Bug#493874: ssh-add -c reports SSH_AGENT_FAILURE and doesn't ask for confirmation
reassign 493874 gnome-keyring severity 493874 wishlist thanks On Wed, Aug 06, 2008 at 05:27:27PM +0100, Colin Watson wrote: On Wed, Aug 06, 2008 at 01:28:19AM -0300, Wouter Verhelst wrote: On Wed, Aug 06, 2008 at 01:35:13AM +0100, Colin Watson wrote: Is it possible that you are not in fact using ssh-agent, but a different not-quite-compatible agent provided by something like seahorse? Have a look at what's behind $SSH_AUTH_SOCK. Yes, that does appear to be the case; $SSH_AUTH_SOCK seems to be served by gnome-agent. I apparently also can't get rid of it without removing gdm. There's no match for gnome-agent in dists/unstable/Contents-i386.gz. Would you mind figuring out the correct package and reassigning this bug? Sorry; it was 'gnome-keyring', which runs 'gnome-keyring-daemon'. I got confused by the fact that ssh calls it an 'agent'. To the maintainer of gnome-keyring: ssh-add has a '-c' option, which will cause ssh-add to request from ssh-agent that it requests confirmation from the user every time an application tries to access the key; this is a benefit security-wise. It would be nice if gnome-keyring were to implement this. -- Lo-lan-do Home is where you have to wash the dishes. -- #debian-devel, Freenode, 2004-09-22 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#493874: ssh-add -c reports SSH_AGENT_FAILURE and doesn't ask for confirmation
On Wed, Aug 06, 2008 at 01:35:13AM +0100, Colin Watson wrote: On Tue, Aug 05, 2008 at 11:51:49AM -0300, Wouter Verhelst wrote: Since a while, when running 'ssh-add -c' (which is supposed to make ssh-agent ask the user for confirmation before allowing use of an ssh key), ssh-add prints SSH_AGENT_FAILURE on a line by itself (without explaining what the exact failure is). The result seems to be that ssh-agent then does know the key and allows software to use it, but it does not request user confirmation before giving out the secret key. I can't reproduce this: [EMAIL PROTECTED] ~$ ssh-add -c Enter passphrase for /home/cjwatson/.ssh/id_rsa: Identity added: /home/cjwatson/.ssh/id_rsa (/home/cjwatson/.ssh/id_rsa) The user has to confirm each use of the key Is it possible that you are not in fact using ssh-agent, but a different not-quite-compatible agent provided by something like seahorse? Have a look at what's behind $SSH_AUTH_SOCK. Yes, that does appear to be the case; $SSH_AUTH_SOCK seems to be served by gnome-agent. I apparently also can't get rid of it without removing gdm. Sigh. Why do the gnome people have to be so insane? Oh well. -- Lo-lan-do Home is where you have to wash the dishes. -- #debian-devel, Freenode, 2004-09-22 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#493874: ssh-add -c reports SSH_AGENT_FAILURE and doesn't ask for confirmation
On Tue, Aug 05, 2008 at 11:51:49AM -0300, Wouter Verhelst wrote: Since a while, when running 'ssh-add -c' (which is supposed to make ssh-agent ask the user for confirmation before allowing use of an ssh key), ssh-add prints SSH_AGENT_FAILURE on a line by itself (without explaining what the exact failure is). The result seems to be that ssh-agent then does know the key and allows software to use it, but it does not request user confirmation before giving out the secret key. I can't reproduce this: [EMAIL PROTECTED] ~$ ssh-add -c Enter passphrase for /home/cjwatson/.ssh/id_rsa: Identity added: /home/cjwatson/.ssh/id_rsa (/home/cjwatson/.ssh/id_rsa) The user has to confirm each use of the key Is it possible that you are not in fact using ssh-agent, but a different not-quite-compatible agent provided by something like seahorse? Have a look at what's behind $SSH_AUTH_SOCK. -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#493874: ssh-add -c reports SSH_AGENT_FAILURE and doesn't ask for confirmation
On Wed, Aug 06, 2008 at 01:28:19AM -0300, Wouter Verhelst wrote: On Wed, Aug 06, 2008 at 01:35:13AM +0100, Colin Watson wrote: Is it possible that you are not in fact using ssh-agent, but a different not-quite-compatible agent provided by something like seahorse? Have a look at what's behind $SSH_AUTH_SOCK. Yes, that does appear to be the case; $SSH_AUTH_SOCK seems to be served by gnome-agent. I apparently also can't get rid of it without removing gdm. There's no match for gnome-agent in dists/unstable/Contents-i386.gz. Would you mind figuring out the correct package and reassigning this bug? Thanks, -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#493874: ssh-add -c reports SSH_AGENT_FAILURE and doesn't ask for confirmation
Package: openssh-client Version: 1:5.1p1-2 Severity: normal File: /usr/bin/ssh-add Hi, Since a while, when running 'ssh-add -c' (which is supposed to make ssh-agent ask the user for confirmation before allowing use of an ssh key), ssh-add prints SSH_AGENT_FAILURE on a line by itself (without explaining what the exact failure is). The result seems to be that ssh-agent then does know the key and allows software to use it, but it does not request user confirmation before giving out the secret key. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: powerpc (ppc) Kernel: Linux 2.6.26-1-powerpc Locale: LANG=nl_BE.UTF-8, LC_CTYPE=nl_BE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages openssh-client depends on: ii adduser 3.109 add and remove users and groups ii debconf [debconf-2.0] 1.5.23 Debian configuration management sy ii dpkg 1.14.20Debian package management system ii libc6 2.7-13 GNU C Library: Shared libraries ii libcomerr21.41.0-3 common error description library ii libedit2 2.11~20080614-1BSD editline and history libraries ii libkrb53 1.6.dfsg.4~beta1-3 MIT Kerberos runtime libraries ii libncurses5 5.6+20080726-2 shared libraries for terminal hand ii libssl0.9.8 0.9.8g-13 SSL shared libraries ii passwd1:4.1.1-3 change and administer password and ii zlib1g1:1.2.3.3.dfsg-12 compression library - runtime Versions of packages openssh-client recommends: ii openssh-blacklist 0.4.1 list of default blacklisted OpenSS ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted Op ii xauth 1:1.0.3-2 X authentication utility Versions of packages openssh-client suggests: pn keychain none (no description available) pn libpam-ssh none (no description available) ii ssh-askpass 1:1.2.4.1-7 under X, asks user for a passphras -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]