Connecting with password to RM2 fails, rmview asks for passphrases of all my SSH keys

Question

Connecting with password to RM2 fails, rmview asks for passphrases of all my SSH keys

lckarssen opened this issue 3 years ago · comments

Lennart C. Karssen commented 3 years ago

Today I wanted to give rmview a try. I cloned the repo (commit 60ebcae) and ran pip install .. All seems to be installed correctly, I can launch rmview and it guided me through the first steps of configuration. However, for some reason it can't connect to my reMarkable 2. I haven't set up an SSH key (yet), I'm only working with a password at the moment.

When I launch rmview -v I get the following output in the terminal (Ubuntu 21.04), and at the same time rmview seems to try and load all my SSH keys (I have a bunch of them for other machines), but when I cancel the ssh agent pop-up window that asks for the passphrase of each of my keys, rmview fails:

$ rmview -v
[INFO] STARTING: Mon Sep 13 17:22:13 2021
[INFO] Searching configuration in rmview.json, /home/lennart/.config/rmview.json
[DEBUG] Configuration failure in rmview.json: [Errno 2] No such file or directory: 'rmview.json'
[INFO] Fetching configuration from /home/lennart/.config/rmview.json
[DEBUG] Config values: {'ssh': {'address': '10.11.99.1', 'username': 'root', 'auth_method': 'password', 'password': 'vmP*****'}, 'orientation': 'auto', 'pen_size': 15, 'pen_color': 'red', 'pen_trail': 200}
[INFO] Using system default known hosts file
[INFO] Loading system default known hosts file, this may take a while...
[INFO] System default known host file loaded
[INFO] Connecting...
[ERROR] Exception: key cannot be used for signing
[ERROR] Traceback (most recent call last):
[ERROR]   File "/usr/lib/python3/dist-packages/paramiko/transport.py", line 2109, in run
[ERROR]     handler(self.auth_handler, m)
[ERROR]   File "/usr/lib/python3/dist-packages/paramiko/auth_handler.py", line 298, in _parse_service_accept
[ERROR]     sig = self.private_key.sign_ssh_data(blob)
[ERROR]   File "/usr/lib/python3/dist-packages/paramiko/agent.py", line 418, in sign_ssh_data
[ERROR]     raise SSHException("key cannot be used for signing")
[ERROR] paramiko.ssh_exception.SSHException: key cannot be used for signing
[ERROR] 
[ERROR] Could not connect to 10.11.99.1: No existing session
[INFO] Please check your remarkable is connected and retry.
[DEBUG] Stopping connection worker
[ERROR] No existing session
[INFO] QUITTING: Mon Sep 13 17:22:28 2021

Note the message in line 3 that says the rmview.json file can't be found. I guess it is a spurious message because the file /home/lennart/.config/rmview.json does exist, as shown by lines 4 and 5 of the output.

I am not sure why rmview tries to load all my SSH keys when I told it to use a password (see the auth_method entry in my config). Any idea what could be the problem here?

Other info:

The password in my config file is correct, I can connect to the RM2 without problems using regular SSH.
Regular SSH honours my ~/.ssh/config file, which says not to load my SSH keys unless I tell it so, but rmview seems to ignore this file.
While running pip install . a window popped up about some QT key store. I cancelled that because I use Gnome, not KDE. Not sure if it is related somehow.

Emanuele D'Osualdo · Answer 1 · Tue Sep 14 2021 04:05:24 GMT+0800 (China Standard Time)

Hi thanks for reporting!
I think I know what is going on, it's due to paramiko's default connection heuristics.
Can you see if the patch at the issue98 branch I just pushed solves your problem?

Lennart C. Karssen · Answer 2 · Wed Sep 15 2021 15:31:03 GMT+0800 (China Standard Time)

Thanks for the quick reply! I checked out the issue98 branch, ran pip install . which compiled and installed a new version of rmview. However, when I run it, I get the exact same output/errors (with the same line numbers) as before.

One more piece of information that may be relevant: I'm on rM2 version 2.8.0.98, patched with the ddvk hack. I noticed the README mentions pre 2.7 and post 2.9...

Emanuele D'Osualdo · Answer 3 · Wed Sep 15 2021 16:11:15 GMT+0800 (China Standard Time)

So, yes 2.8 is not supported.
The reason is that the custom VNC server shipped with rmview is only known to work with pre 2.7 versions, and compatibility with later versions is obtained by interfacing with the new ScreenShare feature which has been added with 2.9.
Yours seems an ssh authentication problem, however, which should not occur.
It seems like paramiko is talking with your SSH agent but something goes wrong.
I pushed another patch at issue98, can you see if at least that gives you a different error 😅 ?

Lennart C. Karssen · Answer 4 · Mon Sep 20 2021 06:02:14 GMT+0800 (China Standard Time)

Thanks for confirming that 2.8 won't work. I'll see if I can upgrade. Nevertheless, I think you are right that the problem at hand has more to do with SSH than anything else.

