@paelzer, you put a lot of work into this. Much appreciated! Thanks a lot! There's an important difference between your approach and mine: You start another ssh-agent within a terminal that you do not leave. So, this ssh-agent is available, it's plain OpenSSH ssh-agent, nothing seems to interfere, and everything works fine. I can confirm this.
However, an ssh-agent is already running, started by the X (or GNOME) session. And that's the ssh-agent we want to use so that the keys are available to all programs started by the window manager (e.g. a file manager accessing sftp://...). Thanks to your input, though, and thanks to the fact that I got a new VirtualBox set up, I found that it's not just `ssh-add -c` that is failing. ssh-askpass itself (tried with the plain X11 one and the GNOME version) is not shown when it should. So, I got a step further but, unfortunately, I still don't know where the actual bug is located. I am confused by a (new?) feature of GNOME keyring (I think) that makes locally saved SSH keys available and presents a full-screen dialog to ask for the password of the key. There are 2 big problems with this: (1) It works only for locally saved keys, but we want ssh-agent to receive keys via ssh-add from anywhere (e.g. a remote server via `ssh -A`). (2) This dialog is not ssh-askpass. So, if ssh-askpass is supposed to work it does not. Hence, `ssh-add -c` and key confirmations fail, too. I am attaching my full console session in Ubuntu 18.04.1 for reference and details. ** Attachment added: "ssh-agent-askpass-bug.txt" https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1812247/+attachment/5232794/+files/ssh-agent-askpass-bug.txt ** Tags added: bionic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1812247 Title: ssh-askpass(-gnome): GNOME fails to show dialog Status in openssh package in Ubuntu: New Bug description: Ubuntu uses ssh-agent from OpenSSH which supports adding keys by means of `ssh-add -c` indicating that keys "should be subject to confirmation before being used for authentication. In Ubuntu 18.10 this fails with the error sign_and_send_pubkey: signing failed: agent refused operation To reproduce I used a Ubuntu 18.10 Live "CD", apt-get update && apt- get upgrade, log out and log back in (these steps are not required but we want to use an up-to-date system). Then: $ sudo apt-get install ssh-askpass-gnome (...) $ # verify that ssh-askpass shows a popup, confirm with Enter $ ssh-askpass ; echo $? 0 $ ssh-keygen (...) $ ssh-add -D All identities removed. $ ssh-copy-id $sshuser@$sshserver (...) Number of key(s) added: 1 (...) $ ssh $sshuser@$sshserver uname -a Linux server 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64 GNU/Linux $ ssh-add -d Identity removed: /home/ubuntu/.ssh/id_rsa (ubuntu@ubuntu) $ ssh-add -c Enter passphrase for /home/ubuntu/.ssh/id_rsa (will confirm each use): Identity added: /home/ubuntu/.ssh/id_rsa (/home/ubuntu/.ssh/id_rsa) The user must confirm each use of the key $ ssh $sshuser@$sshserver uname -a sign_and_send_pubkey: signing failed: agent refused operation sshuser@server's password: [^C'ed] $ ssh-add -l 2048 SHA256:yvAFsTpkNWnlrQyCp+tWV83dIF8Je3AksM0o+Ajvyyc /home/ubuntu/.ssh/id_rsa (RSA) So, our key is loaded, ssh-askpass is working (also confirmed with `ssh-add -c </dev/null`), but authentication fails with "sign_and_send_pubkey: signing failed: agent refused operation". ProblemType: Bug DistroRelease: Ubuntu 18.10 Package: gnome-session-bin 3.30.0-0ubuntu4 ProcVersionSignature: Ubuntu 4.18.0-10.11-generic 4.18.12 Uname: Linux 4.18.0-10-generic x86_64 ApportVersion: 2.20.10-0ubuntu13.1 Architecture: amd64 CasperVersion: 1.399 CurrentDesktop: ubuntu:GNOME Date: Thu Jan 17 17:14:35 2019 ExecutablePath: /usr/lib/gnome-session/gnome-session-binary LiveMediaBuild: Ubuntu 18.10 "Cosmic Cuttlefish" - Release amd64 (20181017.3) ProcEnviron: PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=C.UTF-8 SHELL=/bin/bash SourcePackage: gnome-session UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1812247/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
