This project forked from romanz/trezor-agent
The OnlyKey agent is essentially middleware that lets you use OnlyKey as a hardware SSH/GPG device.
Home Page: https://docs.crp.to/onlykey-agent.html
License: GNU Lesser General Public License v3.0
SSH agent for the OnlyKey.
Documentation - https://docs.crp.to/onlykey-agent.html
My Onlykey has been working fine in Kubuntu 22.04 LTS, but I'm now setting up a new system with Arch Linux and I haven't been able to get onlykey-gpg-agent to work. I copied ~/.gnupg/onlykey to the new computer, if that's any hint.
Take for example:
$ gpg --list-secret-keys
gpg: problem with fast path key listing: Line passed to IPC too long - ignored
/home/fidel/.gnupg/onlykey/pubring.kbx
--------------------------------------
sec rsa4096 2019-10-15 [SC]
A1D64A3B496CB0F36E12B46F9A9F520D44EA53D1
uid [ unknown] CryptoTrust LLC <[email protected]>
ssb# rsa4096 2019-10-15 [E]
The agent log is very long, because of the HAVEKEY --list=1000 operations, but what I see is that first it gets the right public key (ed25519) from the OnlyKey, but then right after it tries to find another (rsa) and fails with an error:
2024-01-22 15:08:32,621 DEBUG parsed identity: {'proto': 'gpg', 'user': None, 'host': '', 'port': None, 'path': None} [interface.py:30]
2024-01-22 15:08:32,729 DEBUG connected [client.py:246]
2024-01-22 15:08:32,729 DEBUG preparing payload for writing [client.py:298]
2024-01-22 15:08:32,729 DEBUG msg=OKSETTIME [client.py:304]
2024-01-22 15:08:32,729 DEBUG payload=[101, 174, 132, 240] [client.py:328]
2024-01-22 15:08:32,729 DEBUG sending message [client.py:341]
2024-01-22 15:08:32,744 DEBUG read="UNLOCKEDv2.1.2-prodc" [client.py:398]
2024-01-22 15:08:32,744 DEBUG outstring="bytearray(b'UNLOCKEDv2.1.2-prodc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')" [client.py:400]
2024-01-22 15:08:32,744 DEBUG Path to run-agent.sh = /home/fidel/.gnupg/onlykey/run-agent.sh [onlykey.py:77]
2024-01-22 15:08:32,744 DEBUG Setting skey slot = 132 [onlykey.py:58]
2024-01-22 15:08:32,744 DEBUG Setting dkey slot = 132 [onlykey.py:65]
2024-01-22 15:08:32,744 INFO Requesting public key from key slot =132 [onlykey.py:134]
2024-01-22 15:08:32,744 DEBUG identity parts: ['gpg://', 'Fidel Ramos <[email protected]>'] [interface.py:46]
2024-01-22 15:08:32,744 DEBUG "<gpg://Fidel Ramos <[email protected]>|ed25519>" getting public key (ed25519) from OnlyKey [onlykey.py:136]
2024-01-22 15:08:32,744 DEBUG identity parts: ['gpg://', 'Fidel Ramos <[email protected]>'] [interface.py:46]
2024-01-22 15:08:32,744 INFO Identity to hash =b'gpg://Fidel Ramos <[email protected]>' [onlykey.py:148]
2024-01-22 15:08:32,745 INFO Identity hash =c960afaa4ed5e06112f4b807fdeaba90f623a49fb4561574872f46b01bb01cd9 [onlykey.py:152]
2024-01-22 15:08:32,745 DEBUG preparing payload for writing [client.py:298]
2024-01-22 15:08:32,745 DEBUG msg=OKGETPUBKEY [client.py:304]
2024-01-22 15:08:32,745 DEBUG slot_id=132 [client.py:309]
2024-01-22 15:08:32,745 DEBUG payload="01c960afaa4ed5e06112f4b807fdeaba90f623a49fb4561574872f46b01bb01cd9" [client.py:322]
2024-01-22 15:08:32,745 DEBUG sending message [client.py:341]
2024-01-22 15:08:32,745 INFO curve name= 'ed25519' [onlykey.py:168]
2024-01-22 15:08:32,845 DEBUG read="" [client.py:398]
2024-01-22 15:08:32,845 DEBUG outstring="bytearray(b'')" [client.py:400]
2024-01-22 15:08:32,945 DEBUG read="" [client.py:398]
2024-01-22 15:08:32,946 DEBUG outstring="bytearray(b'')" [client.py:400]
2024-01-22 15:08:33,046 DEBUG read="" [client.py:398]
2024-01-22 15:08:33,046 DEBUG outstring="bytearray(b'')" [client.py:400]
2024-01-22 15:08:33,072 DEBUG read="þöO øϱí'Öa«ÞJ{¨Ïûm
" [client.py:398]
2024-01-22 15:08:33,072 DEBUG outstring="bytearray(b"\x05\xfe\xf6O\x8e\t\xf8\xcf\xb1\xed\'\xd6a\xab\xdeJ{\xa8\xcf\xfb\x9d\xa0\xe8\xf6\xbdo\xd7\xf7\x0e\x07m\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00")" [client.py:400]
2024-01-22 15:08:33,072 INFO received= [5, 254, 246, 79, 142, 9, 248, 207, 177, 237, 39, 214, 97, 171, 222, 74, 123, 168, 207, 251, 157, 160, 232, 246, 189, 111, 215, 247, 14, 7, 109, 12, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] [onlykey.py:179]
2024-01-22 15:08:33,073 INFO Received Public Key generated by OnlyKey= '05fef64f8e09f8cfb1ed27d661abde4a7ba8cffb9da0e8f6bd6fd7f70e076d0c' [onlykey.py:186]
2024-01-22 15:08:33,073 INFO vk= <nacl.signing.VerifyKey object at 0x7413a7ff0550> [onlykey.py:189]
2024-01-22 15:08:33,073 INFO disconnected from OnlyKey [onlykey.py:117]
2024-01-22 15:08:33,080 INFO IDENTITY(<libagent.device.interface.Identity object at 0x7413a7e14710>) [agent.py:219]
2024-01-22 15:08:33,080 DEBUG <- b'OK' [keyring.py:56]
2024-01-22 15:08:33,080 DEBUG -> b'HAVEKEY 730E9148060ECC322C420DB22A27FA666A2555FC CE8593BCFEABE21A9ABC269001CAD44F215BFB43' [keyring.py:74]
2024-01-22 15:08:33,080 DEBUG prefix byte: 0b10011000 [decode.py:244]
2024-01-22 15:08:33,080 DEBUG packet length: 51 [decode.py:264]
2024-01-22 15:08:33,080 DEBUG parsing elliptic curve key [decode.py:151]
2024-01-22 15:08:33,081 DEBUG mpi: 4005fef64f8e09f8cfb1ed27d661abde4a7ba8cffb9da0e8f6bd6fd7f70e076d0c (263 bits) [decode.py:159]
2024-01-22 15:08:33,081 DEBUG keygrip: 7461B3527634D34579301BE34CC8D600A9CE103A [decode.py:171]
2024-01-22 15:08:33,081 DEBUG key ID: 379F14BB02F9317F [decode.py:202]
2024-01-22 15:08:33,081 DEBUG packet "pubkey": {'type': 'pubkey', 'version': 4, 'created': 1624313645, 'algo': 22, 'curve_oid': b'+\x06\x01\x04\x01\xdaG\x0f\x01', 'keygrip': b'ta\xb3Rv4\xd3Ey0\x1b\xe3L\xc8\xd6\x00\xa9\xce\x10:', 'key_id': b'7\x9f\x14\xbb\x02\xf91\x7f', '_to_hash': b"\x99\x003\x04`\xd1\x0f-\x16\t+\x06\x01\x04\x01\xdaG\x0f\x01\x01\x07@\x05\xfe\xf6O\x8e\t\xf8\xcf\xb1\xed'\xd6a\xab\xdeJ{\xa8\xcf\xfb\x9d\xa0\xe8\xf6\xbdo\xd7\xf7\x0e\x07m\x0c", 'tag': 6} [decode.py:276]
2024-01-22 15:08:33,081 DEBUG prefix byte: 0b10110100 [decode.py:244]
2024-01-22 15:08:33,081 DEBUG packet length: 30 [decode.py:264]
2024-01-22 15:08:33,081 DEBUG packet "user_id": {'type': 'user_id', 'value': b'Fidel Ramos <[email protected]>', '_to_hash': b'\xb4\x00\x00\x00\x1eFidel Ramos <[email protected]>', 'tag': 13} [decode.py:276]
2024-01-22 15:08:33,081 DEBUG prefix byte: 0b10001000 [decode.py:244]
2024-01-22 15:08:33,081 DEBUG packet length: 128 [decode.py:264]
2024-01-22 15:08:33,081 DEBUG packet "signature": {'type': 'signature', 'version': 4, 'sig_type': 19, 'pubkey_alg': 22, 'hash_alg': 8, 'hashed_subpackets': [b'\x02`\xd1\x0f-', b'\x0b\t', b'\x1b\x03', b'\x15\x08\t\n', b'\x16\x02\x03\x01', b'\x17\x80', b'\x1e\x01'], '_to_hash': b'\x04\x13\x16\x08\x00\x1c\x05\x02`\xd1\x0f-\x02\x0b\t\x02\x1b\x03\x04\x15\x08\t\n\x04\x16\x02\x03\x01\x02\x17\x80\x02\x1e\x01\x04\xff\x00\x00\x00"', 'unhashed_subpackets': [b'\x107\x9f\x14\xbb\x02\xf91\x7f', b'\x1aTREZOR-GPG'], 'hash_prefix': b'#\xf3', 'sig': (49487020675558168455976742378010286982611748278761614396265927913833275252969, 86185844306781434473756547943313639698826430570072805387917735866760627971073), 'tag': 2} [decode.py:276]
2024-01-22 15:08:33,081 DEBUG prefix byte: 0b10111000 [decode.py:244]
2024-01-22 15:08:33,081 DEBUG packet length: 56 [decode.py:264]
2024-01-22 15:08:33,081 DEBUG parsing elliptic curve key [decode.py:151]
2024-01-22 15:08:33,081 DEBUG mpi: 40feeb5f8ef23cbe7b5e743d67cfce4d2ab69df5d6c34f7458c4226a0b5bc65371 (263 bits) [decode.py:159]
2024-01-22 15:08:33,081 DEBUG keygrip: 8C8958B242D5EDB51C906F0CA635438E47F083C7 [decode.py:171]
2024-01-22 15:08:33,081 DEBUG key ID: 6C01802DACD5DFC9 [decode.py:202]
2024-01-22 15:08:33,081 DEBUG packet "subkey": {'type': 'subkey', 'version': 4, 'created': 1624313645, 'algo': 18, 'curve_oid': b'+\x06\x01\x04\x01\x97U\x01\x05\x01', 'kdf': b'\x01\x08\x07', 'secret': b'', 'keygrip': b'\x8c\x89X\xb2B\xd5\xed\xb5\x1c\x90o\x0c\xa65C\x8eG\xf0\x83\xc7', 'key_id': b'l\x01\x80-\xac\xd5\xdf\xc9', '_to_hash': b'\x99\x008\x04`\xd1\x0f-\x12\n+\x06\x01\x04\x01\x97U\x01\x05\x01\x01\x07@\xfe\xeb_\x8e\xf2<\xbe{^t=g\xcf\xceM*\xb6\x9d\xf5\xd6\xc3OtX\xc4"j\x0b[\xc6Sq\x03\x01\x08\x07', 'tag': 14} [decode.py:276]
2024-01-22 15:08:33,081 DEBUG prefix byte: 0b10001000 [decode.py:244]
2024-01-22 15:08:33,081 DEBUG packet length: 108 [decode.py:264]
2024-01-22 15:08:33,081 DEBUG packet "signature": {'type': 'signature', 'version': 4, 'sig_type': 24, 'pubkey_alg': 22, 'hash_alg': 8, 'hashed_subpackets': [b'\x02`\xd1\x0f-', b'\x1b\x0c'], '_to_hash': b'\x04\x18\x16\x08\x00\t\x05\x02`\xd1\x0f-\x02\x1b\x0c\x04\xff\x00\x00\x00\x0f', 'unhashed_subpackets': [b'\x107\x9f\x14\xbb\x02\xf91\x7f', b'\x1aTREZOR-GPG'], 'hash_prefix': b'\xa7K', 'sig': (110269233080789961207798485680565071832176297775737271011570488088595892276376, 29538492519196014106797991245019042746105075539835183179621125888489577994), 'tag': 2} [decode.py:276]
2024-01-22 15:08:33,081 DEBUG prefix byte: 0b10011001 [decode.py:244]
2024-01-22 15:08:33,081 DEBUG packet length: 525 [decode.py:264]
2024-01-22 15:08:33,081 DEBUG parsing rsa key [decode.py:179]
[... CUT ...]
