[Bug 1764044] Re: ssh-add asks about passphrases for keys already unlocked in the keychain
A bit more info because this bug came up again for me. It was mentioned that this was working OK in Trusty, so I assume that openssh 6.6 was being used there, and that when the upgrade to openssh 7.x happened this issue started happening. I agree that the tool itself could be more helpful in its output, but this deprecation has been documented in the release notes: https://wiki.ubuntu.com/XenialXerus/ReleaseNotes/#OpenSSH_7.2p2 I looked at upstream's bugzilla and could not find any bugs requesting a more verbose output from the tool. I still believe this bug should be dealt with by upstream, and we can follow their lead. Keeping as Low priority (and I consider that the priority will only get lower, given that people will forcefully start migrating away from DSA). BTW, I confirmed that this issue still applies to Jammy. ** Changed in: openssh (Ubuntu) Status: New => Triaged ** Changed in: openssh (Ubuntu) Importance: Low => Wishlist -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1764044 Title: ssh-add asks about passphrases for keys already unlocked in the keychain To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1764044/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1764044] Re: ssh-add asks about passphrases for keys already unlocked in the keychain
Thank you for following up with this. It seems like an interesting bug to consider, but it appears to be low priority, so I am marking it as such. On a side note, I would like to point out that these kind of bugs are usually better dealt with by upstream, so I would recommend you to file a report against them. If you do so, please let us know the link to the bug so that we can keep track of the progress. Thank you! ** Changed in: openssh (Ubuntu) Importance: Undecided => Low -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1764044 Title: ssh-add asks about passphrases for keys already unlocked in the keychain To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1764044/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1764044] Re: ssh-add asks about passphrases for keys already unlocked in the keychain
while you can certainly argue that the obsolete key was a configuration issue, I'd find it surprising to see the missing warning about this while silently pretending to be working just fine not to be considered a bug. ** Changed in: openssh (Ubuntu) Status: Incomplete => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1764044 Title: ssh-add asks about passphrases for keys already unlocked in the keychain To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1764044/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1764044] Re: ssh-add asks about passphrases for keys already unlocked in the keychain
Rolf, Thank you for taking the time to file a bug report. I have just used the following in my .bashrc (like keychain man page says so): """ keychain id_rsa id_dsa id_ecdsa [ -z "$HOSTNAME" ] && HOSTNAME=`uname -n` [ -f $HOME/.keychain/$HOSTNAME-sh ] && . $HOME/.keychain/$HOSTNAME-sh [ -f $HOME/.keychain/$HOSTNAME-sh-gpg ] && . $HOME/.keychain/$HOSTNAME-sh-gpg """ and I have all my keys already set: """ * keychain 2.8.5 ~ http://www.funtoo.org * Found existing ssh-agent: 3684816 * Known ssh key: /home/rafaeldtinoco/.ssh/id_rsa * Known ssh key: /home/rafaeldtinoco/.ssh/id_dsa * Known ssh key: /home/rafaeldtinoco/.ssh/id_ecdsa rafaeldtinoco@workstation:~$ """ for every new shell. Just needed to put my password once. Since it seems likely to me that this is a local configuration problem, rather than a bug in Ubuntu, I am marking this bug as 'Incomplete'. However, if you believe that this is really a bug in Ubuntu, then we would be grateful if you would provide a more complete description of the problem with steps to reproduce, explain why you believe this is a bug in Ubuntu rather than a problem specific to your system, and then change the bug status back to "New". For local configuration issues, you can find assistance here: http://www.ubuntu.com/support/community ** Changed in: openssh (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1764044 Title: ssh-add asks about passphrases for keys already unlocked in the keychain To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1764044/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1764044] Re: ssh-add asks about passphrases for keys already unlocked in the keychain
