'; and I get some styling back, but I really need things back to how the were working.
Any help would be appreciated!
ANSWER
Answered 2021-Nov-20 at 19:28I am following along with the Amplify tutorial and hit this roadblock as well. It looks like they just upgraded the react components from 1.2.5 to 2.0.0 https://github.com/aws-amplify/docs/pull/3793
Downgrading ui-react to 1.2.5 brings back the AmplifySignOut and other components used in the tutorials.
in package.json:
1npx create-react-app exampleapp
2npm start
3amplify init
4amplify add api
5Amplify push
6npm install aws-amplify @aws-amplify/ui-react
7amplify add auth
8amplify push
9import React from 'react';
10import ReactDOM from 'react-dom';
11import './index.css';
12import App from './App';
13import reportWebVitals from './reportWebVitals';
14import Amplify from 'aws-amplify';
15import aws_exports from './aws-exports'
16
17Amplify.configure(aws_exports);
18
19ReactDOM.render(
20 <React.StrictMode>
21 <App />
22 </React.StrictMode>,
23 document.getElementById('root')
24);
25
26reportWebVitals();
27import React from 'react';
28import './App.css';
29import { withAuthenticator, AmplifySignOut, Authenticator } from '@aws-amplify/ui-react';
30import { Amplify, Auth } from 'aws-amplify';
31import awsExports from './aws-exports';
32
33import awsconfig from './aws-exports';
34
35Amplify.configure(awsconfig);
36Auth.configure(awsconfig);
37
38function App() {
39 return (
40 <div>
41 <h1>Help!</h1>
42 <AmplifySignOut />
43 </div>
44 );
45}
46
47export default withAuthenticator(App);
48"dependencies": {
49 "@aws-amplify/ui-react": "^1.2.5",
50 ...
51}
52Alternatively, you'll need to look into the version 2 docs to find suitable replacements: https://ui.docs.amplify.aws/components/authenticator
Community Discussions contain sources that include Stack Exchange Network
Tutorials and Learning Resources in Authentication
Tutorials and Learning Resources are not available at this moment for Authentication
Share this Page
Get latest updates on Authentication