2024-01-22 15:08:33,143 DEBUG parsed identity: {'proto': 'gpg', 'user': None, 'host': '', 'port': None, 'path': None} [interface.py:30]
2024-01-22 15:08:33,268 DEBUG connected [client.py:246]
2024-01-22 15:08:33,269 DEBUG preparing payload for writing [client.py:298]
2024-01-22 15:08:33,269 DEBUG msg=OKSETTIME [client.py:304]
2024-01-22 15:08:33,269 DEBUG payload=[101, 174, 132, 241] [client.py:328]
2024-01-22 15:08:33,269 DEBUG sending message [client.py:341]
2024-01-22 15:08:33,279 DEBUG read="UNLOCKEDv2.1.2-prodc" [client.py:398]
2024-01-22 15:08:33,279 DEBUG outstring="bytearray(b'UNLOCKEDv2.1.2-prodc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')" [client.py:400]
2024-01-22 15:08:33,279 DEBUG Path to run-agent.sh = /home/fidel/.gnupg/onlykey/run-agent.sh [onlykey.py:77]
2024-01-22 15:08:33,279 DEBUG Setting skey slot = 132 [onlykey.py:58]
2024-01-22 15:08:33,279 DEBUG Setting dkey slot = 132 [onlykey.py:65]
2024-01-22 15:08:33,279 INFO Requesting public key from key slot =132 [onlykey.py:134]
2024-01-22 15:08:33,279 DEBUG identity parts: ['gpg://', 'CryptoTrust LLC <[email protected]>'] [interface.py:46]
2024-01-22 15:08:33,279 DEBUG "<gpg://CryptoTrust LLC <[email protected]>|rsa4096>" getting public key (rsa4096) from OnlyKey [onlykey.py:136]
2024-01-22 15:08:33,279 DEBUG identity parts: ['gpg://', 'CryptoTrust LLC <[email protected]>'] [interface.py:46]
2024-01-22 15:08:33,279 INFO Identity to hash =b'gpg://CryptoTrust LLC <[email protected]>' [onlykey.py:148]
2024-01-22 15:08:33,279 INFO Identity hash =f20136b31fb2dc2a0a0d62105ab13fd9e61c72847f00f618f5ddad0d058ad0bb [onlykey.py:152]
2024-01-22 15:08:33,279 DEBUG preparing payload for writing [client.py:298]
2024-01-22 15:08:33,279 DEBUG msg=OKGETPUBKEY [client.py:304]
2024-01-22 15:08:33,279 DEBUG slot_id=132 [client.py:309]
2024-01-22 15:08:33,280 DEBUG payload="f20136b31fb2dc2a0a0d62105ab13fd9e61c72847f00f618f5ddad0d058ad0bb" [client.py:322]
2024-01-22 15:08:33,280 DEBUG sending message [client.py:341]
2024-01-22 15:08:33,280 INFO curve name= 'rsa4096' [onlykey.py:168]
2024-01-22 15:08:33,380 DEBUG read="" [client.py:398]
2024-01-22 15:08:33,380 DEBUG outstring="bytearray(b'')" [client.py:400]
2024-01-22 15:08:33,480 DEBUG read="" [client.py:398]
2024-01-22 15:08:33,480 DEBUG outstring="bytearray(b'')" [client.py:400]
2024-01-22 15:08:33,581 DEBUG read="" [client.py:398]
2024-01-22 15:08:33,581 DEBUG outstring="bytearray(b'')" [client.py:400]
2024-01-22 15:08:33,681 DEBUG read="" [client.py:398]
2024-01-22 15:08:33,681 DEBUG outstring="bytearray(b'')" [client.py:400]
2024-01-22 15:08:33,781 DEBUG read="" [client.py:398]
2024-01-22 15:08:33,782 DEBUG outstring="bytearray(b'')" [client.py:400]
2024-01-22 15:08:33,882 DEBUG read="" [client.py:398]
2024-01-22 15:08:33,882 DEBUG outstring="bytearray(b'')" [client.py:400]
2024-01-22 15:08:33,982 DEBUG read="" [client.py:398]
2024-01-22 15:08:33,982 DEBUG outstring="bytearray(b'')" [client.py:400]
2024-01-22 15:08:34,083 DEBUG read="" [client.py:398]
2024-01-22 15:08:34,083 DEBUG outstring="bytearray(b'')" [client.py:400]
2024-01-22 15:08:34,183 DEBUG read="" [client.py:398]
2024-01-22 15:08:34,183 DEBUG outstring="bytearray(b'')" [client.py:400]
2024-01-22 15:08:34,283 DEBUG read="" [client.py:398]
2024-01-22 15:08:34,283 DEBUG outstring="bytearray(b'')" [client.py:400]
2024-01-22 15:08:34,384 DEBUG read="" [client.py:398]
2024-01-22 15:08:34,384 DEBUG outstring="bytearray(b'')" [client.py:400]
2024-01-22 15:08:34,484 DEBUG read="" [client.py:398]
2024-01-22 15:08:34,484 DEBUG outstring="bytearray(b'')" [client.py:400]
2024-01-22 15:08:34,585 DEBUG read="" [client.py:398]
2024-01-22 15:08:34,585 DEBUG outstring="bytearray(b'')" [client.py:400]
2024-01-22 15:08:34,685 DEBUG read="" [client.py:398]
2024-01-22 15:08:34,685 DEBUG outstring="bytearray(b'')" [client.py:400]
2024-01-22 15:08:34,785 DEBUG read="" [client.py:398]
2024-01-22 15:08:34,785 DEBUG outstring="bytearray(b'')" [client.py:400]
2024-01-22 15:08:34,785 INFO Received Public Key generated by OnlyKey= [] [onlykey.py:220]
2024-01-22 15:08:34,785 INFO 0 [onlykey.py:221]
2024-01-22 15:08:34,785 INFO disconnected from OnlyKey [onlykey.py:117]
2024-01-22 15:08:34,793 ERROR handler failed: Error response length is not a valid public key [__init__.py:318]
Traceback (most recent call last):
File "/home/fidel/.local/share/pipx/venvs/onlykey-agent/lib/python3.11/site-packages/libagent/gpg/__init__.py", line 310, in run_agent_internal
handler.handle(conn)
File "/home/fidel/.local/share/pipx/venvs/onlykey-agent/lib/python3.11/site-packages/libagent/gpg/agent.py", line 308, in handle
handler(conn, args)
File "/home/fidel/.local/share/pipx/venvs/onlykey-agent/lib/python3.11/site-packages/libagent/gpg/agent.py", line 125, in <lambda>
b'HAVEKEY': lambda conn, args: self.have_key(conn, *args),
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/fidel/.local/share/pipx/venvs/onlykey-agent/lib/python3.11/site-packages/libagent/gpg/agent.py", line 271, in have_key
self.get_identity(keygrip=keygrip)
File "/home/fidel/.local/share/pipx/venvs/onlykey-agent/lib/python3.11/site-packages/libagent/util.py", line 230, in wrapper
result = method(self, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/fidel/.local/share/pipx/venvs/onlykey-agent/lib/python3.11/site-packages/libagent/gpg/agent.py", line 211, in get_identity
verifying_key = self.client.pubkey(identity=identity, ecdh=False)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/fidel/.local/share/pipx/venvs/onlykey-agent/lib/python3.11/site-packages/libagent/gpg/client.py", line 28, in pubkey
return self.device.pubkey(ecdh=ecdh, identity=identity)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/fidel/.local/share/pipx/venvs/onlykey-agent/lib/python3.11/site-packages/libagent/device/onlykey.py", line 241, in pubkey
raise interface.DeviceError("Error response length is not a valid public key")
libagent.device.interface.DeviceError: Error response length is not a valid public key
onlykey-agent is working fine for SSH, as is the OnlyKey desktop and CLI apps.
This is with onlykey-gpg-agent version 1.1.15 and lib-agent version 1.0.6. Kubuntu was using onlykey-gpg-agent 1.1.14 and lib-agent 1.0.5, but after upgrading both it keeps working fine.
When you use onlykey-gpg-agent, the challenge codes are outputted to the terminal, which makes it inconvientent to alt-tab to another terminal to use GPG. It would help the UX if these codes were provided through a notifcation.
Hello Guys,
maybe this questions was already answered, but I could not find anything regarding custom ssh ports.
Most of my servers are configured with a custom SSH port, therefore onlykey-agent is not working as it always tried to connect via port 22. Is there anything I can do about that? Maybe some custom parameter? I could not find it in the help section.
Thanks and regards
dIELER
Python 2.7 has now reached EOL, this project should be updated to run on a recent Python 3 version ASAP. I'm going to work on it, please let me know if there is anything I should know before I dive in.
Does anybody know the status of Python 3 support for trezor-agent? Should I look at their code for porting fixes?
First I try to set derivedkeymode 1. With both the OnlyKey app and onlykey-cli I am reminder to enter config mode pressing 6 for 5 seconds. After I press 6 for 5 seconds the light turns off, and I need to enter my PIN again. After entering the PIN the light is blinking red.
Then I can change the derived key mode to 1 ("button press required"). I've tried this with both the OnlyKey app and onlykey-cli.
I read that the way to exit config mode is to remove the OnlyKey and insert it again. But I've found repeatedly that if I do so then derivedkeymode is again set to 0 (Challenge Code Required).
So with the light still blinking red, I try to generate the GPG key pair:
$ onlykey-gpg init "[email protected]" --verbose
2021-06-03 06:00:51,336 WARNING This GPG tool is still in EXPERIMENTAL mode, so please note that the API and features may change without backwards compatibility! [__init__.py:128]
2021-06-03 06:00:51,366 INFO device name: onlykey [__init__.py:136]
2021-06-03 06:00:51,367 INFO GPG home directory: /home/user/.gnupg/onlykey [__init__.py:141]
2021-06-03 06:00:51,381 WARNING NOTE: in order to re-generate the exact same GPG key later, run this command with "--time=0" commandline flag (to set the timestamp of the GPG key manually). [__init__.py:41]
2021-06-03 06:00:51,923 INFO Requesting public key from key slot =132 [onlykey.py:111]
2021-06-03 06:00:51,924 INFO Identity to hash =b'gpg://[email protected]' [onlykey.py:125]
2021-06-03 06:00:51,924 INFO Identity hash =9cd6f7bc1a8fd7d10742b6539e59967752512e67f85279d33e2d683122f12616 [onlykey.py:129]
2021-06-03 06:00:51,927 INFO curve name= 'ed25519' [onlykey.py:145]
2021-06-03 06:00:53,433 INFO received= [] [onlykey.py:156]
2021-06-03 06:00:53,434 INFO disconnected from OnlyKey [onlykey.py:94]
2021-06-03 06:00:53,972 INFO Requesting public key from key slot =132 [onlykey.py:111]
2021-06-03 06:00:53,973 INFO Identity to hash =b'gpg://[email protected]' [onlykey.py:125]
2021-06-03 06:00:53,974 INFO Identity hash =9cd6f7bc1a8fd7d10742b6539e59967752512e67f85279d33e2d683122f12616 [onlykey.py:129]
2021-06-03 06:00:53,977 INFO curve name= 'curve25519' [onlykey.py:145]
2021-06-03 06:00:54,454 INFO disconnected from OnlyKey [onlykey.py:94]
Traceback (most recent call last):
File "/home/user/.local/lib/python3.7/site-packages/libagent/device/onlykey.py", line 150, in pubkey
ok_pubkey = self.ok.read_bytes(timeout_ms=100)
File "/home/user/.local/lib/python3.7/site-packages/onlykey/client.py", line 336, in read_bytes
out = self._hid.read(n, timeout_ms=timeout_ms)
File "hid.pyx", line 122, in hid.device.read
OSError: read error
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/user/.local/bin/onlykey-gpg", line 10, in <module>
sys.exit(gpg_tool())
File "/home/user/.local/bin/onlykey_agent.py", line 6, in <lambda>
gpg_tool = lambda: libagent.gpg.main(DeviceType)
File "/home/user/.local/lib/python3.7/site-packages/libagent/gpg/__init__.py", line 375, in main
return args.func(device_type=device_type, args=args)
File "/home/user/.local/lib/python3.7/site-packages/libagent/gpg/__init__.py", line 207, in run_init
export_public_key(device_type, args))
File "/home/user/.local/lib/python3.7/site-packages/libagent/gpg/__init__.py", line 50, in export_public_key
decryption_key = c.pubkey(identity=identity, ecdh=True)
File "/home/user/.local/lib/python3.7/site-packages/libagent/gpg/client.py", line 29, in pubkey
pubkey = self.device.pubkey(ecdh=ecdh, identity=identity)
File "/home/user/.local/lib/python3.7/site-packages/libagent/device/onlykey.py", line 154, in pubkey
raise interface.DeviceError(e)
libagent.device.interface.DeviceError: read errorThere doesn't seem to be a workaround because, as said, if I remove the OnlyKey and insert it again, then I'm asked to enter a challenge code, and this will fail too:
$ onlykey-gpg init "[email protected]" --verbose
2021-06-03 06:17:41,339 WARNING This GPG tool is still in EXPERIMENTAL mode, so please note that the API and features may change without backwards compatibility! [__init__.py:128]
2021-06-03 06:17:41,345 INFO device name: onlykey [__init__.py:136]
2021-06-03 06:17:41,346 INFO GPG home directory: /home/user/.gnupg/onlykey [__init__.py:141]
2021-06-03 06:17:41,359 WARNING NOTE: in order to re-generate the exact same GPG key later, run this command with "--time=0" commandline flag (to set the timestamp of the GPG key manually). [__init__.py:41]
2021-06-03 06:17:41,439 INFO Requesting public key from key slot =132 [onlykey.py:111]
2021-06-03 06:17:41,440 INFO Identity to hash =b'gpg://[email protected]' [onlykey.py:125]
2021-06-03 06:17:41,441 INFO Identity hash =9cd6f7bc1a8fd7d10742b6539e59967752512e67f85279d33e2d683122f12616 [onlykey.py:129]
2021-06-03 06:17:41,444 INFO curve name= 'ed25519' [onlykey.py:145]
2021-06-03 06:17:41,761 INFO received= [200, 199, 61, 114, 163, 35, 19, 53, 56, 210, 183, 48, 218, 126, 254, 140, 27, 197, 236, 239, 130, 233, 192, 58, 128, 82, 254, 225, 38, 53, 255, 84, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] [onlykey.py:156]
2021-06-03 06:17:41,761 INFO Received Public Key generated by OnlyKey= 'c8c73d72a323133538d2b730da7efe8c1bc5ecef82e9c03a8052fee12635ff54' [onlykey.py:161]
2021-06-03 06:17:41,761 INFO vk= <nacl.signing.VerifyKey object at 0x76ce5947d860> [onlykey.py:164]
2021-06-03 06:17:41,762 INFO disconnected from OnlyKey [onlykey.py:94]
2021-06-03 06:17:41,827 INFO Requesting public key from key slot =132 [onlykey.py:111]
2021-06-03 06:17:41,828 INFO Identity to hash =b'gpg://[email protected]' [onlykey.py:125]
2021-06-03 06:17:41,828 INFO Identity hash =9cd6f7bc1a8fd7d10742b6539e59967752512e67f85279d33e2d683122f12616 [onlykey.py:129]
2021-06-03 06:17:41,832 INFO curve name= 'curve25519' [onlykey.py:145]
2021-06-03 06:17:43,338 INFO received= [] [onlykey.py:156]
2021-06-03 06:17:43,339 INFO disconnected from OnlyKey [onlykey.py:94]
2021-06-03 06:17:43,343 INFO creating new ed25519 GPG primary key for "[email protected]" [__init__.py:73]
2021-06-03 06:17:43,345 INFO please confirm GPG signature on OnlyKey for "<gpg://[email protected]|ed25519>"... [client.py:40]
2021-06-03 06:17:43,372 INFO Identity to hash =b'gpg://[email protected]' [onlykey.py:243]
2021-06-03 06:17:43,372 INFO Identity hash =b'\x9c\xd6\xf7\xbc\x1a\x8f\xd7\xd1\x07B\xb6S\x9eY\x96wRQ.g\xf8Ry\xd3>-h1"\xf1&\x16' [onlykey.py:244]
2021-06-03 06:17:43,372 INFO Key type ed25519 [onlykey.py:251]
2021-06-03 06:17:43,372 INFO Key Slot =201 [onlykey.py:275]
Enter the 3 digit challenge code on OnlyKey to authorize <gpg://example@example.com|ed25519>
2 1 4
2021-06-03 06:17:46,213 INFO received= [92, 164, 40, 87, 37, 126, 64, 146, 177, 95, 244, 44, 242, 75, 23, 127, 237, 239, 211, 158, 25, 40, 147, 157, 198, 226, 101, 18, 70, 66, 150, 90, 188, 21, 238, 198, 202, 167, 224, 222, 4, 130, 142, 110, 54, 183, 65, 73, 233, 18, 157, 159, 101, 112, 202, 126, 145, 68, 217, 63, 125, 110, 172, 9] [onlykey.py:291]
2021-06-03 06:17:46,213 INFO disconnected from OnlyKey [onlykey.py:294]
2021-06-03 06:17:46,216 INFO disconnected from OnlyKey [onlykey.py:94]
Traceback (most recent call last):
File "/home/user/.local/bin/onlykey-gpg", line 10, in <module>
sys.exit(gpg_tool())
File "/home/user/.local/bin/onlykey_agent.py", line 6, in <lambda>
gpg_tool = lambda: libagent.gpg.main(DeviceType)
File "/home/user/.local/lib/python3.7/site-packages/libagent/gpg/__init__.py", line 375, in main
return args.func(device_type=device_type, args=args)
File "/home/user/.local/lib/python3.7/site-packages/libagent/gpg/__init__.py", line 207, in run_init
export_public_key(device_type, args))
File "/home/user/.local/lib/python3.7/site-packages/libagent/gpg/__init__.py", line 88, in export_public_key
signer_func=signer_func)
File "/home/user/.local/lib/python3.7/site-packages/libagent/gpg/encode.py", line 54, in create_subkey
blob=(subkey.data() + secret_bytes))
File "/home/user/.local/lib/python3.7/site-packages/libagent/gpg/protocol.py", line 221, in data
blob = self.curve_info['serialize'](self.verifying_key)
File "/home/user/.local/lib/python3.7/site-packages/libagent/gpg/protocol.py", line 96, in _serialize_ed25519
util.bytes2num(vk.encode(encoder=nacl.encoding.RawEncoder)))
AttributeError: 'NoneType' object has no attribute 'encode'My main reason for buying an OnlyKey was generating GPG keys in a trusted way :-(
Hey guys,
When changing my git private key to one generated by onlykey I became stuck with the following error message when executing onlykey-agent -v myGithubIdentity git push
2020-05-27 10:53:32,244 INFO getting public key from OnlyKey... [client.py:54]
2020-05-27 10:53:32,244 INFO Trying to read the public key... [client.py:55]
2020-05-27 10:53:32,245 INFO Identity hash ='<long string consisting of mostly \xXX sequences>' [client.py:67]
2020-05-27 10:53:32,747 INFO received= '<long string consisting of mostly \xXX sequences>' [client.py:75]
2020-05-27 10:53:32,748 INFO Received Public Key generated by OnlyKey= '<long string consisting of mostly \xXX sequences>' [client.py:84]
2020-05-27 10:53:32,749 INFO using SSH public key: <Same public key as listed on github.com> [__main__.py:109]
2020-05-27 10:53:32,753 INFO running ['git', 'push'] with {'SSH_AUTH_SOCK': '/tmp/ssh-agent-2bAQGO', 'SSH_AGENT_PID': '10158'} [server.py:140]
2020-05-27 10:53:33,190 ERROR failed to connect [client.py:192]
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/onlykey/client.py", line 184, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
2020-05-27 10:53:34,700 ERROR failed to connect [client.py:192]
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/onlykey/client.py", line 184, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
2020-05-27 10:53:36,209 ERROR failed to connect [client.py:192]
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/onlykey/client.py", line 184, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
2020-05-27 10:53:37,717 ERROR failed to connect [client.py:192]
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/onlykey/client.py", line 184, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
2020-05-27 10:53:39,227 ERROR failed to connect [client.py:192]
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/onlykey/client.py", line 184, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
Traceback (most recent call last):
File "/usr/local/bin/onlykey-agent", line 8, in <module>
sys.exit(run_agent())
File "/usr/local/lib/python2.7/dist-packages/onlykey_agent/__main__.py", line 123, in wrapper
return func(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/onlykey_agent/__main__.py", line 136, in run_agent
with client_factory(curve=args.ecdsa_curve_name) as conn:
File "/usr/local/lib/python2.7/dist-packages/onlykey_agent/client.py", line 28, in __init__
self.ok = OnlyKey()
File "/usr/local/lib/python2.7/dist-packages/onlykey/client.py", line 167, in __init__
raise e
onlykey.client.OnlyKeyUnavailableException
2020-05-27 10:53:40,782 INFO disconnected from OnlyKey [client.py:41]
The strange thing is that when I execute ssh instead of git it works as expected:
$ onlykey-agent -v 192.168.10.51 ssh 192.168.10.51
2020-05-27 10:48:05,362 INFO getting public key from OnlyKey... [client.py:54]
2020-05-27 10:48:05,363 INFO Trying to read the public key... [client.py:55]
2020-05-27 10:48:05,364 INFO Identity hash ='<long string consisting of mostly \xXX sequences>' [client.py:67]
2020-05-27 10:48:05,867 INFO received= '<long string consisting of mostly \xXX sequences>' [client.py:75]
2020-05-27 10:48:05,868 INFO Received Public Key generated by OnlyKey= '<long string consisting of mostly \xXX sequences>' [client.py:84]
2020-05-27 10:48:05,869 INFO using SSH public key: <correct public key> [__main__.py:109]
2020-05-27 10:48:05,876 INFO running ['ssh', '192.168.10.51'] with {'SSH_AUTH_SOCK': '/tmp/ssh-agent-FFHh36', 'SSH_AGENT_PID': '9803'} [server.py:140]
2020-05-27 10:48:06,031 INFO please confirm user "quinten" login to "192.168.10.51" using OnlyKey [client.py:100]
Traceback (most recent call last):
File "/usr/lib/python2.7/logging/__init__.py", line 868, in emit
msg = self.format(record)
File "/usr/lib/python2.7/logging/__init__.py", line 741, in format
return fmt.format(record)
File "/usr/lib/python2.7/logging/__init__.py", line 465, in format
record.message = record.getMessage()
File "/usr/lib/python2.7/logging/__init__.py", line 329, in getMessage
msg = msg % self.args
TypeError: not all arguments converted during string formatting
Logged from file client.py, line 123
2020-05-27 10:48:06,034 INFO Key type P256 [client.py:135]
Please confirm user quinten login to 192.168.10.51 using OnlyKey
Enter the 3 digit challenge code shown below on OnlyKey to authenticate
X X X
2020-05-27 10:48:09,442 INFO received= '<long string consisting of mostly \xXX sequences>' [client.py:149]
2020-05-27 10:48:09,443 INFO disconnected from OnlyKey [client.py:152]
2020-05-27 10:48:09,462 INFO signature status: OK [protocol.py:152]
Welcome to Ubuntu 18.04.4 LTS (GNU/Linux 4.15.0-101-generic x86_64)
I have set my udev rules to use USER and GROUP instead of mode, this does not seem to be the issue however because changing it back to MODE="666" did not change the behaviour.
firmware version of my onlykey: Firmware v0.2-beta.8c (The one it shipped with)
Let me know if I can help by supplying additional information.
Thanks for the help in advance!
After executing onlykey-gpg init "Name <email>"
The prompt for the 3 digit challenge code appears, but after pressing the first digit, I am being asked for a second, different challenge code. Typing the second digit causes the error below. None of the two codes are accepted, it always crashes after the second digit.
OnlyKey v2.1.2-prodc
onlykey-agent=1.1.13
lib-agent=1.0.4
$ rm .gnupg/onlykey -rf; onlykey-gpg init "Name <email>"
Enter the 3 digit challenge code on OnlyKey to authorize <gpg://Name <email>|ed25519>
3 6 3
Enter the 3 digit challenge code on OnlyKey to authorize <gpg://Name <email>|ed25519>
1 1 3
gpg: inserting ownertrust of 6
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: error reading key: No secret key
Traceback (most recent call last):
File "/nix/store/4xdxhkmadnxspak0c8lhcqfc2ngx65l1-onlykey-agent-1.1.13/bin/.onlykey-gpg-wrapped", line 9, in <module>
sys.exit(gpg_tool())
File "/nix/store/4xdxhkmadnxspak0c8lhcqfc2ngx65l1-onlykey-agent-1.1.13/lib/python3.9/site-packages/onlykey_agent/__init__.py", line 6, in <lambda>
gpg_tool = lambda: libagent.gpg.main(DeviceType)
File "/nix/store/1kswc7h6ns4658pkymcfp0j8ss11wanb-python3.9-libagent-1.0.4/lib/python3.9/site-packages/libagent/gpg/__init__.py", line 392, in main
return args.func(device_type=device_type, args=args)
File "/nix/store/1kswc7h6ns4658pkymcfp0j8ss11wanb-python3.9-libagent-1.0.4/lib/python3.9/site-packages/libagent/gpg/__init__.py", line 226, in run_init
check_call(keyring.gpg_command(['--homedir', homedir,
File "/nix/store/1kswc7h6ns4658pkymcfp0j8ss11wanb-python3.9-libagent-1.0.4/lib/python3.9/site-packages/libagent/gpg/__init__.py", line 114, in check_call
subprocess.check_call(args=args, stdin=stdin, env=env)
File "/nix/store/j652sgyb3137c19v5vy5ziaarw5k5bf6-python3-3.9.15/lib/python3.9/subprocess.py", line 373, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['/nix/store/1zxblwdng71wsl4lwwpl5gm1k533c1pi-gnupg-2.3.6/bin/gpg', '--homedir', '/home/username/.gnupg/onlykey', '--list-secret-keys', 'Name <email>']' returned non-zero exit status 2.