Rolf, Thank you for taking the time to file a bug report. I have just used the following in my .bashrc (like keychain man page says so): """ keychain id_rsa id_dsa id_ecdsa [ -z "$HOSTNAME" ] && HOSTNAME=`uname -n` [ -f $HOME/.keychain/$HOSTNAME-sh ] && . $HOME/.keychain/$HOSTNAME-sh [ -f $HOME/.keychain/$HOSTNAME-sh-gpg ] && . $HOME/.keychain/$HOSTNAME-sh-gpg """ and I have all my keys already set: """ * keychain 2.8.5 ~ http://www.funtoo.org * Found existing ssh-agent: 3684816 * Known ssh key: /home/rafaeldtinoco/.ssh/id_rsa * Known ssh key: /home/rafaeldtinoco/.ssh/id_dsa * Known ssh key: /home/rafaeldtinoco/.ssh/id_ecdsa rafaeldtinoco@workstation:~$ """ for every new shell. Just needed to put my password once. Since it seems likely to me that this is a local configuration problem, rather than a bug in Ubuntu, I am marking this bug as 'Incomplete'. However, if you believe that this is really a bug in Ubuntu, then we would be grateful if you would provide a more complete description of the problem with steps to reproduce, explain why you believe this is a bug in Ubuntu rather than a problem specific to your system, and then change the bug status back to "New". For local configuration issues, you can find assistance here: http://www.ubuntu.com/support/community ** Changed in: openssh (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1764044 Title: ssh-add asks about passphrases for keys already unlocked in the keychain To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1764044/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1764044] Re: ssh-add asks about passphrases for keys already unlocked in the keychain
I finally was able to solve this. It turns out, my key was too old and thus kind of disabled as a security measure, I suppose. After creating a new key based off ED25519 and adding the corresponding public key to ~/.ssh/authorized_keys on the server, things are now working again. Can we please do better and inform the user what's wrong instead of silently pretending to be working but dropping the unlocked key? FWIW, even now with the process working again "keychain -l" still lists nothing. I'm not 100% sure but that looks like a bug of its own. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1764044 Title: ssh-add asks about passphrases for keys already unlocked in the keychain To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1764044/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1764044] Re: ssh-add asks about passphrases for keys already unlocked in the keychain
** Description changed: In the below example, on the second invocation of ssh-add I should not be prompted to enter the passphrase again after I successfully entered - it on the first instance. + it on the first instance. This used to work fine in trusty i386 setup. $ keychain && ssh-add * keychain 2.8.2 ~ http://www.funtoo.org * Starting ssh-agent... Enter passphrase for /home/rolf/.ssh/id_rsa: Identity added: /home/rolf/.ssh/id_rsa (/home/rolf/.ssh/id_rsa) Enter passphrase for /home/rolf/.ssh/id_dsa: Identity added: /home/rolf/.ssh/id_dsa (/home/rolf/.ssh/id_dsa) $ keychain && ssh-add * keychain 2.8.2 ~ http://www.funtoo.org * Found existing ssh-agent: 25744 Enter passphrase for /home/rolf/.ssh/id_rsa: Identity added: /home/rolf/.ssh/id_rsa (/home/rolf/.ssh/id_rsa) Enter passphrase for /home/rolf/.ssh/id_dsa: Identity added: /home/rolf/.ssh/id_dsa (/home/rolf/.ssh/id_dsa) + + gnome-keyring is running: + $ ps -ax|grep key + 2067 ?SLl0:05 /usr/bin/gnome-keyring-daemon --start --components ssh + 2078 ?Ssl0:01 /usr/lib/x86_64-linux-gnu/indicator-keyboard/indicator-keyboard-service --use-gtk + 6987 ?S 0:00 /usr/bin/ssh-agent -D -a /run/user/1000/keyring/.ssh + 17832 pts/2S+ 0:00 grep --color=auto key + + ssh-agent is running: + $ ps aux | grep ssh-agent + leggewie 1928 0.0 0.0 15548 340 ?Ss 02:38 0:00 /usr/bin/ssh-agent /usr/bin/im-launch env LD_PRELOAD=libgtk3-nocsd.so.0 /usr/lib/gnome-session/run-systemd-session unity-session.target + leggewie 6987 0.0 0.0 11304 1484 ?S02:50 0:00 /usr/bin/ssh-agent -D -a /run/user/1000/keyring/.ssh + leggewie 9952 0.0 0.0 11304 320 ?Ss 04:11 0:00 ssh-agent bash + leggewie 17850 0.0 0.0 14492 1160 pts/2S+ 06:06 0:00 grep --color=auto ssh-agent + + $ env|grep SSH + SSH_AUTH_SOCK=/tmp/ssh-W6fuGBztRRds/agent.6992 + SSH_AGENT_PID=9952 + SSH_AGENT_LAUNCHER=gnome-keyring -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1764044 Title: ssh-add asks about passphrases for keys already unlocked in the keychain To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1764044/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs