Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Windows - Enable GPG SSH Authentication #225

Closed
sc-perth opened this issue Nov 20, 2016 · 2 comments
Closed

Windows - Enable GPG SSH Authentication #225

sc-perth opened this issue Nov 20, 2016 · 2 comments

Comments

@sc-perth
Copy link

sc-perth commented Nov 20, 2016

I am using a Yubikey (Neo) to hold by GPG keys. This works great with QtPass on Windows 10.
However public-key is also the only supported authentication method for my git server. That key is stored on the Yubikey. When I have QtPass perform a pull, it apparently only tries keyboard-interactive. This prevents me from easily syncing my password stores and I must do it manually with WinSCP instead.

PuTTy successfully authenticates via my Yubikey; QtPass successfully decrypts via my Yubikey.
That seems to indicate all necessary "infrastructure" exists, so I'm hoping that means this isn't a big ask.

This may need redirected to Git for Windows. Their Git GUI also fails to try anything other than keyboard-interactive for a password...

Platform Information

QtPass: 1.1.5
Git4Win: Installer: Git-2.10.1-64-bit.exe
GPG4Win: Installer: gpg4win-2.3.3.exe
OS: Windows 10 Home, version 1604 (OS Build 14393.447)
From Git Bash:

REDACTED@REDACTED MINGW64 ~
$ bash --version
GNU bash, version 4.3.46(2)-release (x86_64-pc-msys)
...
REDACTED@REDACTED MINGW64 ~
$ mintty.exe --version
mintty 2.5.0 (x86_64-pc-msys)
...
REDACTED@REDACTED MINGW64 ~
$ gpg --version
gpg (GnuPG) 1.4.20 
...
$ gpg-connect-agent.exe --version
gpg-connect-agent (GnuPG) 2.0.30 (Gpg4win 2.3.3)
...
Server's auth.log of failed auth after clicking "Pull":
Nov 20 11:15:08 REDACTED sshd[8172]: SSH: Server;Ltype: Version;Remote: 192.168.1.151-56973;Protocol: 2.0;Client: OpenSSH_7.3
Nov 20 11:15:08 REDACTED sshd[8172]: SSH: Server;Ltype: Kex;Remote: 192.168.1.151-56973;Enc: chacha20-poly1305@openssh.com;MAC: <implicit>;Comp: none [preauth]
Nov 20 11:15:08 REDACTED sshd[8176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.151  user=REDACTED
Nov 20 11:15:09 REDACTED sshd[8172]: error: PAM: Authentication failure for REDACTED from 192.168.1.151
Nov 20 11:15:09 REDACTED sshd[8172]: Postponed keyboard-interactive for REDACTED from 192.168.1.151 port 56973 ssh2 [preauth]
Nov 20 11:15:09 REDACTED sshd[8177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.151  user=REDACTED
Nov 20 11:15:11 REDACTED sshd[8172]: error: PAM: Authentication failure for REDACTED from 192.168.1.151
Nov 20 11:15:11 REDACTED sshd[8172]: Failed keyboard-interactive/pam for REDACTED from 192.168.1.151 port 56973 ssh2
Nov 20 11:15:12 REDACTED sshd[8172]: Postponed keyboard-interactive for REDACTED from 192.168.1.151 port 56973 ssh2 [preauth]
Nov 20 11:15:12 REDACTED sshd[8179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.151  user=REDACTED 
Nov 20 11:15:13 REDACTED sshd[8172]: error: PAM: Authentication failure for REDACTED from 192.168.1.151
Nov 20 11:15:13 REDACTED sshd[8172]: Failed keyboard-interactive/pam for REDACTED from 192.168.1.151 port 56973 ssh2
Nov 20 11:15:13 REDACTED sshd[8172]: error: maximum authentication attempts exceeded for REDACTED from 192.168.1.151 port 56973 ssh2 [preauth]
Nov 20 11:15:13 REDACTED sshd[8172]: Disconnecting: Too many authentication failures [preauth]
Server's SSHD Config:
PermitRootLogin no
MaxAuthTries 3
MaxSessions 3
PubkeyAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication yes
UsePAM yes
X11Forwarding yes
PrintMotd no
PrintLastLog no
UsePrivilegeSeparation sandbox          # Default for new installations.
UseDNS no
Subsystem       sftp    /usr/lib64/misc/sftp-server
AcceptEnv LANG LC_*
@sc-perth
Copy link
Author

sc-perth commented Dec 1, 2016

Resolved by following these instructions.
https://github.com/git-for-windows/git/wiki/OpenSSH-Integration-with-Pageant

@annejan
Copy link
Member

annejan commented Dec 2, 2016

Added FAQ item .. thanks for closing this issue 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants