Re: sign_and_send_pubkey: signing failed: agent refused operation
On Thu, 2019-05-16 at 10:09 -0700, Brian C. Lane wrote: > On Wed, May 15, 2019 at 05:09:41PM -0400, Steve Dickson wrote: > > Hello, > > > > I'm getting the following error when I'm access the fedora git > > trees. > > > > sign_and_send_pubkey: signing failed: agent refused operation > > ste...@pkgs.fedoraproject.org: Permission denied (publickey). > > fatal: Could not read from remote repository. > > > > Please make sure you have the correct access rights > > and the repository exists. > > > > Now I know I have the correct publickey (id_rsa/id_rsa.pub) > > because they work on a different host. and generally > > when I have the wrong keys, I get the above error minus > > > > sign_and_send_pubkey: signing failed: agent refused operation > > > > Any idea what is happening? > > Do you have multiple keys loaded? ISTR hitting this when I had a > large > number of different keys and it would hit a limit trying them. In my > ~/.ssh/config I have this: > > HOST *.fedoraproject.org fedorapeople.org *.fedorahosted.org > fedorahosted.org > IdentityFile ~/.ssh/fedora > > to force it to use the right key on the 1st try. No, this would be different error from server saying too many authentication attempts. Regards, -- Jakub Jelen Senior Software Engineer Security Technologies Red Hat, Inc. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: sign_and_send_pubkey: signing failed: agent refused operation
On Thu, 2019-05-16 at 15:31 -0400, Steve Dickson wrote: > > On 5/16/19 5:11 AM, Jakub Jelen wrote: > > On Wed, 2019-05-15 at 17:09 -0400, Steve Dickson wrote: > > > Hello, > > > > > > I'm getting the following error when I'm access the fedora git > > > trees. > > > > > > sign_and_send_pubkey: signing failed: agent refused operation > > > ste...@pkgs.fedoraproject.org: Permission denied (publickey). > > > fatal: Could not read from remote repository. > > > > > > Please make sure you have the correct access rights > > > and the repository exists. > > > > > > Now I know I have the correct publickey (id_rsa/id_rsa.pub) > > > because they work on a different host. and generally > > > when I have the wrong keys, I get the above error minus > > > > > > sign_and_send_pubkey: signing failed: agent refused operation > > > > > > Any idea what is happening? > > > > What Fedora and OpenSSH version are you using? > Update F29 and openssh-7.9p1-5.fc29 This one is in the wild for quite a long time. > > Does it work if you downgrade openssh? > Do do for some reason things started working again w/out a > downgrade. > > Are you using gnome-keyring? > No. > > > What is the output of "echo $SSH_AUTH_SOCK"? > /run/user/3606/keyring/ssh This is the path used by gnome-keyring. But internally, the gnome keyring is using the openssh's ssh-agent in recent versions so there is still quite many moving parts. > > This error means that the agent fails to provide the signature > > using > > your private key for some reason. Running the ssh-agent separately > > in > > debug mode (ssh-agent -d) might show a bit more information. > OK... thanks for the tip... but like I said.. things just started > working again... Maybe was because I am on a remote Oracle campus? ;- > ) Good to hear that it works now. Please, let me know if you would see something weird going on with openssh. Regards, -- Jakub Jelen Senior Software Engineer Security Technologies Red Hat, Inc. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: sign_and_send_pubkey: signing failed: agent refused operation
On 5/16/19 5:11 AM, Jakub Jelen wrote: > On Wed, 2019-05-15 at 17:09 -0400, Steve Dickson wrote: >> Hello, >> >> I'm getting the following error when I'm access the fedora git trees. >> >> sign_and_send_pubkey: signing failed: agent refused operation >> ste...@pkgs.fedoraproject.org: Permission denied (publickey). >> fatal: Could not read from remote repository. >> >> Please make sure you have the correct access rights >> and the repository exists. >> >> Now I know I have the correct publickey (id_rsa/id_rsa.pub) >> because they work on a different host. and generally >> when I have the wrong keys, I get the above error minus >> >> sign_and_send_pubkey: signing failed: agent refused operation >> >> Any idea what is happening? > > What Fedora and OpenSSH version are you using? Update F29 and openssh-7.9p1-5.fc29 > Does it work if you downgrade openssh? Do do for some reason things started working again w/out a downgrade. Are you using gnome-keyring? No. > What is the output of "echo $SSH_AUTH_SOCK"? /run/user/3606/keyring/ssh > > This error means that the agent fails to provide the signature using > your private key for some reason. Running the ssh-agent separately in > debug mode (ssh-agent -d) might show a bit more information. OK... thanks for the tip... but like I said.. things just started working again... Maybe was because I am on a remote Oracle campus? ;-) Thanks! steved. > > Regards, > ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: sign_and_send_pubkey: signing failed: agent refused operation
On Wed, May 15, 2019 at 05:09:41PM -0400, Steve Dickson wrote: > Hello, > > I'm getting the following error when I'm access the fedora git trees. > > sign_and_send_pubkey: signing failed: agent refused operation > ste...@pkgs.fedoraproject.org: Permission denied (publickey). > fatal: Could not read from remote repository. > > Please make sure you have the correct access rights > and the repository exists. > > Now I know I have the correct publickey (id_rsa/id_rsa.pub) > because they work on a different host. and generally > when I have the wrong keys, I get the above error minus > > sign_and_send_pubkey: signing failed: agent refused operation > > Any idea what is happening? Do you have multiple keys loaded? ISTR hitting this when I had a large number of different keys and it would hit a limit trying them. In my ~/.ssh/config I have this: HOST *.fedoraproject.org fedorapeople.org *.fedorahosted.org fedorahosted.org IdentityFile ~/.ssh/fedora to force it to use the right key on the 1st try. -- Brian C. Lane (PST8PDT) - weldr.io - lorax - parted ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: sign_and_send_pubkey: signing failed: agent refused operation
On Thu, 16 May 2019 11:11:52 +0200 Jakub Jelen wrote: > On Wed, 2019-05-15 at 17:09 -0400, Steve Dickson wrote: > > Hello, > > > > I'm getting the following error when I'm access the fedora git > > trees. > > > > sign_and_send_pubkey: signing failed: agent refused operation > > ste...@pkgs.fedoraproject.org: Permission denied (publickey). > > fatal: Could not read from remote repository. > > > > Please make sure you have the correct access rights > > and the repository exists. > > > > Now I know I have the correct publickey (id_rsa/id_rsa.pub) > > because they work on a different host. and generally > > when I have the wrong keys, I get the above error minus > > > > sign_and_send_pubkey: signing failed: agent refused operation > > > > Any idea what is happening? > > What Fedora and OpenSSH version are you using? Does it work if you > downgrade openssh? Are you using gnome-keyring? What is the output of > "echo $SSH_AUTH_SOCK"? probably only for the record as I don't expect many Fedora/ppc64le desktop users here and the problem seems to be ppc64le specific :-) You get the "agent refused operation" there, because the gcr-prompter process (dbus service) crashes when unlocking the ssh key, for more details see https://bugzilla.redhat.com/show_bug.cgi?id=1631759 Dan ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: sign_and_send_pubkey: signing failed: agent refused operation
On Wed, 2019-05-15 at 17:09 -0400, Steve Dickson wrote: > Hello, > > I'm getting the following error when I'm access the fedora git trees. > > sign_and_send_pubkey: signing failed: agent refused operation > ste...@pkgs.fedoraproject.org: Permission denied (publickey). > fatal: Could not read from remote repository. > > Please make sure you have the correct access rights > and the repository exists. > > Now I know I have the correct publickey (id_rsa/id_rsa.pub) > because they work on a different host. and generally > when I have the wrong keys, I get the above error minus > > sign_and_send_pubkey: signing failed: agent refused operation > > Any idea what is happening? What Fedora and OpenSSH version are you using? Does it work if you downgrade openssh? Are you using gnome-keyring? What is the output of "echo $SSH_AUTH_SOCK"? This error means that the agent fails to provide the signature using your private key for some reason. Running the ssh-agent separately in debug mode (ssh-agent -d) might show a bit more information. Regards, -- Jakub Jelen Senior Software Engineer Security Technologies Red Hat, Inc. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: sign_and_send_pubkey: signing failed: agent refused operation
On 5/15/19 3:09 PM, Steve Dickson wrote: Hello, I'm getting the following error when I'm access the fedora git trees. sign_and_send_pubkey: signing failed: agent refused operation ste...@pkgs.fedoraproject.org: Permission denied (publickey). fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. Now I know I have the correct publickey (id_rsa/id_rsa.pub) because they work on a different host. and generally when I have the wrong keys, I get the above error minus sign_and_send_pubkey: signing failed: agent refused operation Any idea what is happening? FWIW - I get the agent message when I had previously added a PKCS#11 key to my agent, but then remove the device. It may or may not have anything to do with the underlying issue. Sometimes remotes refuse authentication after multiple failures with other ssh keys stored in your agent. You may want to enable LogLevel DEBUG in your ~/.ssh/config file for pkgs.fedoraproject.org to see what's going on. If multiple keys is the issue, specifying the key to use in your ~/.ssh/config file for that host helps. -- Orion Poplawski Manager of NWRA Technical Systems 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane or...@nwra.com Boulder, CO 80301 https://www.nwra.com/ smime.p7s Description: S/MIME Cryptographic Signature ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
sign_and_send_pubkey: signing failed: agent refused operation
Hello, I'm getting the following error when I'm access the fedora git trees. sign_and_send_pubkey: signing failed: agent refused operation ste...@pkgs.fedoraproject.org: Permission denied (publickey). fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. Now I know I have the correct publickey (id_rsa/id_rsa.pub) because they work on a different host. and generally when I have the wrong keys, I get the above error minus sign_and_send_pubkey: signing failed: agent refused operation Any idea what is happening? tia, steved. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
