Bastillion-EC2 | based SSH console to execute commands | SSH library

Today I got the following message when I used Git + BitBucket on MacOS while pushing a new branch to BitBucket.

You are using an account password for Git over HTTPS.

Beginning March 1, 2022, users are required to use app passwords remote: for Git over HTTPS. To avoid any disruptions, change the password used in your Git client remote: to an app password. Note, these credentials may have been automatically stored in your Git client and/or a credential manager such as Git Credential Manager (GCM).'

we are currently working with a cloud product that uses JSCH internally to connect to external sftp sources. Im investigating an connection reset exception that we are getting when trying to connect to azure sftp.

Using wireshark i determined that the problem occurs after we send the Client: Key Exchange Init. Establishing the same connection with filezilla we dont have this issue.

comparing the packages from jsch and filezilla i didn't see an obivious issue, but im not an expert on the ssh protocol. im gonna post both requests below if somebody could give me any pointers it would be greatly appreciated.

Request with JSCH (not working)

Request with Filezilla (working)

Response with Filezilla (working)

See below for the log output:

I have a Python 3 application running on CentOS Linux 7.7 executing SSH commands against remote hosts. It works properly but today I encountered an odd error executing a command against a "new" remote server (server based on RHEL 6.10):

encountered RSA key, expected OPENSSH key

Executing the same command from the system shell (using the same private key of course) works perfectly fine.

On the remote server I discovered in /var/log/secure that when SSH connection and commands are issued from the source server with Python (using Paramiko) sshd complains about unsupported public key algorithm:

userauth_pubkey: unsupported public key algorithm: rsa-sha2-512

Note that target servers with higher RHEL/CentOS like 7.x don't encounter the issue.

It seems like Paramiko picks/offers the wrong algorithm when negotiating with the remote server when on the contrary SSH shell performs the negotiation properly in the context of this "old" target server. How to get the Python program to work as expected?

Python code

We've had a working Ansible AWX instance running on v5.0.0 for over a year, and suddenly all jobs stop working -- no output is rendered. They will start "running" but hang indefinitely without printing out any logging.

The AWX instance is running in a docker compose container setup as defined here: https://github.com/ansible/awx/blob/5.0.0/INSTALL.md#docker-compose

Standard troubleshooting such as restarting of containers, host OS, etc. hasn't helped. No configuration changes in either environment.

Upon debugging an actual playbook command, we observe that the command to run a playbook from the UI is like the below:

ssh-agent sh -c ssh-add /tmp/awx_11021_0fmwm5uz/artifacts/11021/ssh_key_data && rm -f /tmp/awx_11021_0fmwm5uz/artifacts/11021/ssh_key_data && ansible-playbook -vvvvv -u ubuntu --become --ask-vault-pass -i /tmp/awx_11021_0fmwm5uz/tmppo7rcdqn -e @/tmp/awx_11021_0fmwm5uz/env/extravars playbook.yml

That's broken down into three commands in sequence:

1. ssh-agent sh -c ssh-add /tmp/awx_11021_0fmwm5uz/artifacts/11021/ssh_key_data
2. rm -f /tmp/awx_11021_0fmwm5uz/artifacts/11021/ssh_key_data
3. ansible-playbook -vvvvv -u ubuntu --become --ask-vault-pass -i /tmp/awx_11021_0fmwm5uz/tmppo7rcdqn -e @/tmp/awx_11021_0fmwm5uz/env/extravars playbook.yml

You can see in part 3, the -vvvvv is the debugging argument -- however, the hang is happening on command #1. Which has nothing to do with ansible or AWX specifically, but it's not going to get us much debugging info.

I tried doing an strace to see what is going on, but for reasons given below, it is pretty difficult to follow what it is actually hanging on. I can provide this output if it might help.

So one natural question with command #1 -- what is 'ssh_key_data'?

Well it's what we set up to be the Machine credential in AWX (an SSH key) -- it hasn't changed in a while and it works just fine when used in a direct SSH command. It's also apparently being set up by AWX as a file pipe:

prw------- 1 root root 0 Dec 10 08:29 ssh_key_data

Which starts to explain why it could be potentially hanging (if nothing is being read in from the other side of the pipe).

Running a normal ansible-playbook from command line (and supplying the SSH key in a more normal way) works just fine, so we can still deploy, but only via CLI right now -- it's just AWX that is broken.

So the question then becomes "why now"? And "how to debug"? I have checked the health of awx_postgres, and verified that indeed the Machine credential is present in an expected format (in the main_credential table). I have also verified that can use ssh-agent on the awx_task container without the use of that pipe keyfile. So it really seems to be this piped file that is the problem -- but I haven't been able to glean from any logs where the other side of the pipe (sender) is supposed to be or why they aren't sending the data.

I'm trying to generate ECDSA Key Pair for SSH with Go, but I find that the private key format is different from ssh-keygen and can't be accepted by GitHub.

Here's the 256-bit key pair generated via ssh-keygen -t ecdsa -b 256:

I have 2 different github accounts, 1 for work and 1 for personal projects. On my laptop, I created 2 different directories to clone my Github repositories:

Perso: /Users/pierre-alexandre/Documents/perso

Work: /Users/pierre-alexandre/Documents/work

Then, I generated 2 different SSH keys on /Users/pierre-alexandre/.ssh and added each .pub key on their respective Github repository. At the end this is what my /Users/pierre-alexandre/.ssh folder looks like:

I've got a local Swift Package Manager package that uses a private Github repo as a dependency. When I open the local package with Xcode, it fails to “Resolve Packages” with this error:

Error while fetching remote repository: git@github.com:mayoff/Preamble.git

Server SSH Fingerprint Failed to Verify

However, if I use the command line swift program, it can clone the private repo. For example, I can run swift package show-dependencies in the local package's directory without complaint. I can also successfully clone the remote package repo with git clone. So it's not a problem with my .known_hosts file or my SSH key.

How do I fix Xcode's complaint?

when connecting to a git repository using SSH for the first time, it is asked to confirm the authenticity of the host according to its fingerprint:

I have a problem with my gitea version 1.15.5 running on my raspberry pi. I appears that the built in ssh server is not starting: