* [9fans] git/clone and ssh (git@github.com)
@ 2025-03-21 17:05 tlaronde
2025-03-22 5:37 ` ori
0 siblings, 1 reply; 6+ messages in thread
From: tlaronde @ 2025-03-21 17:05 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
Whether under 9front or 9legacy, I'm unable to clone a public git
github repository using ssh (ssh://git@github.com/...).
Under 9front, https method works; it doesn't under 9legacy.
After fighting with ssh, and for the record, the rsa key for the host
needs to be generated with 'role=client' and be put first in factotum.
(This is indicated in auth(2) in both flavors, and in rsa(8) in 9front,
while the corresponding 9legacy man page lacks the 'role=client' in
the examples, but it is not really obvious---on an Unix system, the
host system key is generated at installation time, identifying the
node itself, and this is the schema I'm more familiar with).
With this, I can ssh a remote system.
But, after setting a lot of debugging with netssh (under 9legacy), it
seems that the algorithms proposed by github.com don't match an
algorithm implemented by netssh.
Has someone had better success than me with this? [Note: the purpose is
to clone a public repository, without any need for the cloner to have an
account on github.com.]
TIA
--
Thierry Laronde <tlaronde +AT+ kergis +dot+ com>
http://www.kergis.com/
http://kertex.kergis.com/
Key fingerprint = 0FF7 E906 FBAF FE95 FD89 250D 52B1 AE95 6006 F40C
------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/Tacaff396dc758b34-M3d5c2a77d71c8026c10789d1
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [9fans] git/clone and ssh (git@github.com)
2025-03-21 17:05 [9fans] git/clone and ssh (git@github.com) tlaronde
@ 2025-03-22 5:37 ` ori
2025-03-22 6:47 ` tlaronde
0 siblings, 1 reply; 6+ messages in thread
From: ori @ 2025-03-22 5:37 UTC (permalink / raw)
To: 9fans
Quoth tlaronde@kergis.com:
>
> Whether under 9front or 9legacy, I'm unable to clone a public git
> github repository using ssh (ssh://git@github.com/...).
It works for me on 9front. Note, you will need to add your ssh key to
the list of authorized keys in github.
> But, after setting a lot of debugging with netssh (under 9legacy), it
> seems that the algorithms proposed by github.com don't match an
> algorithm implemented by netssh.
I don't have 9legacy at hand, but a quick grep through the source indicates that
your diagnosis is correct. The ssh client in /sys/src/cmd/ssh2 doesn't support
anything other than 3des and the AES CTR mode ciphers, which github no longer
serves.
on 9front, we select the chacha20-poly1305@openssh.com algorithm, and it
just works for me.
Here's the debug transcript of just ssh:
% ssh -d git@github.com
server version: SSH-2.0-7d0489107
kexalgs: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,kex-strict-s-v00@openssh.com
hostalgs: ssh-ed25519,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa
cipher1: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
cipher2: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
mac1: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256
mac2: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256
zip1: none,zlib@openssh.com
zip2: none,zlib@openssh.com
lang1:
lang2:
host fingerprint: uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s
userauth none ok
userauth none failed: partial=0, next=publickey
userauth none skipped
userauth publickey ok
ssh: global request: hostkeys-00@openssh.com
Hi oridb! You've successfully authenticated, but GitHub does not provide shell access.
------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/Tacaff396dc758b34-M9341dee6b0b370a5a6041b89
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [9fans] git/clone and ssh (git@github.com)
2025-03-22 5:37 ` ori
@ 2025-03-22 6:47 ` tlaronde
2025-03-22 13:17 ` Steve Simon
0 siblings, 1 reply; 6+ messages in thread
From: tlaronde @ 2025-03-22 6:47 UTC (permalink / raw)
To: 9fans
On Sat, Mar 22, 2025 at 01:37:04AM -0400, ori@eigenstate.org wrote:
> Quoth tlaronde@kergis.com:
> >
> > Whether under 9front or 9legacy, I'm unable to clone a public git
> > github repository using ssh (ssh://git@github.com/...).
>
> It works for me on 9front. Note, you will need to add your ssh key to
> the list of authorized keys in github.
>
> > But, after setting a lot of debugging with netssh (under 9legacy), it
> > seems that the algorithms proposed by github.com don't match an
> > algorithm implemented by netssh.
>
> I don't have 9legacy at hand, but a quick grep through the source indicates that
> your diagnosis is correct. The ssh client in /sys/src/cmd/ssh2 doesn't support
> anything other than 3des and the AES CTR mode ciphers, which github no longer
> serves.
>
> on 9front, we select the chacha20-poly1305@openssh.com algorithm, and it
> just works for me.
>
> Here's the debug transcript of just ssh:
>
> % ssh -d git@github.com
> server version: SSH-2.0-7d0489107
> kexalgs: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,kex-strict-s-v00@openssh.com
> hostalgs: ssh-ed25519,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa
> cipher1: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
> cipher2: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
> mac1: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256
> mac2: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256
> zip1: none,zlib@openssh.com
> zip2: none,zlib@openssh.com
> lang1:
> lang2:
> host fingerprint: uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s
> userauth none ok
> userauth none failed: partial=0, next=publickey
> userauth none skipped
> userauth publickey ok
> ssh: global request: hostkeys-00@openssh.com
>
> Hi oridb! You've successfully authenticated, but GitHub does not provide shell access.
