Bug#524018: openssh-client: ssh-agent as started by xsession can't use keys
On Tue, Apr 14, 2009 at 12:01:17PM +0100, Colin Watson wrote: Are you sure that OpenSSH's agent is in fact the one being used here? GNOME has recently taken to using seahorse which has some bugs. You can tell the difference by typing 'echo $SSH_AUTH_SOCK'. A genuine OpenSSH agent will be /tmp/ssh-SOMETHING/agent.PID. Strange. As below, this suggests that this is indeed seahorse, or at least not ssh-agent. The SSH_AGENT_PID matches up with a /usr/bin/ssh-agent and I don't think seahorse (or anything else) is faking itself as /usr/bin/ssh-agent, there are no alternatives or diversions in place either. 13:59:29$ echo $SSH_AUTH_SOCK /tmp/keyring-IrOybQ/socket.ssh 13:59:32$ echo $SSH_AGENT_PID 3482 13:59:35$ ps -eaf|grep 3482 jon 3482 3428 0 10:13 ?00:00:00 /usr/bin/ssh-agent /usr/bin/gpg-agent --daemon --sh --write-env-file=/home/jon/.gnupg/gpg-agent-info-ra /usr/bin/dbus-launch --exit-with-session x-session-manager jon 13182 13151 0 13:59 pts/500:00:00 grep 3482 13:59:38$ ls /tmp/ssh-ISulua3428/agent.3428 /tmp/ssh-ISulua3428/agent.3428 13:59:45$ ps -eaf|grep 3428 jon 3428 3273 0 10:13 ?00:00:00 x-session-manager snip I've just removed seahorse, logged out, restarted gdm, logged back in again and the problem remains, so it probably isn't actually seahorse, but it most likely isn't ssh agent either. Do you mind if I park this report here regardless until I've figured out a better place for it? 11:14:35$ ps -eaf|grep ssh-agent jon 22681 22627 0 11:12 ?00:00:00 /usr/bin/ssh-agent /usr/bin/gpg-agent --daemon --sh --write-env-file=/home/jon/.gnupg/gpg-agent-info-ra /usr/bin/dbus-launch --exit-with-session x-session-manager 11:14:36$ export | grep SSH declare -x SSH_AGENT_PID=22681 declare -x SSH_AUTH_SOCK=/tmp/keyring-n23XSa/socket.ssh -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#524018: openssh-client: ssh-agent as started by xsession can't use keys
On Wed, Apr 15, 2009 at 11:18:20AM +0100, Jon Dowland wrote: I've just removed seahorse, logged out, restarted gdm, logged back in again and the problem remains, so it probably isn't actually seahorse, but it most likely isn't ssh agent either. I've just tried the inverse, installing seahorse and seahorse-plugins (since the latter mumbles something about ssh in it's description). Rinse, repeat, and the problem remains. Some part of the xsession startup echoes various environment variables on stderr and they end up in ~/.xsession-errors: /etc/gdm/Xsession: Beginning session setup... ** Message: Another GPG agent already running SESSION_MANAGER=local/ra:@/tmp/.ICE-unix/23379,unix/ra:/tmp/.ICE-unix/23379 1239790696.443348 Session manager: disconnected... Window manager warning: Failed to read saved session file /home/jon/.config/meta city/sessions/default0.ms: Failed to open file '/home/jon/.config/metacity/sessi ons/default0.ms': No such file or directory GNOME_KEYRING_SOCKET=/tmp/keyring-wiGtof/socket SSH_AUTH_SOCK=/tmp/keyring-wiGtof/socket.ssh ... -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#524018: openssh-client: ssh-agent as started by xsession can't use keys
Last spam from me for today: 11:22:34$ lsof | grep /tmp/keyring-wiGtof/socket.ssh gnome-key 23368jon 18u unix 0x8101261f8380 0t099223 /tmp/keyring-wiGtof/socket.ssh 11:22:39$ ps -eaf|grep gnome-key jon 23368 1 0 11:18 ?00:00:00 /usr/bin/gnome-keyring-daemon --daemonize --login So that socket belongs to gnome-keyring. This might be related to #523322. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#524018: openssh-client: ssh-agent as started by xsession can't use keys
Package: openssh-client Version: 1:5.1p1-5 Severity: important Recently, the ssh-agent instance started by xsession (as part of a GNOME desktop login) cannot use my public key, nor a newly generated passwordless RSA key. After adding a new user, logging into a fresh desktop session (no existing $HOME cruft), generating a new RSA key with ssh-keygen -t rsa, no passphrase, and using ssh-add to inject it into the agent, the following occurs t...@ra:~$ ssh nj...@aldred.ncl.ac.uk Agent admitted failure to sign using the key. nj...@aldred.ncl.ac.uk's password: With my normal user and key, I don't get that failure message. -vvv output attached to report as 'attempt2'. Strangely, both with this test environment and with my own setup and key, if I do eval `ssh-agent`;ssh-add , all works as expected, so it appears to be something to do with the way in which ssh-agent is invoked by xsession (defined in /etc/X11/Xsession.d/90x11-common_ssh-agent from package x11-common it would seem) rather than ssh-agent itself. The ssh-agent started by xsession is /usr/bin/ssh-agent /usr/bin/gpg-agent --daemon --sh --write-env-file=/home/jon/.gnupg/gpg-agent-info-ra /usr/bin/dbus-launch --exit-with-session x-session-manager This is rather crippling my day to day work :( Any hints on where to look further would be much appreciated. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages openssh-client depends on: ii adduser 3.110 add and remove users and groups ii debconf [debconf-2.0 1.5.26 Debian configuration management sy ii dpkg 1.14.25 Debian package management system ii libc62.9-7 GNU C Library: Shared libraries ii libcomerr2 1.41.3-1common error description library ii libedit2 2.11~20080614-1 BSD editline and history libraries ii libkrb53 1.6.dfsg.4~beta1-13 Transitional library package/krb4 ii libncurses5 5.7+20090404-1 shared libraries for terminal hand ii libssl0.9.8 0.9.8g-16 SSL shared libraries ii passwd 1:4.1.1-6 change and administer password and ii zlib1g 1:1.2.3.3.dfsg-13 compression library - runtime Versions of packages openssh-client recommends: ii openssh-blacklist 0.4.1 list of default blacklisted OpenSS ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted Op ii xauth 1:1.0.3-2 X authentication utility Versions of packages openssh-client suggests: pn keychain none (no description available) pn libpam-sshnone (no description available) pn ssh-askpass none (no description available) -- no debconf information -- Jon DowlandISS UNIX TeamNewcastle University signature.asc Description: Digital signature
Bug#524018: openssh-client: ssh-agent as started by xsession can't use keys
On Tue, Apr 14, 2009 at 10:00:34AM +0100, Jon Dowland wrote: Recently, the ssh-agent instance started by xsession (as part of a GNOME desktop login) cannot use my public key, nor a newly generated passwordless RSA key. After adding a new user, logging into a fresh desktop session (no existing $HOME cruft), generating a new RSA key with ssh-keygen -t rsa, no passphrase, and using ssh-add to inject it into the agent, the following occurs t...@ra:~$ ssh nj...@aldred.ncl.ac.uk Agent admitted failure to sign using the key. nj...@aldred.ncl.ac.uk's password: With my normal user and key, I don't get that failure message. Are you sure that OpenSSH's agent is in fact the one being used here? GNOME has recently taken to using seahorse which has some bugs. You can tell the difference by typing 'echo $SSH_AUTH_SOCK'. A genuine OpenSSH agent will be /tmp/ssh-SOMETHING/agent.PID. -- Colin Watson [cjwat...@debian.org] -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
