I am a bit confused by the bug report.
I think ssh-add is correctly adding the DSA key to the agent, and the
fact that running ssh-add again requests the password again is normal
and expected. Looks Trusty behaves the same:
ubuntu@paride-t:~$ eval $(ssh-agent -s)
Agent pid 2406
ubuntu@paride-t:~$ ssh-add
Enter passphrase for /home/ubuntu/.ssh/id_rsa:
Identity added: /home/ubuntu/.ssh/id_rsa (/home/ubuntu/.ssh/id_rsa)
ubuntu@paride-t:~$ ssh-add
Enter passphrase for /home/ubuntu/.ssh/id_rsa:
Identity added: /home/ubuntu/.ssh/id_rsa (/home/ubuntu/.ssh/id_rsa)
So in my view this part of the bug is Invalid. @Rolf maybe you didn't
realize as normally when ssh pubkey authentication just works there's no
point in re-running ssh-agent?
I don't think keychain comes into play in this, as it is just a handy
tool to manage the environment variables pointing to the ssh-agent
socket. The password prompts are from ssh-add.
Then there is the fact that DSA keys have been deprecated from
authentication, which is the root of the issue in my opinion. This is in
my opinion a Wontfix, as heightening the security baseline requires
deprecating older standards.
I'm moving this back to Incomplete.
** Changed in: openssh (Ubuntu)
Status: Triaged => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1764044
Title:
ssh-add asks about passphrases for keys already unlocked in the
keychain
Status in openssh package in Ubuntu:
Incomplete
Bug description:
In the below example, on the second invocation of ssh-add I should not
be prompted to enter the passphrase again after I successfully entered
it on the first instance. This used to work fine in trusty i386
setup.
$ keychain && ssh-add
* keychain 2.8.2 ~ http://www.funtoo.org
* Starting ssh-agent...
Enter passphrase for /home/rolf/.ssh/id_rsa:
Identity added: /home/rolf/.ssh/id_rsa (/home/rolf/.ssh/id_rsa)
Enter passphrase for /home/rolf/.ssh/id_dsa:
Identity added: /home/rolf/.ssh/id_dsa (/home/rolf/.ssh/id_dsa)
$ keychain && ssh-add
* keychain 2.8.2 ~ http://www.funtoo.org
* Found existing ssh-agent: 25744
Enter passphrase for /home/rolf/.ssh/id_rsa:
Identity added: /home/rolf/.ssh/id_rsa (/home/rolf/.ssh/id_rsa)
Enter passphrase for /home/rolf/.ssh/id_dsa:
Identity added: /home/rolf/.ssh/id_dsa (/home/rolf/.ssh/id_dsa)
gnome-keyring is running:
$ ps -ax|grep key
2067 ? SLl 0:05 /usr/bin/gnome-keyring-daemon --start --components
ssh
2078 ? Ssl 0:01
/usr/lib/x86_64-linux-gnu/indicator-keyboard/indicator-keyboard-service
--use-gtk
6987 ? S 0:00 /usr/bin/ssh-agent -D -a
/run/user/1000/keyring/.ssh
17832 pts/2 S+ 0:00 grep --color=auto key
ssh-agent is running:
$ ps aux | grep ssh-agent
leggewie 1928 0.0 0.0 15548 340 ? Ss 02:38 0:00
/usr/bin/ssh-agent /usr/bin/im-launch env LD_PRELOAD=libgtk3-nocsd.so.0
/usr/lib/gnome-session/run-systemd-session unity-session.target
leggewie 6987 0.0 0.0 11304 1484 ? S 02:50 0:00
/usr/bin/ssh-agent -D -a /run/user/1000/keyring/.ssh
leggewie 9952 0.0 0.0 11304 320 ? Ss 04:11 0:00 ssh-agent
bash
leggewie 17850 0.0 0.0 14492 1160 pts/2 S+ 06:06 0:00 grep
--color=auto ssh-agent
$ env|grep SSH
SSH_AUTH_SOCK=/tmp/ssh-W6fuGBztRRds/agent.6992
SSH_AGENT_PID=9952
SSH_AGENT_LAUNCHER=gnome-keyring
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1764044/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
