[Touch-packages] [Bug 1812247] Re: ssh-askpass(-gnome) fails for ssh-add -c: agent refused operation

Sat, 26 Jan 2019 14:21:36 -0800 

Gosh, I was mistaken in #7. As in my initial report: ssh-askpass is
working, it is only failing for ssh-add -c:

tux@vbu1804:~$ ssh-add -D
All identities removed.
tux@vbu1804:~$ ssh-add -l
2048 SHA256:vHjyOAyTnsn92i47AQ8qu/oL2Y3blesvs09wUoYpDDY tux@vbu1804 (RSA)
tux@vbu1804:~$ ssh-add </dev/null
Identity added: /home/tux/.ssh/id_rsa (/home/tux/.ssh/id_rsa)
tux@vbu1804:~$ # ssh-askpass dialog was shown, passphrase entered, key added:
tux@vbu1804:~$ ssh-add -l
2048 SHA256:vHjyOAyTnsn92i47AQ8qu/oL2Y3blesvs09wUoYpDDY /home/tux/.ssh/id_rsa 
(RSA)
tux@vbu1804:~$ ssh $USER@127.0.0.1 loginctl --no-legend
         7       1000 tux                                               
         1       1000 tux              seat0            tty1            
tux@vbu1804:~$ ssh-add -D
All identities removed.
tux@vbu1804:~$ ssh-add -l
2048 SHA256:vHjyOAyTnsn92i47AQ8qu/oL2Y3blesvs09wUoYpDDY tux@vbu1804 (RSA)
tux@vbu1804:~$ ssh-add -c </dev/null
Identity added: /home/tux/.ssh/id_rsa (/home/tux/.ssh/id_rsa)
The user must confirm each use of the key
tux@vbu1804:~$ # again, ssh-askpass dialog was shown, passphrase entered, key 
added:
tux@vbu1804:~$ ssh-add -l
2048 SHA256:vHjyOAyTnsn92i47AQ8qu/oL2Y3blesvs09wUoYpDDY /home/tux/.ssh/id_rsa 
(RSA)
tux@vbu1804:~$ # but ssh fails:
tux@vbu1804:~$ ssh $USER@127.0.0.1 loginctl --no-legend
sign_and_send_pubkey: signing failed: agent refused operation
tux@127.0.0.1's password: [^C]

tux@vbu1804:~$


** Summary changed:

- ssh-askpass(-gnome): GNOME fails to show dialog
+ ssh-askpass(-gnome) fails for ssh-add -c: agent refused operation

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1812247

Title:
  ssh-askpass(-gnome) fails for ssh-add -c: agent refused operation

Status in openssh package in Ubuntu:
  New

Bug description:
  Ubuntu uses ssh-agent from OpenSSH which supports adding keys by means
  of `ssh-add -c` indicating that keys "should be subject to
  confirmation before being used for authentication. In Ubuntu 18.10
  this fails with the error

    sign_and_send_pubkey: signing failed: agent refused operation

  To reproduce I used a Ubuntu 18.10 Live "CD", apt-get update && apt-
  get upgrade, log out and log back in (these steps are not required but
  we want to use an up-to-date system). Then:

  $ sudo apt-get install ssh-askpass-gnome
  (...)
  $ # verify that ssh-askpass shows a popup, confirm with Enter
  $ ssh-askpass ; echo $?

  0
  $ ssh-keygen
  (...)
  $ ssh-add -D
  All identities removed.
  $ ssh-copy-id $sshuser@$sshserver
  (...)
  Number of key(s) added: 1
  (...)
  $ ssh $sshuser@$sshserver uname -a
  Linux server 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64 
GNU/Linux
  $ ssh-add -d
  Identity removed: /home/ubuntu/.ssh/id_rsa (ubuntu@ubuntu)
  $ ssh-add -c
  Enter passphrase for /home/ubuntu/.ssh/id_rsa (will confirm each use): 
  Identity added: /home/ubuntu/.ssh/id_rsa (/home/ubuntu/.ssh/id_rsa)
  The user must confirm each use of the key
  $ ssh $sshuser@$sshserver uname -a
  sign_and_send_pubkey: signing failed: agent refused operation
  sshuser@server's password: [^C'ed]

  $ ssh-add -l
  2048 SHA256:yvAFsTpkNWnlrQyCp+tWV83dIF8Je3AksM0o+Ajvyyc 
/home/ubuntu/.ssh/id_rsa (RSA)

  So, our key is loaded, ssh-askpass is working (also confirmed with
  `ssh-add -c </dev/null`), but authentication fails with
  "sign_and_send_pubkey: signing failed: agent refused operation".

  ProblemType: Bug
  DistroRelease: Ubuntu 18.10
  Package: gnome-session-bin 3.30.0-0ubuntu4
  ProcVersionSignature: Ubuntu 4.18.0-10.11-generic 4.18.12
  Uname: Linux 4.18.0-10-generic x86_64
  ApportVersion: 2.20.10-0ubuntu13.1
  Architecture: amd64
  CasperVersion: 1.399
  CurrentDesktop: ubuntu:GNOME
  Date: Thu Jan 17 17:14:35 2019
  ExecutablePath: /usr/lib/gnome-session/gnome-session-binary
  LiveMediaBuild: Ubuntu 18.10 "Cosmic Cuttlefish" - Release amd64 (20181017.3)
  ProcEnviron:
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=C.UTF-8
   SHELL=/bin/bash
  SourcePackage: gnome-session
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1812247/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to