There is a recent workaround published for enabling USB passthrough to WSL using usbipd-win as outlined here: https://devblogs.microsoft.com/commandline/connecting-usb-devices-to-wsl/
using usbipd-win 1.2.0 I was able to connect my onlykey to WSL2. Doing lsusb from within WSL lists the onlykey as a device. However, when I attempt to connect to it using the onlykey-agent I get connection errors as demonstrated below:
onlykey-agent [email protected] > ~/.ssh/github.pub
2021-12-19 09:45:27,574 ERROR failed to connect
[client.py:203]
Traceback (most recent call last):
File "/usr/local/lib/python3.8/dist-packages/onlykey/client.py", line 194, in _connect
self._hid.open_path(self.path)
File "hid.pyx", line 125, in hid.device.open_path
OSError: open failed
2021-12-19 09:45:29,127 ERROR failed to connect
[client.py:203]
Traceback (most recent call last):
File "/usr/local/lib/python3.8/dist-packages/onlykey/client.py", line 194, in _connect
self._hid.open_path(self.path)
File "hid.pyx", line 125, in hid.device.open_path
OSError: open failed
2021-12-19 09:45:30,652 ERROR failed to connect
[client.py:203]
Traceback (most recent call last):
File "/usr/local/lib/python3.8/dist-packages/onlykey/client.py", line 194, in _connect
self._hid.open_path(self.path)
File "hid.pyx", line 125, in hid.device.open_path
OSError: open failed
2021-12-19 09:45:32,172 ERROR failed to connect
[client.py:203]
Traceback (most recent call last):
File "/usr/local/lib/python3.8/dist-packages/onlykey/client.py", line 194, in _connect
self._hid.open_path(self.path)
File "hid.pyx", line 125, in hid.device.open_path
OSError: open failed
2021-12-19 09:45:33,728 ERROR failed to connect
[client.py:203]
Traceback (most recent call last):
File "/usr/local/lib/python3.8/dist-packages/onlykey/client.py", line 194, in _connect
self._hid.open_path(self.path)
File "hid.pyx", line 125, in hid.device.open_path
OSError: open failed
2021-12-19 09:45:35,230 ERROR Connection error (try unplugging and replugging your device): {} not connected: "{}" [__init__.py:187]
hi guys, i am trying to get things running but i am stuck at this point:
what am i missing?
onlykey-agent -sk 106 -c [email protected]
Traceback (most recent call last):
File "/usr/local/bin/onlykey-agent", line 33, in
sys.exit(load_entry_point('onlykey-agent==1.1.10', 'console_scripts', 'onlykey-agent')())
File "/usr/local/lib/python3.8/dist-packages/onlykey_agent-1.1.10-py3.8.egg/EGG-INFO/scripts/onlykey_agent.py", line 5, in
File "/usr/local/lib/python3.8/dist-packages/libagent/ssh/init.py", line 173, in wrapper
return func(*args, **kwargs)
File "/usr/local/lib/python3.8/dist-packages/libagent/ssh/init.py", line 256, in main
args = create_agent_parser(device_type=device_type).parse_args()
File "/usr/local/lib/python3.8/dist-packages/libagent/ssh/init.py", line 76, in create_agent_parser
resources = [resources_map[agent_package], resources_map['libagent']]
KeyError: 'libagent'
Lines 35 to 39 in 8b60cd0
onlykey-agent/onlykey_agent.py
Line 1 in 8b60cd0
onlykey-agent/onlykey_agent.py
Lines 6 to 7 in 8b60cd0
Installed with pip bundled with Python choco package
C:\Users\user>onlykey-agent -vvv -c [email protected]
Traceback (most recent call last):
File "C:\Python38\Scripts\onlykey-agent-script.py", line 11, in <module>
load_entry_point('onlykey-agent==0.0.4', 'console_scripts', 'onlykey-agent')()
File "c:\python38\lib\site-packages\pkg_resources\__init__.py", line 489, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "c:\python38\lib\site-packages\pkg_resources\__init__.py", line 2852, in load_entry_point
return ep.load()
File "c:\python38\lib\site-packages\pkg_resources\__init__.py", line 2443, in load
return self.resolve()
File "c:\python38\lib\site-packages\pkg_resources\__init__.py", line 2449, in resolve
module = __import__(self.module_name, fromlist=['__name__'], level=0)
File "c:\python38\lib\site-packages\onlykey_agent\__main__.py", line 10, in <module>
from . import client, formats, protocol, server
File "c:\python38\lib\site-packages\onlykey_agent\client.py", line 49
print 'identity', identity
^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print('identity', identity)?
This happens when I try to do something like onlykey-agent [email protected]
Traceback (most recent call last):
File "/home/alien/.local/bin/onlykey-agent", line 10, in <module>
sys.exit(run_agent())
File "/home/alien/.local/lib/python2.7/site-packages/onlykey_agent/__main__.py", line 123, in wrapper
return func(*args, **kwargs)
File "/home/alien/.local/lib/python2.7/site-packages/onlykey_agent/__main__.py", line 140, in run_agent
public_key = conn.get_public_key(label=label)
File "/home/alien/.local/lib/python2.7/site-packages/onlykey_agent/client.py", line 85, in get_public_key
vk = ecdsa.VerifyingKey.from_string(ok_pubkey, curve=ecdsa.NIST256p)
File "/home/alien/.local/lib/python2.7/site-packages/ecdsa/keys.py", line 46, in from_string
curve.verifying_key_length, len(string)))
ecdsa.keys.MalformedPointError: Malformed encoding of public point. Expected string 64 bytes long, received 0 bytes long string
there are still some old servers only support rsa keys, so could be support rsa keys on the onlykey as ssh auth key?
Hi Guys!
Recently I got to know about OnlyKey device as I was looking for a security device to help with my private keys' management and, after knowing better the product, I was impressed with the feature-richness of the product so now I'm really considering to buy a pair of them.
Some of the tasks I plan to do with this device are related to software development and although I could find the integration guide to secure GitHub and GitLab accounts with OnlyKey through the FIDO U2F protocol, I couldn't find any documentation related to using OnlyKey to authenticate with GitHub repositories through SSH Keys (although I believe this currently works) nor related to signing work on Git (tags / commits) through PGP keys.
Could you please confirm if these tasks are feasible on the current software version (app, firmware, ssh/pgp-agent...) or, at least, are they planned for future releases?
Thanks for the help and keep doing this great work!
Hi,
when i try to connect to my few ssh server, i cannot connect, it gave me the following error:
2022-03-03 19:13:44,349 WARNING error: 27 [server.py:100]
Traceback (most recent call last):
File "/home/pino/.local/pipx/venvs/onlykey-agent/lib/python3.10/site-packages/libagent/server.py", line 95, in handle_connection
reply = handler.handle(msg=msg)
File "/home/pino/.local/pipx/venvs/onlykey-agent/lib/python3.10/site-packages/libagent/ssh/protocol.py", line 98, in handle
log.warning('Unsupported command: %s (%d)', msg_name(code), code)
File "/home/pino/.local/pipx/venvs/onlykey-agent/lib/python3.10/site-packages/libagent/ssh/protocol.py", line 54, in msg_name
return ids[code]
KeyError: 27
Load key "/tmp/trezor-ssh-pubkey-hvfjd9s2": invalid format
Recently manjaro and arch have upgrade python to version 3.10, but onlykey-agent works, yesterday with a new major update it doesn't work nomore.
I have tried with linux mint (python 3.8) and it works.
I have upgrade the firmware and the app to the latest version, and i have two onlykeys and both throw the same error.
Thanks
Hello, I just bought my Onlykey and wanted to start on MacOS Catalina, but it does not seem to work as expected.
On my Ubuntu maschine everything works fine.
I installed the Onlykey app and configured my key on MacOS. I am able to unlock it and assign keys or whatever.
But I wanted to give onlykey-agent a try to secure my SSH keys.
Following https://docs.crp.to/onlykey-agent.html, I installed onlykey and onlykey-agent via pip.
Versions: onlykey-1.1.0, onlykey-agent-1.0.0
Collecting onlykey
Collecting onlykey-agent
Downloading https://files.pythonhosted.org/packages/2a/a5/2f2ec09cd3132885647a00eada5384cd55f1bfdb7d0ef483f765bb3a66dc/onlykey_agent-1.0.0-py2-none-any.whl
Requirement already satisfied: ecdsa>=0.13 in /Library/Python/2.7/site-packages (from onlykey) (0.14.1)
Requirement already satisfied: hidapi in /Library/Python/2.7/site-packages (from onlykey) (0.7.99.post21)
Requirement already satisfied: Cython>=0.23.4 in /Library/Python/2.7/site-packages (from onlykey) (0.29.14)
Requirement already satisfied: aenum in /Library/Python/2.7/site-packages (from onlykey) (2.2.3)
Requirement already satisfied: ed25519>=1.4 in /Library/Python/2.7/site-packages (from onlykey) (1.5)
Requirement already satisfied: prompt-toolkit>=2 in /Library/Python/2.7/site-packages (from onlykey) (2.0.10)
Requirement already satisfied: six in /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python (from onlykey) (1.12.0)
Requirement already satisfied: protobuf>=2.6.1 in /Library/Python/2.7/site-packages (from onlykey-agent) (3.11.0)
Requirement already satisfied: semver>=2.2 in /Library/Python/2.7/site-packages (from onlykey-agent) (2.9.0)
Requirement already satisfied: setuptools>=19.0 in /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python (from hidapi->onlykey) (41.0.1)
Requirement already satisfied: wcwidth in /Library/Python/2.7/site-packages (from prompt-toolkit>=2->onlykey) (0.1.7)
Installing collected packages: onlykey, onlykey-agent
Successfully installed onlykey-1.1.0 onlykey-agent-1.0.0
onlykey-agent test
2019-12-01 14:55:47,440 ERROR failed to connect [client.py:192]
Traceback (most recent call last):
File "/Library/Python/2.7/site-packages/onlykey/client.py", line 184, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
2019-12-01 14:55:48,955 ERROR failed to connect [client.py:192]
Traceback (most recent call last):
File "/Library/Python/2.7/site-packages/onlykey/client.py", line 184, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
2019-12-01 14:55:50,467 ERROR failed to connect [client.py:192]
Traceback (most recent call last):
File "/Library/Python/2.7/site-packages/onlykey/client.py", line 184, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
2019-12-01 14:55:51,978 ERROR failed to connect [client.py:192]
Traceback (most recent call last):
File "/Library/Python/2.7/site-packages/onlykey/client.py", line 184, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
2019-12-01 14:55:53,489 ERROR failed to connect [client.py:192]
Traceback (most recent call last):
File "/Library/Python/2.7/site-packages/onlykey/client.py", line 184, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
Traceback (most recent call last):
File "/usr/local/bin/onlykey-agent", line 10, in <module>
sys.exit(run_agent())
File "/Library/Python/2.7/site-packages/onlykey_agent/__main__.py", line 123, in wrapper
return func(*args, **kwargs)
File "/Library/Python/2.7/site-packages/onlykey_agent/__main__.py", line 136, in run_agent
with client_factory(curve=args.ecdsa_curve_name) as conn:
File "/Library/Python/2.7/site-packages/onlykey_agent/client.py", line 28, in __init__
self.ok = OnlyKey()
File "/Library/Python/2.7/site-packages/onlykey/client.py", line 167, in __init__
raise e
onlykey.client.OnlyKeyUnavailableExceptiononlykey-cli
No handlers could be found for logger "onlykey.client"
Traceback (most recent call last):
File "/usr/local/bin/onlykey-cli", line 6, in <module>
from onlykey.cli import main
File "/Library/Python/2.7/site-packages/onlykey/cli.py", line 20, in <module>
only_key = OnlyKey()
File "/Library/Python/2.7/site-packages/onlykey/client.py", line 167, in __init__
raise e
onlykey.client.OnlyKeyUnavailableExceptionAm I missing something? I have my key plugged in and unlocked.
Thanks and regards
dIELER
I see theres this from a PR awhile back, #8 which sounds like what I want.
My use case is that I use a jumpbox to ssh into various machines that I dont expose to public web like so ssh -J [email protected] [email protected]. I have a script that will sync my public key(s) on the jumpbox to every host that can be connected from it. but here lies my issue currently only-key generates a unique public key depending on the hostname which isn't want because that means I would have to deal generating 100's of public keys for every host not to mention it really doesn't do me any good cause Ill just upload every public key to every host anyways. Now with the latest version of ssh I can use the new *-sk keys which is preferred if its available but not every host has the latest version of openssh. But I am quite excited because I saw in the the release notes "Improved OnlyKey Agent SSH support - OnlyKey SSH agent now supports both derived keys and stored keys for users who wish to use a single key to log into multiple servers" but I guess I'm a little green when it comes to how these keys work because the guide kinda chalked it all up under advanced, and I was lost. So I guess my question is do I even need that PR if I can just load a key and then those dont derive new keys for each host?
