First time user of holepunch. I've been testing the released binaries but keep running into problems. I seem to be unable to authenticate against the server when I follow the instructions both when using the holepunch client and the regular openssh one.
Below are the commands that I ran with the openssh client along with the output. Using the holepunch client got the same error.
# id
uid=0(root) gid=0(root) groups=0(root),141(kaboxer)
# ls -la
total 8
drwx------ 2 root root 4096 Aug 26 10:46 .
drwxrwxrwt 18 root root 4096 Aug 26 10:46 ..
# cp ~/holepunch-server_linux-amd64 .
# ssh-keygen -t ecdsa -b 521 -C "Server Keys" -f server
Generating public/private ecdsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in server
Your public key has been saved in server.pub
The key fingerprint is:
SHA256:L1InBtOKIXcv7iDKzascnG/SKNjwq57cTAJGpTGoBio Server Keys
The key's randomart image is:
+---[ECDSA 521]---+
|.o . |
|o = . |
|+o. o + . |
|E. o + = |
|+. . o S . |
|= . . + + |
|.O+.. o . . |
|*+&+ o . . |
|=O=O. . |
+----[SHA256]-----+
#
# ssh-keygen -t ecdsa -b 521 -C "Client Keys" -f client
Generating public/private ecdsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in client
Your public key has been saved in client.pub
The key fingerprint is:
SHA256:1nwtUtvjcLutUt4dY4STfyJte/hIlYpEh8L6YtCVXkY Client Keys
The key's randomart image is:
+---[ECDSA 521]---+
| E |
| . o . |
| = =..o |
| . +o=..B ..|
| . oS.+.=.O..|
| ... .oo=*O.|
| o . . *===|
| . . ..+++|
| .++o|
+----[SHA256]-----+
# ls -la
total 10184
drwx------ 2 root root 4096 Aug 26 10:47 .
drwxrwxrwt 18 root root 4096 Aug 26 10:46 ..
-rw------- 1 root root 736 Aug 26 10:47 client
-rw-r--r-- 1 root root 265 Aug 26 10:47 client.pub
-rwxr-xr-x 1 root root 10403669 Aug 26 10:46 holepunch-server_linux-amd64
-rw------- 1 root root 736 Aug 26 10:47 server
-rw-r--r-- 1 root root 265 Aug 26 10:47 server.pub
# export SSH_HOSTKEY="$(cat server | base64 -w 0)" CLIENT_PUBKEY="$(cat client.pub)"
# env | egrep "SSH_HOSTKEY|CLIENT_PUBKEY"
SSH_HOSTKEY=LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFyQUFBQUJObFkyUnpZUwoxemFHRXlMVzVwYzNSd05USXhBQUFBQ0c1cGMzUndOVEl4QUFBQWhRUUFTaUtoRnBuNXRRUUtsYUh4RlRqbEg3bUcyWGRjCkNZVnRoTzFpS1ZTZGZGN1JrWWVuQ1hpQ25WeTljeU9uV0cySFBncDJrOG03UHA1RUxrT1JqK2IyenlvQjd3dDAxUGNCWkkKelRoWG9HUnBUMXFIMlZWMzZlZkw3QndCRnI4b0Nod0xtNHBpenF4TVJ3aVRLT1VOWWJLU3RuSXEwVVhneWJKYWQ3dWwvRwphS3BtQWZNQUFBRVFDRlBYU1FoVDEwa0FBQUFUWldOa2MyRXRjMmhoTWkxdWFYTjBjRFV5TVFBQUFBaHVhWE4wY0RVeU1RCkFBQUlVRUFFb2lvUmFaK2JVRUNwV2g4UlU0NVIrNWh0bDNYQW1GYllUdFlpbFVuWHhlMFpHSHB3bDRncDFjdlhNanAxaHQKaHo0S2RwUEp1ejZlUkM1RGtZL205czhxQWU4TGROVDNBV1NNMDRWNkJrYVU5YWg5bFZkK25ueSt3Y0FSYS9LQW9jQzV1SwpZczZzVEVjSWt5amxEV0d5a3JaeUt0RkY0TW15V25lN3BmeG1pcVpnSHpBQUFBUWdHWXM5Q3VrR3VYaUt2Qlg4V2lYQ0dZClpuVUpJSEJxSHdrVUFIbjJHWGJDd25CUU5sMVB6OW9meFgwSXhReWdJaFBCRWJ2cXB6eUhGbTF6dWwzTE1DWjkzQUFBQUEKdFRaWEoyWlhJZ1MyVjVjd0VDQXdRRkJnYz0KLS0tLS1FTkQgT1BFTlNTSCBQUklWQVRFIEtFWS0tLS0tCg==
CLIENT_PUBKEY=ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBABCCb4xU7qBtgpmVg9z0iX9EpcKCBx2dPUeuLUbmryopN3jcLmDHCZSeiAVYHacHwprizvSBtpnNKLRdjXIA5HoHAGbupJVzsP+t5MSubiQhPiLYeGztFA1VqEuqsR6HUlxXmibuHitlP6eLNJwEIxjLtZcvkHjdLdkp5hCaPDqihEtHA== Client Keys
# ./holepunch-server_linux-amd64 server --sshd-websocket --http-reverse-proxy --sshd-tcp 0.0.0.0:22 &
[1] 55064
2021/08/26 10:51:26 [INFO] holepunch-server 20210312_0738_8f5e8775 starting
2021/08/26 10:51:26 [DEBUG] starting tcp-sshd
2021/08/26 10:51:26 tcp-sshd [INFO] Listening on 0.0.0.0:22
2021/08/26 10:51:26 tcp-sshd [DEBUG] starting listener 0.0.0.0:22
2021/08/26 10:51:26 tcp-sshd [DEBUG] starting listenercloser
# 2021/08/26 10:51:26 [DEBUG] starting httpserver 1 ⚙
# ssh -vvv -i client root@localhost 1 ⚙
OpenSSH_8.4p1 Debian-5, OpenSSL 1.1.1k 25 Mar 2021
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/root/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/root/.ssh/known_hosts2'
debug2: resolving "localhost" port 22
debug2: ssh_connect_direct
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file client type 2
debug1: identity file client-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4p1 Debian-5
debug1: Remote protocol version 2.0, remote software version Go
debug1: no match: Go
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to localhost:22 as 'root'
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1
debug2: host key algorithms: ecdsa-sha2-nistp521
debug2: ciphers ctos: [email protected],[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: ciphers stoc: [email protected],[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: MACs ctos: [email protected],hmac-sha2-256,hmac-sha1,hmac-sha1-96
debug2: MACs stoc: [email protected],hmac-sha2-256,hmac-sha1,hmac-sha1-96
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp521
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp521 SHA256:L1InBtOKIXcv7iDKzascnG/SKNjwq57cTAJGpTGoBio
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is SHA256:L1InBtOKIXcv7iDKzascnG/SKNjwq57cTAJGpTGoBio.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: client ECDSA SHA256:1nwtUtvjcLutUt4dY4STfyJte/hIlYpEh8L6YtCVXkY explicit
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: client ECDSA SHA256:1nwtUtvjcLutUt4dY4STfyJte/hIlYpEh8L6YtCVXkY explicit
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
root@localhost: Permission denied (publickey).
2021/08/26 10:52:06 tcp-sshd [ERROR] Failed to handshake ([ssh: no auth passed yet, unknown username])
#