I have tried the latest in issue89, but it still doesn't connect to the rM2. The good news: I don't get a pop up to type in the passphrases for all my keys anymore. Strangely enough, my Yubikey (which I use for some of my SSH keys) does light up, so it still seems to try some SSH keys. The error message is still the same, including the line numbers.

Lennart C. Karssen · Answer 5 · Mon Sep 20 2021 17:39:51 GMT+0800 (China Standard Time)

Quick update on my previous comment: I still had my keys loaded, that is why the windows asking for my passphrases didn't pop up. Sorry for the incorrect info.

Maximilian Hantsch · Answer 6 · Tue Oct 05 2021 22:53:25 GMT+0800 (China Standard Time)

So, yes 2.8 is not supported. The reason is that the custom VNC server shipped with rmview is only known to work with pre 2.7 versions, and compatibility with later versions is obtained by interfacing with the new ScreenShare feature which has been added with 2.9.

Does this mean for 2.9+ I no longer need to copy the rM2-vnc-server-standalone to the reMarkable because it anyway will not use it?

Emanuele D'Osualdo · Answer 7 · Tue Oct 05 2021 23:09:13 GMT+0800 (China Standard Time)

@mhantsch that's correct, for the moment.
@pl-semiotics may at some point produce a version of the server that works on the new versions of the tablet's software, but for now we don't have that option.

Maximilian Hantsch · Answer 8 · Tue Oct 05 2021 23:13:47 GMT+0800 (China Standard Time)

@bordaigorl OK, that makes the installation actually one step easier ;)

Maybe could be clarified in the installation instructions that from 2.9+ onwards the scp commands are not needed.

Thanks!

Lennart C. Karssen · Answer 9 · Thu Oct 07 2021 23:42:34 GMT+0800 (China Standard Time)

Even though it is most likely unrelated, I upgraded my RM2 to 2.9.1.217 in the mean time. I'm still in the issue98 branch, commit 615eaea.

The SSH key problem still persists: rmview tries all my SSH keys even though it asks for a password. To recap, here is the output I get from rmview -v:

[INFO] STARTING: Thu Oct  7 17:35:23 2021
[INFO] Searching configuration in rmview.json, /home/lennart/.config/rmview.json
[DEBUG] Configuration failure in rmview.json: [Errno 2] No such file or directory: 'rmview.json'
[INFO] Fetching configuration from /home/lennart/.config/rmview.json
[WARNING] Config file "/home/lennart/.config/rmview.json" is readable by others (permissions=664). If your config file contains secrets (e.g. password) you are strongly encouraged to make sure it's not readable by other users (chmod 600 /home/lennart/.config/rmview.json)
[DEBUG] Config values: {'ssh': {'address': '192.168.10.173', 'username': 'root', 'auth_method': 'password', 'look_for_keys': False, 'allow_agent': False, 'password': 'vmP*****'}, 'orientation': 'auto', 'pen_size': 15, 'pen_color': 'red', 'pen_trail': 200}
[INFO] Using known hosts file: /home/lennart/.config/rmview_known_hosts
[INFO] Loaded known hosts from /home/lennart/.config/rmview_known_hosts
[INFO] Connecting...
[ERROR] Exception: key cannot be used for signing
[ERROR] Traceback (most recent call last):
[ERROR]   File "/usr/lib/python3/dist-packages/paramiko/transport.py", line 2109, in run
[ERROR]     handler(self.auth_handler, m)
[ERROR]   File "/usr/lib/python3/dist-packages/paramiko/auth_handler.py", line 298, in _parse_service_accept
[ERROR]     sig = self.private_key.sign_ssh_data(blob)
[ERROR]   File "/usr/lib/python3/dist-packages/paramiko/agent.py", line 418, in sign_ssh_data
[ERROR]     raise SSHException("key cannot be used for signing")
[ERROR] paramiko.ssh_exception.SSHException: key cannot be used for signing
[ERROR] 
[ERROR] Could not connect to 192.168.10.173: No existing session
[INFO] Please check your remarkable is connected and retry.
[ERROR] No existing session
[DEBUG] Stopping connection worker
[INFO] QUITTING: Thu Oct  7 17:36:25 2021

After the Connecting... my Yubikey starts flashing, indicating that rmview tries to access my SSH keys. After I press the Yubikey it fails with the messages shown above.

[edit]

Just to be sure there was no other underlying problem, I moved my ~/.ssh directory out of the way and used ssh-add -D to remove all my SSH keys from the SSH agent. After that I could successfully use rmview.

Emanuele D'Osualdo · Answer 10 · Sat Oct 09 2021 04:05:11 GMT+0800 (China Standard Time)

Hi, sorry for the delay, I just realised the patch at issue98 was not passing the arguments to paramiko 🤦🏻‍♂️
Could you try 61ffa5d?

Lennart C. Karssen · Answer 11 · Mon Oct 11 2021 04:23:43 GMT+0800 (China Standard Time)

🎆 Great! That did the trick. No more questions about SSH keys now.

Thanks! Closing this issue.