Does the flow look like this
create a X25519 pgp key (or can I load a open ssh ed25519 key?).
Load key into a slot. whats the difference between Keys->OpenPGP Private Key and Advanced->Add Private Key?
then once its in a slot I can do something like onlykey-agent [email protected] -sk 102 and then take that public key and distribute it to all my servers?
I would be more then happy todo contribute a guide to the docs detailing this use case and even include ssh agent forwarding as I'm sure i'm not the only one who uses a jump-box but some pointers about how I can accomplish this would be greatly appreciated.
On a side note 10/10 product can't wait for the new models!
Trying to use onlykey-agent with ansible to manage multiple hosts in parallel or even serialy :
the agent requires pin chalenge for each host, thus making mass ssh impossible.
I suggess to add a feature to "unlock the ssh key" until a command has ended :
onlykey-agent identity@host --unlock-until-finished -- ansible-playbook play.yml
Enter the 3 digit challenge code on OnlyKey to authorize identity@host
..
ansible runs via ssh on host1
ansible runs via ssh on host2
...
basically this means having to enter the challenge once per command, not per host.
Hi,
when i perform a connection with only-key agent a 2 minutes delay occurs before it ask me to do the challenge.
I'm on an update manjaro.
The verbose loggin is the following:
2022-11-06 11:55:40,928 DEBUG Setting skey slot = 132 [onlykey.py:58]
2022-11-06 11:55:40,928 DEBUG parsed identity: {'proto': None, 'user': 'ocean', 'host': '10.1.1.250', 'port': '22222', 'path': None} [interface.py:30]
2022-11-06 11:55:40,928 DEBUG identity parts: ['ssh://', 'ocean@', '10.1.1.250', ':22222'] [interface.py:46]
2022-11-06 11:55:40,928 INFO identity #0: ssh://[email protected]:22222|ed25519 [init.py:287]
2022-11-06 11:56:04,083 DEBUG connected [client.py:246]
2022-11-06 11:56:04,083 DEBUG preparing payload for writing [client.py:298]
2022-11-06 11:56:04,083 DEBUG msg=OKSETTIME [client.py:304]
2022-11-06 11:56:04,083 DEBUG payload=[99, 103, 146, 196] [client.py:328]
2022-11-06 11:56:04,083 DEBUG sending message [client.py:341]
2022-11-06 11:56:04,104 DEBUG read="UNLOCKEDv2.1.2-prodc" [client.py:398]
2022-11-06 11:56:04,104 DEBUG outstring="bytearray(b'UNLOCKEDv2.1.2-prodc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')" [client.py:400]
2022-11-06 11:56:04,104 INFO Requesting public key from key slot =132 [onlykey.py:134]
2022-11-06 11:56:04,105 DEBUG identity parts: ['ssh://', 'ocean@', '10.1.1.250', ':22222'] [interface.py:46]
2022-11-06 11:56:04,105 DEBUG "ssh://[email protected]:22222|ed25519" getting public key (ed25519) from OnlyKey [onlykey.py:136]
2022-11-06 11:56:04,105 INFO Identity to hash =b'[email protected]' [onlykey.py:148]
2022-11-06 11:56:04,105 INFO Identity hash =5a63b52fd28b9e62f8a7331f613ee547d4105418e4a1adb81d1ba65bac06345e [onlykey.py:152]
2022-11-06 11:56:04,105 DEBUG preparing payload for writing [client.py:298]
2022-11-06 11:56:04,105 DEBUG msg=OKGETPUBKEY [client.py:304]
2022-11-06 11:56:04,105 DEBUG slot_id=132 [client.py:309]
2022-11-06 11:56:04,105 DEBUG payload="015a63b52fd28b9e62f8a7331f613ee547d4105418e4a1adb80d1bc65bac06345e" [client.py:322]
2022-11-06 11:56:04,105 DEBUG sending message [client.py:341]
2022-11-06 11:56:04,105 INFO curve name= 'ed25519' [onlykey.py:168]
2022-11-06 11:56:04,206 DEBUG read="" [client.py:398]
2022-11-06 11:56:04,206 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:04,306 DEBUG read="" [client.py:398]
2022-11-06 11:56:04,306 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:04,406 DEBUG read="" [client.py:398]
2022-11-06 11:56:04,406 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:04,431 DEBUG read="%vÝ!w�Å��É+ÊfåwhþL£úùú¢c+VeÅ" [client.py:398]c+\x04Ve\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')" [client.py:400]
2022-11-06 11:56:04,431 DEBUG outstring="bytearray(b'%v\xdd!w\x85\xc5\x9c\x8a\xc9+\xcaf\xe5wh\xfeL\xa3\xfa\xf9\xfa\xa2\x1e\x1a
2022-11-06 11:56:04,431 INFO received= [37, 118, 221, 33, 119, 133, 197, 156, 138, 201, 43, 202, 102, 229, 119, 104, 254, 76, 163, 250, 249, 250, 162, 30, 26, 126, 99, 43, 4, 86, 101, 197, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] [onlykey.py:179]
2022-11-06 11:56:04,432 INFO Received Public Key generated by OnlyKey= '2576dd217785c59c8ac92bca66e57768fe4ca3faf9fbb21e1a7e632b045665c5' [onlykey.py:186]
2022-11-06 11:56:04,432 INFO vk= <nacl.signing.VerifyKey object at 0x7fb7c3705c90> [onlykey.py:189]
2022-11-06 11:56:04,432 DEBUG identity parts: ['ssh://', 'ocean@', '10.1.1.250', ':22222'] [interface.py:46]
2022-11-06 11:56:04,432 DEBUG fingerprint: f9:31:c9:6e:58:e9:1a:7a:da:3a:a9:cb:b2:71:d9:31 [formats.py:253]
2022-11-06 11:56:04,432 INFO disconnected from OnlyKey [onlykey.py:117]
2022-11-06 11:56:04,453 DEBUG local SSH version: b'OpenSSH_9.1p1, OpenSSL 1.1.1q 5 Jul 2022\n' [init.py:144]
2022-11-06 11:56:04,453 DEBUG serving on /tmp/trezor-ssh-agent-xkohpmlm [server.py:30]
2022-11-06 11:56:04,454 DEBUG server thread started [server.py:121]
2022-11-06 11:56:04,454 INFO running ['ssh', '-p', '22222', '-l', 'ocean', '-o', 'IdentityFile=/tmp/trezor-ssh-pubkey-mguzfc2h', '-o', 'IdentitiesOnly=true', '10.1.1.250'] with {'SSH_AUTH_SOCK': '/tmp/trezor-ssh-agent-xkohpmlm', 'SSH_AGENT_PID': '198003'} [server.py:156]
2022-11-06 11:56:04,454 DEBUG waiting for connection on /tmp/trezor-ssh-agent-xkohpmlm [server.py:129]
2022-11-06 11:56:04,455 DEBUG subprocess 198017 is running [server.py:163]
2022-11-06 11:56:04,482 DEBUG welcome agent [server.py:90]
2022-11-06 11:56:04,482 DEBUG waiting for connection on /tmp/trezor-ssh-agent-xkohpmlm [server.py:129]
2022-11-06 11:56:04,482 DEBUG request: 208 bytes [protocol.py:97]
2022-11-06 11:56:04,482 DEBUG calling _unsupported_extension() [protocol.py:105]
2022-11-06 11:56:04,482 DEBUG reply: 5 bytes [protocol.py:108]
2022-11-06 11:56:04,482 DEBUG request: 1 bytes [protocol.py:97]
2022-11-06 11:56:04,482 DEBUG calling list_pubs() [protocol.py:105]
2022-11-06 11:56:04,482 DEBUG loading SSH public key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICV23SF2hcWciskrydfld2j+TKP6+fqiHhp+YyswemXF ssh://[email protected]:22222|ed25519\n' [formats.py:260]
2022-11-06 11:56:04,482 DEBUG key type: b'ssh-ed25519' [formats.py:68]
2022-11-06 11:56:04,483 DEBUG loaded ssh-ed25519 public key: f9:31:c9:6e:58:e9:1a:7a:da:3a:a9:cb:b2:71:d9:31 [formats.py:266]
2022-11-06 11:56:04,483 DEBUG available keys: [b'ssh://[email protected]:22222|ed25519'] [protocol.py:117]
2022-11-06 11:56:04,483 DEBUG 1) f9:31:c9:6e:58:e9:1a:7a:da:3a:a9:cb:b2:71:d9:31 [protocol.py:119]
2022-11-06 11:56:04,483 DEBUG reply: 107 bytes [protocol.py:108]
2022-11-06 11:56:04,539 DEBUG request: 213 bytes [protocol.py:97]
2022-11-06 11:56:04,539 DEBUG calling sign_message() [protocol.py:105]
2022-11-06 11:56:04,539 DEBUG key type: b'ssh-ed25519' [formats.py:68]
2022-11-06 11:56:04,539 DEBUG looking for f9:31:c9:6e:58:e9:1a:7a:da:3a:a9:cb:b2:71:d9:31 [protocol.py:131]
2022-11-06 11:56:04,539 DEBUG loading SSH public key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICV23SF2hcWciskrydfld2j+TKP6+fqiHhp+YyswemXF ssh://[email protected]:22222|ed25519\n' [formats.py:260]
2022-11-06 11:56:04,539 DEBUG key type: b'ssh-ed25519' [formats.py:68]
2022-11-06 11:56:04,539 DEBUG loaded ssh-ed25519 public key: f9:31:c9:6e:58:e9:1a:7a:da:3a:a9:cb:b2:71:d9:31 [formats.py:266]
2022-11-06 11:56:04,539 DEBUG using key b'ssh://[email protected]:22222|ed25519' (f9:31:c9:6e:58:e9:1a:7a:da:3a:a9:cb:b2:71:d9:31) [protocol.py:139]
2022-11-06 11:56:04,539 DEBUG signing 149-byte blob with "ssh://[email protected]:22222|ed25519" key [protocol.py:146]
2022-11-06 11:56:04,539 DEBUG blob: b'\x00\x00\x00 o};\xc4\xfd\x92\xb2\x93\xdb\xe5\xed\x8b\x03\xd5>\x93\xce\xeb\xc5\xad\x16\xcac\xef6\x0b\xd7\xfes\x91Z\xba2\x00\x00\x00\x06ocean\x00\x00\x00\x0essh-connection\x00\x00\x00\tpublickey\x01\x00\x00\x00\x0bssh-ed25519\x00\x00\x003\x00\x00\x00\x0bssh-ed25519\x00\x00\x00 %v\xdd!w\x85\xc5\x9c\x8a\xc9+\xcaf\xe5wh\xfeL\xa3\xfa\xf9\xfa\xa2\x1e\x1ac+\x04Ve\xc5' [client.py:34]c+\x04Ve\xc5' (ed25519) on OnlyKey [onlykey.py:248]
2022-11-06 11:56:04,539 DEBUG key type: b'ssh-ed25519' [formats.py:68]
2022-11-06 11:56:04,539 DEBUG b'ssh-connection': user b'ocean' via b'publickey' (b'ssh-ed25519') [client.py:40]
2022-11-06 11:56:04,539 DEBUG nonce: b'o};\xc4\xfd\x92\xb2\x93\xdb\xe5\xed\x8b\x03\xd5>\x93\xce\xeb\xc5\xad\x16\xcac\xef6\x0b\xd7\xfes\x91Z\xba' [client.py:42]
2022-11-06 11:56:04,539 DEBUG fingerprint: f9:31:c9:6e:58:e9:1a:7a:da:3a:a9:cb:b2:71:d9:31 [client.py:44]
2022-11-06 11:56:04,539 DEBUG hidden challenge size: 149 bytes [client.py:45]
2022-11-06 11:56:04,539 DEBUG identity parts: ['ssh://', 'ocean@', '10.1.1.250', ':22222'] [interface.py:46]
2022-11-06 11:56:04,539 INFO please confirm user "ocean" login to "ssh://[email protected]:22222|ed25519" using OnlyKey... [client.py:47]
2022-11-06 11:56:50,169 DEBUG connected [client.py:246]
2022-11-06 11:56:50,170 DEBUG preparing payload for writing [client.py:298]
2022-11-06 11:56:50,170 DEBUG msg=OKSETTIME [client.py:304]
2022-11-06 11:56:50,170 DEBUG payload=[99, 103, 146, 242] [client.py:328]
2022-11-06 11:56:50,170 DEBUG sending message [client.py:341]
2022-11-06 11:56:50,188 DEBUG read="UNLOCKEDv2.1.2-prodc" [client.py:398]
2022-11-06 11:56:50,188 DEBUG outstring="bytearray(b'UNLOCKEDv2.1.2-prodc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')" [client.py:400]
2022-11-06 11:56:50,188 DEBUG identity parts: ['ssh://', 'ocean@', '10.1.1.250', ':22222'] [interface.py:46]
2022-11-06 11:56:50,188 DEBUG "ssh://[email protected]:22222|ed25519" signing b'\x00\x00\x00 o};\xc4\xfd\x92\xb2\x93\xdb\xe5\xed\x8b\x03\xd5>\x93\xce\xeb\xc5\xad\x16\xcac\xef6\x0b\xd7\xfes\x91Z\xba2\x00\x00\x00\x06ocean\x00\x00\x00\x0essh-connection\x00\x00\x00\tpublickey\x01\x00\x00\x00\x0bssh-ed25519\x00\x00\x003\x00\x00\x00\x0bssh-ed25519\x00\x00\x00 %v\xdd!w\x85\xc5\x9c\x8a\xc9+\xcaf\xe5wh\xfeL\xa3\xfa\xf9\xfa\xa2\x1e\x1a
2022-11-06 11:56:50,189 INFO Identity to hash =b'[email protected]' [onlykey.py:280]
2022-11-06 11:56:50,189 INFO Identity hash =b'Zc\xb5/\xd2\x8b\x9eb\xf8\xa73\x1fa>\xe5G\xd4\x10T\x18\xe4\xa1\xad\xb8\r\x1b\xa6[\xac\x067N' [onlykey.py:281]
2022-11-06 11:56:50,189 INFO Key type ed25519 [onlykey.py:288]
2022-11-06 11:56:50,189 INFO Key Slot =201 [onlykey.py:311]
2022-11-06 11:56:50,189 DEBUG identity parts: ['ssh://', 'ocean@', '10.1.1.250', ':22222'] [interface.py:46]
Enter the 3 digit challenge code on OnlyKey to authorize ssh://[email protected]:22222|ed25519
1 4 2
2022-11-06 11:56:50,189 DEBUG preparing payload for writing [client.py:298]
2022-11-06 11:56:50,189 DEBUG msg=OKSIGN [client.py:304]
2022-11-06 11:56:50,189 DEBUG payload=[201, 255, 0, 0, 0, 32, 111, 125, 59, 196, 253, 146, 178, 147, 219, 229, 237, 139, 3, 213, 62, 147, 206, 235, 197, 173, 22, 202, 99, 239, 54, 11, 215, 254, 115, 145, 90, 186, 50, 0, 0, 0, 6, 115, 116, 105, 98, 97, 120, 0, 0, 0, 14, 115, 115, 104, 45, 99, 111] [client.py:328]
2022-11-06 11:56:50,190 DEBUG sending message [client.py:341]
2022-11-06 11:56:50,190 DEBUG preparing payload for writing [client.py:298]
2022-11-06 11:56:50,190 DEBUG msg=OKSIGN [client.py:304]
2022-11-06 11:56:50,190 DEBUG payload=[201, 255, 110, 110, 101, 99, 116, 105, 111, 110, 0, 0, 0, 9, 112, 117, 98, 108, 105, 99, 107, 101, 121, 1, 0, 0, 0, 11, 115, 115, 104, 45, 101, 100, 50, 53, 53, 49, 57, 0, 0, 0, 51, 0, 0, 0, 11, 115, 115, 104, 45, 101, 100, 50, 53, 53, 49, 57, 0] [client.py:328]
2022-11-06 11:56:50,191 DEBUG sending message [client.py:341]
2022-11-06 11:56:50,191 DEBUG preparing payload for writing [client.py:298]
2022-11-06 11:56:50,191 DEBUG msg=OKSIGN [client.py:304]
2022-11-06 11:56:50,191 DEBUG payload=[201, 255, 0, 0, 32, 37, 118, 221, 33, 119, 133, 197, 156, 138, 201, 43, 202, 102, 229, 119, 104, 254, 76, 163, 250, 249, 250, 162, 30, 26, 126, 99, 43, 4, 86, 101, 197, 90, 99, 181, 47, 210, 139, 158, 98, 248, 167, 51, 31, 97, 62, 229, 71, 212, 16, 84, 24, 228, 161] [client.py:328]
2022-11-06 11:56:50,192 DEBUG sending message [client.py:341]
2022-11-06 11:56:50,192 DEBUG preparing payload for writing [client.py:298]
2022-11-06 11:56:50,192 DEBUG msg=OKSIGN [client.py:304]
2022-11-06 11:56:50,192 DEBUG payload=[201, 10, 173, 184, 13, 27, 166, 91, 172, 6, 55, 78] [client.py:328]
2022-11-06 11:56:50,193 DEBUG sending message [client.py:341]
2022-11-06 11:56:50,293 DEBUG read="" [client.py:398]
2022-11-06 11:56:50,294 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:50,394 DEBUG read="" [client.py:398]
2022-11-06 11:56:50,394 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:50,494 DEBUG read="" [client.py:398]
2022-11-06 11:56:50,494 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:50,594 DEBUG read="" [client.py:398]
2022-11-06 11:56:50,594 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:50,695 DEBUG read="" [client.py:398]
2022-11-06 11:56:50,695 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:50,795 DEBUG read="" [client.py:398]
2022-11-06 11:56:50,795 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:50,895 DEBUG read="" [client.py:398]
2022-11-06 11:56:50,895 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:50,995 DEBUG read="" [client.py:398]
2022-11-06 11:56:50,996 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:51,096 DEBUG read="" [client.py:398]
2022-11-06 11:56:51,096 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:51,196 DEBUG read="" [client.py:398]
2022-11-06 11:56:51,196 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:51,296 DEBUG read="" [client.py:398]
2022-11-06 11:56:51,296 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:51,397 DEBUG read="" [client.py:398]
2022-11-06 11:56:51,397 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:51,497 DEBUG read="" [client.py:398]
2022-11-06 11:56:51,497 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:51,597 DEBUG read="" [client.py:398]
2022-11-06 11:56:51,597 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:51,697 DEBUG read="" [client.py:398]
2022-11-06 11:56:51,698 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:51,798 DEBUG read="" [client.py:398]
2022-11-06 11:56:51,798 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:51,898 DEBUG read="" [client.py:398]
2022-11-06 11:56:51,898 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:51,998 DEBUG read="" [client.py:398]
2022-11-06 11:56:51,998 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:52,098 DEBUG read="" [client.py:398]
2022-11-06 11:56:52,099 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:52,199 DEBUG read="" [client.py:398]
2022-11-06 11:56:52,199 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:52,299 DEBUG read="" [client.py:398]
2022-11-06 11:56:52,299 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:52,399 DEBUG read="" [client.py:398]
2022-11-06 11:56:52,399 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:52,500 DEBUG read="" [client.py:398]
2022-11-06 11:56:52,500 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:52,600 DEBUG read="" [client.py:398]
2022-11-06 11:56:52,600 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:52,700 DEBUG read="" [client.py:398]
2022-11-06 11:56:52,700 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:52,800 DEBUG read="" [client.py:398]
2022-11-06 11:56:52,801 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:52,901 DEBUG read="" [client.py:398]
2022-11-06 11:56:52,901 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:53,001 DEBUG read="" [client.py:398]
2022-11-06 11:56:53,001 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:53,101 DEBUG read="" [client.py:398]
2022-11-06 11:56:53,101 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:53,201 DEBUG read="" [client.py:398]
2022-11-06 11:56:53,202 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:53,302 DEBUG read="" [client.py:398]
2022-11-06 11:56:53,302 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:53,402 DEBUG read="" [client.py:398]
2022-11-06 11:56:53,402 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:53,502 DEBUG read="" [client.py:398]
2022-11-06 11:56:53,502 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:53,603 DEBUG read="" [client.py:398]
2022-11-06 11:56:53,603 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:53,703 DEBUG read="" [client.py:398]
2022-11-06 11:56:53,703 DEBUG outstring="bytearray(b'')" [client.py:400]
2022-11-06 11:56:53,772 DEBUG read="HtòÀö�OÊXtJÚ�%÷1Èx
L¶à¯�ܹÀ�
M�´®�ÙÔ0þY�£�.ìNP�´ß¡äIJ" [client.py:398]
2022-11-06 11:56:53,772 DEBUG outstring="bytearray(b'Ht\xf2\xc0\xf6\x8aO\xcaXtJ\x13\xda\x97%\xf71\xc8x\x0cL\xb6\xe0\xaf\x7f\x8a\xdc\xb9\xc0\x11\x9a\x0cM\x97\x10\xb4\xae\x80\xd9\x7f\xd40\xfeY\x99\xa3\x11\x81.\xecNP\x80\xb4\xdf\xa1\x1b\xe9\xe4IJ\x19\x03')" [client.py:400]
2022-11-06 11:56:53,772 INFO received= [72, 116, 242, 192, 246, 138, 79, 42, 202, 88, 116, 74, 19, 218, 151, 37, 247, 49, 200, 120, 12, 76, 182, 224, 175, 127, 138, 220, 185, 192, 17, 154, 12, 77, 151, 16, 180, 174, 128, 217, 127, 212, 48, 254, 89, 153, 163, 17, 129, 46, 236, 78, 80, 128, 180, 223, 161, 27, 233, 228, 73, 74, 25, 3] [onlykey.py:327]
2022-11-06 11:56:53,772 INFO disconnected from OnlyKey [onlykey.py:330]
2022-11-06 11:56:53,789 INFO disconnected from OnlyKey [onlykey.py:117]
2022-11-06 11:56:53,789 DEBUG signature: b'Ht\xf2\xc0\xf6\x8aO*\xcaXtJ\x13\xda\x97%\xf71\xc8x\x0cL\xb9\xe0\xaf\x7f\x8a\xdc\xb9\xc0\x11\x9a\x0cM\x97\x10\xb4\xae\x80\xd9\x7f\xd40\xfeY\x99\xa3\x13\x81.\xecNP\x80\xb4\xdf\xa1\x1b\xe9\xe4IJ\x19\x03' [protocol.py:155]
2022-11-06 11:56:53,789 DEBUG verify signature [formats.py:124]
2022-11-06 11:56:53,789 INFO signature status: OK [protocol.py:159]
2022-11-06 11:56:53,789 DEBUG signature size: 64 bytes [protocol.py:164]
2022-11-06 11:56:53,789 DEBUG reply: 92 bytes [protocol.py:108]
2022-11-06 11:56:53,802 DEBUG goodbye agent [server.py:98]
Linux orion 5.15.60-1-pve #1 SMP PVE 5.15.60-1 (Mon, 19 Sep 2022 17:53:17 +0200) x86_64
The first 30 second of delay accours on the following line:
2022-11-06 11:55:40,928 INFO identity #0: ssh://[email protected]:22222|ed25519 [init.py:287]
The remaning 1/2 minutes on the following line:
2022-11-06 11:56:04,539 INFO please confirm user "ocean" login to "ssh://[email protected]:22222|ed25519" using OnlyKey... [client.py:47]
Then the login succeded without any other problem as usualy after ask me the challenge (button press). Before this issue the challenge acoours immidiatly.
Thanks
Running:
~$ lsb_release -a
LSB Version: 1.4
Distributor ID: Solus
Description: Solus
Release: 4.0
Codename: fortitude
I got everything to install just fine. But it fails when i try to run
~$ onlykey-agent sam@siteground
Traceback (most recent call last):
File "/usr/bin/onlykey-agent", line 10, in
sys.exit(run_agent())
File "/usr/lib/python2.7/site-packages/onlykey_agent/main.py", line 123, in wrapper
return func(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/onlykey_agent/main.py", line 140, in
run_agent
public_key = conn.get_public_key(label=label)
File "/usr/lib/python2.7/site-packages/onlykey_agent/client.py", line 85, in get_public_key
vk = ecdsa.VerifyingKey.from_string(ok_pubkey, curve=ecdsa.NIST256p)
File "/usr/lib/python2.7/site-packages/ecdsa/keys.py", line 37, in from_string
(len(string), curve.verifying_key_length)
AssertionError: (0, 64)
Hopefully its a simple fix. Thank you for your time and help
On a similar note anyway you guys could add a Solus port for the main app?
OnlyKey Firmware Beta 6
onlykey-agent (pip install - 0.0.3)
OnlyKey Firmware v0.2-beta.8c
App v5.2.0
onlykey-cli v1.1.0
onlykey-agent v1.0.0
When first connected and unlocked, U2F works fine - both from browser and from PAM. After doing any onlykey-agent operation, generate public key, connect to host, etc... U2F stops working. It appears the U2F communication channel is closed and only a disconnect/reconnect/unlock operation re-establishes the connection. U2F from the browser does not work, PAM does not detect a U2F device, nor does the OnlyKey App work.
Still seeing behavior that when the OnlyKey is unlocked, using onlykey-cli or onlykey-agent causes the OnlyKey App to fall back to the Please connect your OnlyKey screen. U2F operation does work. Some fix in beta7 or beta8 has corrected U2F from working.
Not sure if this would be an issue with the firmware or with onlykey python codebase.
I'm writing an issue in this repo because the "homepage" link on PyPi points here:
http://github.com/onlykey/onlykey-agent, which is the old version of this repo.
In commit b860bfce8863b657bcd1b44bf680af94d5c183c3 most of the source code of onlykey-agent was replaced with a custom library, lib-agent.
By looking at the PyPi page, I can see lib-agent is licensed under the LGPLv3, but I can't find the source code anywhere.
Can you please upload the source code of lib-agent, or, if the code is already online, edit the link on PyPi, so that the homepage points to the actual source code?
Thank you
Several web-hosts require a DSA or RSA bigger than 2048 bits for their ssh keys (Siteground for example). My main use case for the OnlyKey-Agent would be SSH into a clients web host to deploy via git etcetera. Can the OnlyKey generate such keys, and if not will it ever be implemented?
After flashing new firmware to my OnlyKey, it would appear that the key being returned to the onlykey-agent is empty, causing assertion errors and preventing me from generating keys or logging in. This seems to affect both NIST P256 and ED25519 key generation. Here's the output when running the command, with private fields stripped out:
user@PC:~$ sudo onlykey-agent -v [email protected]
2018-11-15 14:34:48,435 INFO getting public key from OnlyKey... [client.py:54]
2018-11-15 14:34:48,435 INFO Trying to read the public key... [client.py:55]
2018-11-15 14:34:48,436 INFO Identity hash ="MY IDENTITY HASH" [client.py:67]
2018-11-15 14:34:49,957 INFO received= '' [client.py:75]
2018-11-15 14:34:49,957 INFO Received Public Key generated by OnlyKey= '' [client.py:84]
2018-11-15 14:34:49,958 INFO disconnected from OnlyKey [client.py:41]
Traceback (most recent call last):
File "/usr/local/bin/onlykey-agent", line 11, in <module>
sys.exit(run_agent())
File "/usr/local/lib/python2.7/dist-packages/onlykey_agent/__main__.py", line 123, in wrapper
return func(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/onlykey_agent/__main__.py", line 140, in run_agent
public_key = conn.get_public_key(label=label)
File "/usr/local/lib/python2.7/dist-packages/onlykey_agent/client.py", line 85, in get_public_key
vk = ecdsa.VerifyingKey.from_string(ok_pubkey, curve=ecdsa.NIST256p)
File "/home/user/.local/lib/python2.7/site-packages/ecdsa/keys.py", line 37, in from_string
(len(string), curve.verifying_key_length)
AssertionError: (0, 64)
I've added my comment to upstream here:
romanz#387 (comment)
But decided to create this issue so we can keep track of it, the failure is:
File "/usr/lib/python3.9/site-packages/libagent/ssh/protocol.py", line 148, in sign_message
signature = self.conn.sign(blob=blob, identity=key['identity'])
File "/usr/lib/python3.9/site-packages/libagent/ssh/init.py", line 246, in sign
return conn.sign_ssh_challenge(blob=blob, identity=identity)
File "/usr/lib/python3.9/site-packages/libagent/ssh/client.py", line 35, in sign_ssh_challenge
msg = parse_ssh_blob(blob)
File "/usr/lib/python3.9/site-packages/libagent/ssh/client.py", line 84, in parse_ssh_blob
assert not i.read()
AssertionError
sign_and_send_pubkey: signing failed for ED25519 "/tmp/trezor-ssh-pubkey-xvuheqx8" from agent: communication with agent failed
When using the Onlykey for signing or decryption, I receive the error "gpg: signing failed: End of file" using gpg2 and something similar using gpa. The errors occur once the light turns violet and I press any button. I've got Derived Key User Input Mode set to Button Press. I'm not entirely sure why this is happening, but any help is appreciated as I am relatively new to this.
I would actually buy this thing if this would support gpg.
OnlyKey docs suggests that we should be able to generate derived RSA key pairs using the following command:
onlykey-agent user@host -e rsa
However, this results in the following error:
2021-04-23 14:46:42,891 INFO identity #0: <ssh://user@host|rsa> [__init__.py:287]
2021-04-23 14:46:43,042 INFO Requesting public key from key slot =132 [onlykey.py:111]
2021-04-23 14:46:43,043 INFO Identity to hash =b'user@host' [onlykey.py:125]
2021-04-23 14:46:43,043 INFO Identity hash =5d488afdbb0ec4818ebc69aeedd5abfb3dde7dc322b6a63f6798a45f61808a76 [onlykey.py:129]
2021-04-23 14:46:43,044 INFO curve name= 'rsa' [onlykey.py:145]
2021-04-23 14:46:44,589 INFO received= [] [onlykey.py:190]
2021-04-23 14:46:44,589 INFO 0 [onlykey.py:191]
2021-04-23 14:46:44,590 INFO disconnected from OnlyKey [onlykey.py:94]
Traceback (most recent call last):
File "<...>/opt/miniconda3/envs/onlykey/bin/onlykey-agent", line 8, in <module>
sys.exit(ssh_agent())
File "<...>/opt/miniconda3/envs/onlykey/bin/onlykey_agent.py", line 5, in <lambda>
ssh_agent = lambda: libagent.ssh.main(DeviceType)
File "<...>/opt/miniconda3/envs/onlykey/lib/python3.8/site-packages/libagent/ssh/__init__.py", line 185, in wrapper
return func(*args, **kwargs)
File "<...>/opt/miniconda3/envs/onlykey/lib/python3.8/site-packages/libagent/ssh/__init__.py", line 323, in main
for pk in conn.public_keys():
File "<...>/opt/miniconda3/envs/onlykey/lib/python3.8/site-packages/libagent/ssh/__init__.py", line 221, in public_keys
self.public_keys_cache = conn.export_public_keys(self.identities)
File "<...>/opt/miniconda3/envs/onlykey/lib/python3.8/site-packages/libagent/ssh/client.py", line 27, in export_public_keys
pubkey = self.device.pubkey(identity=i)
File "<...>/opt/miniconda3/envs/onlykey/lib/python3.8/site-packages/libagent/device/onlykey.py", line 205, in pubkey
raise interface.DeviceError("Error response length is not a valid public key")
libagent.device.interface.DeviceError: Error response length is not a valid public key
The ed25519 key type works correctly.
I added new user ids to my OnlyKey-generated GPG key as documented.
Now git commit fails in this way:
$ git commit --gpg-sign
hint: Waiting for your editor to close the file... Waiting for Emacs...
error: gpg failed to sign the data:
[GNUPG:] KEY_CONSIDERED 5AB98C35C1B7A0FCBAA050C3379F14BB02F9317F 2
[GNUPG:] BEGIN_SIGNING H10
gpg: signing failed: End of file
[GNUPG:] FAILURE sign 33570815
gpg: signing failed: End of file
fatal: failed to write commit object
The agent logs include this error:
2024-05-02 17:08:53,785 ERROR handler failed: [__init__.py:318]
Traceback (most recent call last):
File "/home/fidel/.local/share/pipx/venvs/onlykey-agent/lib/python3.12/site-packages/libagent/gpg/__init__.py", line 310, in run_agent_internal
handler.handle(conn)
File "/home/fidel/.local/share/pipx/venvs/onlykey-agent/lib/python3.12/site-packages/libagent/gpg/agent.py", line 309, in handle
handler(conn, args)
File "/home/fidel/.local/share/pipx/venvs/onlykey-agent/lib/python3.12/site-packages/libagent/gpg/agent.py", line 123, in <lambda>
b'PKSIGN': lambda conn, _: self.pksign(conn),
^^^^^^^^^^^^^^^^^
File "/home/fidel/.local/share/pipx/venvs/onlykey-agent/lib/python3.12/site-packages/libagent/gpg/agent.py", line 226, in pksign
identity = self.get_identity(keygrip=self.keygrip)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/fidel/.local/share/pipx/venvs/onlykey-agent/lib/python3.12/site-packages/libagent/util.py", line 230, in wrapper
result = method(self, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/fidel/.local/share/pipx/venvs/onlykey-agent/lib/python3.12/site-packages/libagent/gpg/agent.py", line 202, in get_identity
assert pubkey.key_id() == pubkey_dict['key_id']
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
AssertionError
This led me to the get_identity function in lib-agent:
# We assume the first user ID is used to generate Agent-based GPG keys.
user_id = user_ids[0]['value'].decode('utf-8')
if pubkey_dict['algo'] not in {1, 2, 3}:
curve_name = protocol.get_curve_name_by_oid(pubkey_dict['curve_oid'])
ecdh = (pubkey_dict['algo'] == protocol.ECDH_ALGO_ID)
identity = client.create_identity(user_id=user_id, curve_name=curve_name, keygrip=keygrip)
verifying_key = self.client.pubkey(identity=identity, ecdh=ecdh)
pubkey = protocol.PublicKey(
curve_name=curve_name, created=pubkey_dict['created'],
verifying_key=verifying_key, ecdh=ecdh)
assert pubkey.key_id() == pubkey_dict['key_id']
assert pubkey.keygrip() == keygrip_bytesI tried editing my key and making the right user id the primary one, but lib-agent is still not picking it.
I can work around the issue by changing user_ids[0] to user_ids[1], but I think lib-agent should be smarter about choosing the right user id.
Am I doing something wrong? Is there some other solution to this issue? Please advise.
Firmware: 2.1.1
OnlyKey App: 5.3.3
onlykey-cli: 1.2.6
onlykey-agent: 1.1.12
I don't know if this issue is related to
... but I am happy to move this issue to the correct repo.
I've generated two different OpenSSH keys:
$ ssh-keygen -t ed25519 -f 101.key -C "ECC101"
Generating public/private ed25519 key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in 101.key
Your public key has been saved in 101.key.pub
The key fingerprint is:
SHA256:HNvgWIJ/egc4xOSWG/7Jrrab0Sekh8KhQJWAcjqIsK0 ECC101
The key's randomart image is:
+--[ED25519 256]--+
|..... . |
|+ o. = . |
|=* . O + |
|B . = X = |
|.o . B S . |
|E. o . @ o |
| . o = O o |
| ..* + |
| .=+. |
+----[SHA256]-----+
and
$ ssh-keygen -t ed25519 -f 102.key -C "ECC102"
Generating public/private ed25519 key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in 102.key
Your public key has been saved in 102.key.pub
The key fingerprint is:
SHA256:ePt+xoe+XZlNtJUAAOXPPbD/lYOc6cMLBpnPR27j21k ECC102
The key's randomart image is:
+--[ED25519 256]--+
| .oo.... |
| . . .|
| . . .o|
| . = + .o|
| . S+ + + ..|
| . .+ = =.=|
| . *.% =E|
| .. @+=.=|
| .o+oB=+ |
+----[SHA256]-----+
While in config mode, I "successfully" loaded 101.key and 102.key into their respected ECC slots. But when I go to use the keys stored in the slots, only 101.key is usable. In fact, it appears ALL slots return the same 101.key
$ cat 101.key.pub 102.key.pub
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIXjkzBVWpexS1Ro9OC4MOj5ekAh2Veh+TpIkp371w79 ECC101
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETGE/eiAhPohk8KbJ/Go1MXZ74e6XSO5G7OI/CDqbH+ ECC102
$
$ onlykey-agent -sk ECC101 user@host
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIXjkzBVWpexS1Ro9OC4MOj5ekAh2Veh+TpIkp371w79 <ssh://user@host|ed25519>
$
$ onlykey-agent -sk ECC102 user@host
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIXjkzBVWpexS1Ro9OC4MOj5ekAh2Veh+TpIkp371w79 <ssh://user@host|ed25519>
$
$ onlykey-agent -sk ECC103 user@host
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIXjkzBVWpexS1Ro9OC4MOj5ekAh2Veh+TpIkp371w79 <ssh://user@host|ed25519>
$ onlykey-agent -sk ECC104 user@host
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIXjkzBVWpexS1Ro9OC4MOj5ekAh2Veh+TpIkp371w79 <ssh://user@host|ed25519>
$ onlykey-agent -sk ECC105 user@host
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIXjkzBVWpexS1Ro9OC4MOj5ekAh2Veh+TpIkp371w79 <ssh://user@host|ed25519>
...
$ onlykey-agent -sk ECC115 user@host
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIXjkzBVWpexS1Ro9OC4MOj5ekAh2Veh+TpIkp371w79 <ssh://user@host|ed25519>
$ onlykey-agent -sk ECC116 user@host
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIXjkzBVWpexS1Ro9OC4MOj5ekAh2Veh+TpIkp371w79 <ssh://user@host|ed25519>
Or, maybe I have entirely the wrong idea about storing multiple keys in select ECC slots?
Forwarding the agent to a remote server would be a very interesting feature, maybe it is possible, but trying it with the following command did not work for me:
onlykey-agent user@server -- ssh -A user@server
When I run git pull with onlykey-agent, it works as expected except that macOS always opens a modal window "Python quit unexpectedly" with the crash report below.
Command:
$ onlykey-agent [email protected] -- git pull
Enter the 3 digit challenge code on OnlyKey to authorize <ssh://[email protected]|ed25519>
6 3 5
Already up to date.
