Core Shell does not authenticate via public key but plain "ssh" does?

Hi!

With Core Shell Version: 3.6.2 (via SetApp), I can't connect to my mini via public key Authentication.
On the Terminal, I can do ssh mini and the ~/.ssh/config file is set up so that it connects via keypair

On Core Shell I've created a profile that looks like this:

image

But when I try to connect, I get a prompt for the password... The config file is being read, as the proper username is used.

Checking on the logs, I think the relevant bits are:

Command line ssh connection:

debug1: Host 'mini-lan' is known and matches the ECDSA host key.
debug1: Found key in /Users/[USERNAME]/.ssh/known_hosts:29
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /Users/[USERNAME]/.ssh/id_rsa RSA SHA256:ew6x8c4CYW+ >>SNIP>> explicit agent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/[USERNAME]/.ssh/id_rsa RSA SHA256:ew6x8c4CYW+ >>SNIP>> explicit agent
debug1: Server accepts key: /Users/[USERNAME]/.ssh/id_rsa RSA SHA256:ew6x8c4CYW+ >>SNIP>>  explicit agent
debug1: Authentication succeeded (publickey).
Authenticated to mini-lan ([IP_ADDRESS]:22).

But in Core Shell I see this:

Equivalent Command: ssh -v -o ServerAliveInterval=15 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -p 22 mini
10:25:11 Connecting…
10:25:11 Using Core Helper 6.6 (r3386)
10:25:11 OpenSSH_8.8p1, OpenSSL 1.1.1l  24 Aug 2021
10:25:11 debug1: Reading configuration data /Users/[USERNAME]/.ssh/config

[snip]

10:25:11 debug1: /Users/[USERNAME]/.ssh/config line 45: Applying options for mini
10:25:11 debug1: /Users/[USERNAME]/.ssh/config line 80: Applying options for *
10:25:11 debug1: /Users/[USERNAME]/.ssh/config line 81: Deprecated option "useroaming"
10:25:11 debug1: Reading configuration data /etc/ssh/ssh_config
10:25:11 debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
10:25:11 debug1: /etc/ssh/ssh_config line 54: Applying options for *
10:25:11 debug1: Connecting to mini-lan [[IP_ADDRESS]] port 22.
10:25:11 debug1: Connection established.
10:25:11 debug1: identity file /Users/[USERNAME]/.ssh/id_rsa type 0
10:25:11 debug1: identity file /Users/[USERNAME]/.ssh/id_rsa-cert type -1
10:25:11 debug1: Local version string SSH-2.0-OpenSSH_8.8
10:25:11 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.9
10:25:11 debug1: compat_banner: match: OpenSSH_6.9 pat OpenSSH* compat 0x04000000
10:25:11 debug1: Authenticating to mini-lan:22 as '[REMOTE_USERNAME]'
10:25:11 Authenticating…
10:25:11 debug1: load_hostkeys: fopen /Users/[USERNAME]/.ssh/known_hosts2: No such file or directory
10:25:11 debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
10:25:11 debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
10:25:11 debug1: SSH2_MSG_KEXINIT sent
10:25:11 debug1: SSH2_MSG_KEXINIT received
10:25:11 debug1: kex: algorithm: curve25519-sha256@libssh.org
10:25:11 debug1: kex: host key algorithm: ecdsa-sha2-nistp256
10:25:11 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
10:25:11 debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
10:25:11 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
10:25:11 debug1: SSH2_MSG_KEX_ECDH_REPLY received
10:25:11 debug1: Server host key: ecdsa-sha2-nistp256 SHA256:cqBQKOMRZI4Gy <<SNIP>> 
10:25:11 debug1: load_hostkeys: fopen /Users/[USERNAME]/.ssh/known_hosts2: No such file or directory
10:25:11 debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
10:25:11 debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
10:25:11 debug1: Host 'mini-lan' is known and matches the ECDSA host key.
10:25:11 debug1: Found key in /Users/[USERNAME]/.ssh/known_hosts:29
10:25:11 debug1: rekey out after 134217728 blocks
10:25:11 debug1: SSH2_MSG_NEWKEYS sent
10:25:11 debug1: expecting SSH2_MSG_NEWKEYS
10:25:11 debug1: SSH2_MSG_NEWKEYS received
10:25:11 debug1: rekey in after 134217728 blocks
10:25:11 debug1: Will attempt key: /Users/[USERNAME]/.ssh/id_rsa RSA SHA256:ew6x8c4CYW+ <<SNIP>> explicit agent
10:25:11 debug1: SSH2_MSG_SERVICE_ACCEPT received
10:25:11 debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive
10:25:11 debug1: Next authentication method: publickey
10:25:11 debug1: Offering public key: /Users/[USERNAME]/.ssh/id_rsa RSA SHA256:ew6x8c4CYW+<<SNIP>>  explicit agent
10:25:11 debug1: send_pubkey_test: no mutual signature algorithm
10:25:11 debug1: Next authentication method: keyboard-interactive
10:25:11 debug1: read_passphrase: requested to askpass
10:25:18 Authenticated to mini-lan ([[IP_ADDRESS]]:22) using "keyboard-interactive".
10:25:18 debug1: channel 0: new [client-session]
10:25:18 debug1: Requesting no-more-sessions@openssh.com
10:25:18 debug1: Entering interactive session.
10:25:18 debug1: pledge: filesystem full
10:25:18 Connected
10:25:18 debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
10:25:18 debug1: client_input_hostkeys: searching /Users/[USERNAME]/.ssh/known_hosts for mini-lan / (none)
10:25:18 debug1: client_input_hostkeys: searching /Users/[USERNAME]/.ssh/known_hosts2 for mini-lan / (none)
10:25:18 debug1: client_input_hostkeys: hostkeys file /Users/[USERNAME]/.ssh/known_hosts2 does not exist
10:25:18 debug1: client_input_hostkeys: host key found matching a different name/address, skipping UserKnownHostsFile update
10:25:18 debug1: Sending environment.
10:25:18 debug1: channel 0: setting env LC_ALL = "en_US.UTF-8"
10:25:18 debug1: channel 0: setting env LC_CTYPE = "UTF-8"
10:25:18 debug1: channel 0: setting env LANG = "en_US.UTF-8"

I think the key line is: "10:25:11 debug1: send_pubkey_test: no mutual signature algorithm" ??

Why, if I assume Core Shell is using the system's SSH binary?
Thanks

No, Core Shell does not use system ssh binary, it uses OpenSSH XPC component via Apple’s XPC technology.

OpenSSH 8.8 disables RSA signatures using the SHA-1 hash algorithm by default, please find the solution in this topic:

Kindly Regards,

Yang

Hi,

Thanks for getting back to me -- updating the setting of PubkeyAcceptedAlgorithms allowed me to connect, thanks!