[bug#77154] Guix issue 77154

[Matthew Todd]

Hi Maxim,

> I believe this series may be obsolete; libgcrypt 1.11 (already packaged in 
> Guix) appears to come with ed25519 support.
> ...
> Is the original issue resolved?
> ...
> Could you please report the exact issue you are having when using libgcrypt?

I don't think so.

I reran my tests: Guix on Debian foreign distro with channels.scm using git 
over SSH with SSH keys to Debian git server.

1. Full patch series: guix pull with libssh2 @ 1.11.1 compiled against 
libopenssl (3.0.8, latest one in guix): works.
2. First patch from patch series: guix pull with libssh2 @ 1.11.1 compiled 
against libgcrypt (1.11, latest one in guix): fails.
3. Guix baseline: guix pull with libssh2 @ 1.10.0 (latest one in guix) compiled 
against libgcrypt (1.11, latest one in guix): fails.

The client-side failure:
"guix pull: error: Git error: failed to start SSH session: Unable to exchange 
encryption keys"

And corresponding error message on the server:
"Apr 26 19:39:36 <hostname-redacted> sshd[1661214]: Unable to negotiate with 
<ip-and-port-redacted>: no matching host key type found. Their offer: ssh-rsa 
[preauth]"


I took another look at the libssh2 source code 
(https://github.com/libssh2/libssh2/blob/master/src/libgcrypt.h#L67), and the 
current master branch code (606c102, last commit 2 months ago) still disables 
support for ED25519 in libcrypt.h:
"#define LIBSSH2_ED25519 0"



Note: the libssh2 Github issue linked upthread mentions that the SSH key needs 
to be in a PEM format. Mine was not for the tests above (or any previous 
emails.) I looked into it more closely for this email, but could not figure out 
how to convert or make an ed25519 SSH key in PEM format using ssh-keygen.

Cheers,
Matthew Todd
matthew@zerobitcoder.net