[1] 26326 trace trap onlykey-agent [email protected] -- git pull
$ onlykey-agent --version
onlykey-agent=1.1.14 lib-agent=1.0.5
-------------------------------------
Translated Report (Full Report Below)
-------------------------------------
Process: Python [28562]
Path: /Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.9/Resources/Python.app/Contents/MacOS/Python
Identifier: com.apple.python3
Version: 3.9.6 (3.9.6)
Build Info: python3-124000000000000~2105
Code Type: ARM-64 (Native)
Parent Process: zsh [20509]
Responsible: Terminal [1184]
User ID: 501
Date/Time: 2022-12-10 16:44:42.7602 +0100
OS Version: macOS 13.0.1 (22A400)
Report Version: 12
Anonymous UUID: 6EC8A772-3004-3369-A691-867F7FD6E93F
Sleep/Wake UUID: 3A7AF147-1A15-4107-987B-A584FA041AAD
Time Awake Since Boot: 590000 seconds
Time Since Wake: 3774 seconds
System Integrity Protection: enabled
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BREAKPOINT (SIGTRAP)
Exception Codes: 0x0000000000000001, 0x00000001a95d7e74
Termination Reason: Namespace SIGNAL, Code 5 Trace/BPT trap: 5
Terminating Process: exc handler [28562]
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 CoreFoundation 0x1a95d7e74 _CFAssertMismatchedTypeID + 112
1 CoreFoundation 0x1a95d7e6c _CFAssertMismatchedTypeID + 104
2 CoreFoundation 0x1a9497ccc CFRunLoopRemoveSource + 704
3 IOKit 0x1ac59aa30 IOHIDDeviceUnscheduleFromRunLoop + 140
4 IOKit 0x1ac59f8fc __IOHIDManagerDeviceApplier + 660
5 CoreFoundation 0x1a943f1d4 __CFSetApplyFunction_block_invoke + 28
6 CoreFoundation 0x1a943efec CFBasicHashApply + 148
7 CoreFoundation 0x1a943ef30 CFSetApplyFunction + 320
8 IOKit 0x1ac59dfd4 __ApplyToDevices + 128
9 IOKit 0x1ac59e110 IOHIDManagerUnscheduleFromRunLoop + 112
10 IOKit 0x1ac59e034 IOHIDManagerClose + 44
11 hid.cpython-39-darwin.so 0x10557426c hid_exit + 32
12 hid.cpython-39-darwin.so 0x105574114 __pyx_pw_11cfunc_dot_to_py_27__Pyx_CFunc_int_______to_py_1wrap + 24
13 Python3 0x1048c44b8 _PyObject_Call + 172
14 Python3 0x1049a304c _PyEval_EvalFrameDefault + 24592
15 Python3 0x1049a63d4 0x104884000 + 1188820
16 Python3 0x1048c4678 _PyFunction_Vectorcall + 236
17 Python3 0x1048c3d10 _PyObject_FastCallDictTstate + 272
18 Python3 0x1048c4a58 _PyObject_Call_Prepend + 148
19 Python3 0x104929e4c 0x104884000 + 679500
20 Python3 0x1048c3ee8 _PyObject_MakeTpCall + 360
21 Python3 0x1049a56d0 0x104884000 + 1185488
22 Python3 0x1049a2dd4 _PyEval_EvalFrameDefault + 23960
23 Python3 0x1048c4730 0x104884000 + 263984
24 Python3 0x1048c689c 0x104884000 + 272540
25 Python3 0x104a3d88c 0x104884000 + 1808524
26 Python3 0x1049dfda8 Py_FinalizeEx + 72
27 Python3 0x1049e0a80 Py_Exit + 20
28 Python3 0x1049e5cc8 0x104884000 + 1449160
29 Python3 0x1049e4b48 PyRun_SimpleFileExFlags + 912
30 Python3 0x104a02df0 Py_RunMain + 1640
31 Python3 0x104a03280 0x104884000 + 1569408
32 Python3 0x104a03320 Py_BytesMain + 40
33 dyld 0x1a906be50 start + 2544
Is GPG support still on the roadmap ?
Is the only problem here man hours, or is there an unsolved technical problem ? Issue #7 was never answered, but asks this question as well.
I have just received my Onlykey and would love to be able to use it as the GPG key for pass(1).
Python error stack trace :
Traceback (most recent call last):
File "/home/user/.local/bin/onlykey-agent", line 8, in
sys.exit(ssh_agent())
File "/home/user/.local/bin/onlykey_agent.py", line 5, in
ssh_agent = lambda: libagent.ssh.main(DeviceType)
File "/home/user/.local/lib/python3.10/site-packages/libagent/ssh/init.py", line 185, in wrapper
return func(*args, **kwargs)
File "/home/user/.local/lib/python3.10/site-packages/libagent/ssh/init.py", line 323, in main
for pk in conn.public_keys():
File "/home/user/.local/lib/python3.10/site-packages/libagent/ssh/init.py", line 221, in public_keys
self.public_keys_cache = conn.export_public_keys(self.identities)
File "/home/user/.local/lib/python3.10/site-packages/libagent/ssh/client.py", line 28, in export_public_keys
pubkey = formats.export_public_key(vk=vk, label=label)
File "/home/user/.local/lib/python3.10/site-packages/libagent/formats.py", line 252, in export_public_key
key_type, blob = serialize_verifying_key(vk)
File "/home/user/.local/lib/python3.10/site-packages/libagent/formats.py", line 235, in serialize_verifying_key
if (len(vk) == 279 or len(vk) == 535):
TypeError: object of type 'NoneType' has no len()
I installed the agent by following the instructions at https://docs.crp.to/onlykey-agent.html#installation
Now that window 10 supports SSH can we get a windows version?
It is not currently possible to open multiple simultaneous connections to remote machines using onlykey-agent.
Steps to reproduce:
onlykey-agent -e e -c user@hostAonlykey-agent -e e -c user@hostBThe connection attempt to host B spits out the following python stack:
2018-03-01 16:21:58,247 ERROR failed to connect [client.py:182]
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/onlykey/client.py", line 178, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
2018-03-01 16:21:59,760 ERROR failed to connect [client.py:182]
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/onlykey/client.py", line 178, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
2018-03-01 16:22:01,267 ERROR failed to connect [client.py:182]
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/onlykey/client.py", line 178, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
2018-03-01 16:22:02,777 ERROR failed to connect [client.py:182]
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/onlykey/client.py", line 178, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
2018-03-01 16:22:04,286 ERROR failed to connect [client.py:182]
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/onlykey/client.py", line 178, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
Traceback (most recent call last):
File "/usr/bin/onlykey-agent", line 11, in
load_entry_point('onlykey-agent==0.0.2', 'console_scripts', 'onlykey-agent')()
File "/usr/lib/python2.7/site-packages/onlykey_agent/main.py", line 123, in wrapper
return func(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/onlykey_agent/main.py", line 136, in run_agent
with client_factory(curve=args.ecdsa_curve_name) as conn:
File "/usr/lib/python2.7/site-packages/onlykey_agent/client.py", line 28, in init
self.ok = OnlyKey()
File "/usr/lib/python2.7/site-packages/onlykey/client.py", line 162, in init
raise e
onlykey.client.OnlyKeyUnavailableException
After disconnecting from host A, the connection to host B works as expected.
Additional:
OnlyKey Color, Firmware Beta 6 STD
onlykey-agent
Arch Linux, 4.14.21-1-lts
Also, the --debug flag spits out exactly the same stack as without.
Original Google Group Thread: https://groups.google.com/forum/#!category-topic/onlykey/ssh-and-pgpgpg/vJcJsISkjPc
I don't know what happened, but my Onlykey stopped working with onlykey-agent only when trying to use git. onlykey-agent works when connecting to my servers via SSH (with -c), but trying any git operation fails with an IOError:
$ onlykey-agent -v -e e [email protected] git clone [email protected]:haplo/python-onlykey.git
2020-03-14 00:21:35,823 INFO getting public key from OnlyKey... [client.py:54]
2020-03-14 00:21:35,823 INFO Trying to read the public key... [client.py:55]
2020-03-14 00:21:35,824 INFO Identity hash ="<cut>" [client.py:67]
2020-03-14 00:21:36,326 INFO received= '<cut>' [client.py:75]
2020-03-14 00:21:36,326 INFO Received Public Key generated by OnlyKey= '<cut>' [client.py:79]
2020-03-14 00:21:36,326 INFO using SSH public key: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx [__main__.py:109]
2020-03-14 00:21:36,329 INFO running ['git', 'clone', '[email protected]:haplo/python-onlykey.git', 'onlykey-python'] with {'SSH_AUTH_SOCK': '/tmp/ssh-agent-cJdrmG', 'SSH_AGENT_PID': '6395'} [server.py:140]
Cloning into 'onlykey-python'...
2020-03-14 00:21:37,149 ERROR failed to connect [client.py:192]
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/onlykey/client.py", line 184, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
2020-03-14 00:21:38,654 ERROR failed to connect [client.py:192]
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/onlykey/client.py", line 184, in _connect
self._hid.open_path(path)
File "hid.pyx", line 72, in hid.device.open_path
IOError: open failed
onlykey-agent worked before, I was able to clone three of my repositories, but now no git command works.
Hello,
I'm trying to configure my onlykey using: https://docs.crp.to/onlykey-agent.html#ssh-agent-quickstart-guide with no luck.
From step 2 It seems I need to "Generate your First SSH Key on the OnlyKey Plug" but the documentation doesn't indicate how to do that.
BTW if I try to follow the documentation and then run onlykey-agent identity@myhost it throws an error message:
Traceback (most recent call last):
File "/home/user/.local/bin/onlykey-agent", line 8, in <module>
sys.exit(run_agent())
File "/home/user/.local/lib/python2.7/site-packages/onlykey_agent/__main__.py", line 123, in wrapper
return func(*args, **kwargs)
File "/home/user/.local/lib/python2.7/site-packages/onlykey_agent/__main__.py", line 140, in run_agent
public_key = conn.get_public_key(label=label)
File "/home/user/.local/lib/python2.7/site-packages/onlykey_agent/client.py", line 68, in get_public_key
self.ok.send_message(msg=Message.OKGETPUBKEY, slot_id=132, payload=data)
File "/home/user/.local/lib/python2.7/site-packages/onlykey/client.py", line 252, in send_message
raw_bytes.extend(bytearray.fromhex(payload))
ValueError: non-hexadecimal number found in fromhex() arg at position 0
It fails without throwing an error.
$ onlykey-gpg init "Example <[email protected]>"
2021-07-07 07:09:40,451 WARNING This GPG tool is still in EXPERIMENTAL mode, so please note that the API and features may change without backwards compatibility! [__init__.py:128]
2021-07-07 07:09:40,473 WARNING NOTE: in order to re-generate the exact same GPG key later, run this command with "--time=0" commandline flag (to set the timestamp of the GPG key manually). [__init__.py:41]
Enter the 3 digit challenge code on OnlyKey to authorize <gpg://Example <[email protected]>|ed25519>
5 3 5
Enter the 3 digit challenge code on OnlyKey to authorize <gpg://Example <[email protected]>|ed25519>
6 2 3
gpg: inserting ownertrust of 6
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
sec ed25519 1970-01-01 [SCA]
4580C116CCFF13E0C22B946C4AB5CB4FDB7469B3
uid [ultimate] Example <[email protected]>
ssb cv25519 1970-01-01 [E]
$ gpg --list-keys
/home/user/.gnupg/onlykey/pubring.kbx
-------------------------------------
pub ed25519 1970-01-01 [SCA]
4580C116CCFF13E0C22B946C4AB5CB4FDB7469B3
uid [ultimate] Example <[email protected]>
sub cv25519 1970-01-01 [E]
$ gpg --edit-key 4580C116CCFF13E0C22B946C4AB5CB4FDB7469B3
gpg (GnuPG) 2.2.12; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
sec ed25519/4AB5CB4FDB7469B3
created: 1970-01-01 expires: never usage: SCA
trust: ultimate validity: ultimate
ssb cv25519/0F1D4FAC1750FCB0
created: 1970-01-01 expires: never usage: E
[ultimate] (1). Example <[email protected]>
gpg> key 0
sec ed25519/4AB5CB4FDB7469B3
created: 1970-01-01 expires: never usage: SCA
trust: ultimate validity: ultimate
ssb cv25519/0F1D4FAC1750FCB0
created: 1970-01-01 expires: never usage: E
[ultimate] (1). Example <[email protected]>
gpg> expire
Changing expiration time for the primary key.
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 2y
Key expires at Fri 07 Jul 2023 07:11:17 AM GMT
Is this correct? (y/N) y
sec ed25519/4AB5CB4FDB7469B3
created: 1970-01-01 expires: never usage: SCA
trust: ultimate validity: ultimate
ssb cv25519/0F1D4FAC1750FCB0
created: 1970-01-01 expires: never usage: E
[ultimate] (1). Example <[email protected]>
gpg> quit
Save changes? (y/N) y
$ gpg --edit-key 4580C116CCFF13E0C22B946C4AB5CB4FDB7469B3
gpg (GnuPG) 2.2.12; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
sec ed25519/4AB5CB4FDB7469B3
created: 1970-01-01 expires: never usage: SCA
trust: ultimate validity: ultimate
ssb cv25519/0F1D4FAC1750FCB0
created: 1970-01-01 expires: never usage: E
[ultimate] (1). Example <[email protected]>
gpg> quit
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.