>
Thanks for the explanations. Well, I will have to fallback (on
9legacy) to hget'ing a "release" tarball for the git sources.
--
Thierry Laronde <tlaronde +AT+ kergis +dot+ com>
http://www.kergis.com/
http://kertex.kergis.com/
Key fingerprint = 0FF7 E906 FBAF FE95 FD89 250D 52B1 AE95 6006 F40C
------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/Tacaff396dc758b34-M35276957ce917ff090503deb
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [9fans] git/clone and ssh (git@github.com)
2025-03-22 6:47 ` tlaronde
@ 2025-03-22 13:17 ` Steve Simon
2025-03-22 17:49 ` Brian L. Stuart
0 siblings, 1 reply; 6+ messages in thread
From: Steve Simon @ 2025-03-22 13:17 UTC (permalink / raw)
To: 9fans
a few years ago i brought libsec from 9front over to the 4th edition (richard miller’s pi port) and used that to give ssh2 some more modern / widely accepted encryption algos.
it was fairly straightforward, there was an another library dependency though i cannot remember what now (sorry). it was a couple of hours work given i didn’t know the code structure to start with.
-Steve
------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/Tacaff396dc758b34-M379067794471eae35d2d1e89
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [9fans] git/clone and ssh (git@github.com)
2025-03-22 13:17 ` Steve Simon
@ 2025-03-22 17:49 ` Brian L. Stuart
2025-03-23 16:07 ` tlaronde
0 siblings, 1 reply; 6+ messages in thread
From: Brian L. Stuart @ 2025-03-22 17:49 UTC (permalink / raw)
To: 9fans
On Sat, Mar 22, 2025 at 01:17:42PM +0000, Steve Simon wrote:
> a few years ago i brought libsec from 9front over to the 4th edition (richard miller?s pi port) and used that to give ssh2 some more modern / widely accepted encryption algos.
This would be the best solution overall. I've updated my
copy with enough newer initial key exchange algorithms that
I can still talk to an out-of-the-box OpenSSH config, but
I haven't gotten around to updating any of the PK auth
algorithms that OpenSSH default config requires. So for
the time being I've fallen back to PW auth for the few
places I use ssh.
I'm not going to have a chance to do anything with it for
a few weeks at least, but if no one beats me to it (hint
for some someone to beat me to it), I'll try to put together
a patch for 9legacy.org.
BLS
------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/Tacaff396dc758b34-Md1e4085e6c7fcba4c9f33f4d
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [9fans] git/clone and ssh (git@github.com)
2025-03-22 17:49 ` Brian L. Stuart
@ 2025-03-23 16:07 ` tlaronde
0 siblings, 0 replies; 6+ messages in thread
From: tlaronde @ 2025-03-23 16:07 UTC (permalink / raw)
To: 9fans
On Sat, Mar 22, 2025 at 05:49:43PM +0000, Brian L. Stuart wrote:
> On Sat, Mar 22, 2025 at 01:17:42PM +0000, Steve Simon wrote:
> > a few years ago i brought libsec from 9front over to the 4th edition (richard miller?s pi port) and used that to give ssh2 some more modern / widely accepted encryption algos.
>
> This would be the best solution overall. I've updated my
> copy with enough newer initial key exchange algorithms that
> I can still talk to an out-of-the-box OpenSSH config, but
> I haven't gotten around to updating any of the PK auth
> algorithms that OpenSSH default config requires. So for
> the time being I've fallen back to PW auth for the few
> places I use ssh.
>
> I'm not going to have a chance to do anything with it for
> a few weeks at least, but if no one beats me to it (hint
> for some someone to beat me to it), I'll try to put together
> a patch for 9legacy.org.
I will not take the task since I have to finish first what I have
engaged to do (because I need it):
- Extend support for Realtek 8125 and 8126 (and add the
missing 8169 compatible ones), for 9front first, translated for
9legacy second;
- Start making Nix compile on 9legacy (I have fought with
various installation woes so I'm still at the begining of the race).
So for Nix on 9legacy, for now, I will create dated tarballs to
download in order to make some progress (all in all, even for the nic
driver, Nix is the aim...).
I have to few butter to spread on too much bread ;-)
--
Thierry Laronde <tlaronde +AT+ kergis +dot+ com>
http://www.kergis.com/
http://kertex.kergis.com/
Key fingerprint = 0FF7 E906 FBAF FE95 FD89 250D 52B1 AE95 6006 F40C
------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/Tacaff396dc758b34-M1d563d17c76adf6109310143
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2025-03-23 16:42 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-03-21 17:05 [9fans] git/clone and ssh (git@github.com) tlaronde
2025-03-22 5:37 ` ori
2025-03-22 6:47 ` tlaronde
2025-03-22 13:17 ` Steve Simon
2025-03-22 17:49 ` Brian L. Stuart
2025-03-23 16:07 ` tlaronde
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).