Public bug reported: When I try to mount an sftp backend using public key authentication with the private key stored on a smart card, I get a permission denied error. I'm on Ubuntu 16.04.3 LTS, with gvfs 1.28.2-1ubuntu1~16.04.2.
dseomn@solaria:~$ echo $SSH_AUTH_SOCK /home/dseomn/.gnupg/S.gpg-agent.ssh dseomn@solaria:~$ dbus-update-activation-environment GVFS_DEBUG=x GVFS_DEBUG_FUSE=x dseomn@solaria:~$ killall gvfsd dseomn@solaria:~$ gvfs-mount sftp://[redacted]@[redacted]/[redacted] Error mounting location: Permission denied dseomn@solaria:~$ tail -n 9 /var/log/syslog Sep 27 14:48:21 solaria org.gtk.vfs.Daemon[2234]: Added new job source 0xdae0e0 (GVfsBackendSftp) Sep 27 14:48:21 solaria org.gtk.vfs.Daemon[2234]: Queued new job 0xd946f0 (GVfsJobMount) Sep 27 14:48:21 solaria org.gtk.vfs.Daemon[2234]: spawn_ssh: /usr/bin/ssh -oForwardX11 no -oForwardAgent no -oPermitLocalCommand no -oClearAllForwardings yes -oProtocol 2 -oNoHostAuthenticationForLocalhost yes -l [redacted] -s [redacted] sftp Sep 27 14:48:21 solaria org.gtk.vfs.Daemon[2234]: handle_login #1 initial_connection = 1 - user: [redacted], host: [redacted], port: -1 Sep 27 14:48:21 solaria org.gtk.vfs.Daemon[2234]: handle_login #1 - password_save: 0 Sep 27 14:48:21 solaria org.gtk.vfs.Daemon[2234]: handle_login #1 - ret_val: 1 Sep 27 14:48:21 solaria org.gtk.vfs.Daemon[2234]: stderr: Permission denied (publickey). Sep 27 14:48:21 solaria org.gtk.vfs.Daemon[2234]: send_reply(0xd946f0), failed=1 (Permission denied) Sep 27 14:48:21 solaria org.gtk.vfs.Daemon[2234]: ** (gvfsd:22467): WARNING **: dbus_mount_reply: Error from org.gtk.vfs.Mountable.mount(): Permission denied dseomn@solaria:~$ /usr/bin/ssh -v '-oForwardX11 no' '-oForwardAgent no' '-oPermitLocalCommand no' '-oClearAllForwardings yes' '-oProtocol 2' '-oNoHostAuthenticationForLocalhost yes' -l [redacted] -s [redacted] sftp OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/dseomn/.ssh/config debug1: /home/dseomn/.ssh/config line 4: Applying options for * debug1: /home/dseomn/.ssh/config line 12: Applying options for [redacted] debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Executing proxy command: exec [redacted] debug1: key_load_public: No such file or directory debug1: identity file /home/dseomn/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/dseomn/.ssh/id_rsa-cert type -1 debug1: permanently_drop_suid: 1000 debug1: key_load_public: No such file or directory debug1: identity file /home/dseomn/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/dseomn/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/dseomn/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/dseomn/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/dseomn/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/dseomn/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Debian-10+deb9u1 debug1: match: OpenSSH_7.4p1 Debian-10+deb9u1 pat OpenSSH* compat 0x04000000 debug1: Authenticating to [redacted]:22 as '[redacted]' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: rsa-sha2-512 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ssh-rsa SHA256:iIlPeeVmFl4u0FgrK6OurVl++0Kv4h00sQtDbqczY/s debug1: Host '[redacted]' is known and matches the RSA host key. debug1: Found key in /home/dseomn/.ssh/known_hosts:9 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521> debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: cardno:[redacted] debug1: Server accepts key: pkalg ssh-rsa blen 535 debug1: Authentication succeeded (publickey). Authenticated to [redacted] (via proxy). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessi...@openssh.com debug1: Entering interactive session. debug1: pledge: proc debug1: client_input_global_request: rtype hostkeys...@openssh.com want_reply 0 debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 debug1: Sending subsystem: sftp ^Cdebug1: channel 0: free: client-session, nchannels 1 debug1: Killed by signal 2. ** Affects: gvfs (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gvfs in Ubuntu. https://bugs.launchpad.net/bugs/1719981 Title: Permission denied when mounting sftp using gpg-agent and smart card Status in gvfs package in Ubuntu: New Bug description: When I try to mount an sftp backend using public key authentication with the private key stored on a smart card, I get a permission denied error. I'm on Ubuntu 16.04.3 LTS, with gvfs 1.28.2-1ubuntu1~16.04.2. dseomn@solaria:~$ echo $SSH_AUTH_SOCK /home/dseomn/.gnupg/S.gpg-agent.ssh dseomn@solaria:~$ dbus-update-activation-environment GVFS_DEBUG=x GVFS_DEBUG_FUSE=x dseomn@solaria:~$ killall gvfsd dseomn@solaria:~$ gvfs-mount sftp://[redacted]@[redacted]/[redacted] Error mounting location: Permission denied dseomn@solaria:~$ tail -n 9 /var/log/syslog Sep 27 14:48:21 solaria org.gtk.vfs.Daemon[2234]: Added new job source 0xdae0e0 (GVfsBackendSftp) Sep 27 14:48:21 solaria org.gtk.vfs.Daemon[2234]: Queued new job 0xd946f0 (GVfsJobMount) Sep 27 14:48:21 solaria org.gtk.vfs.Daemon[2234]: spawn_ssh: /usr/bin/ssh -oForwardX11 no -oForwardAgent no -oPermitLocalCommand no -oClearAllForwardings yes -oProtocol 2 -oNoHostAuthenticationForLocalhost yes -l [redacted] -s [redacted] sftp Sep 27 14:48:21 solaria org.gtk.vfs.Daemon[2234]: handle_login #1 initial_connection = 1 - user: [redacted], host: [redacted], port: -1 Sep 27 14:48:21 solaria org.gtk.vfs.Daemon[2234]: handle_login #1 - password_save: 0 Sep 27 14:48:21 solaria org.gtk.vfs.Daemon[2234]: handle_login #1 - ret_val: 1 Sep 27 14:48:21 solaria org.gtk.vfs.Daemon[2234]: stderr: Permission denied (publickey). Sep 27 14:48:21 solaria org.gtk.vfs.Daemon[2234]: send_reply(0xd946f0), failed=1 (Permission denied) Sep 27 14:48:21 solaria org.gtk.vfs.Daemon[2234]: ** (gvfsd:22467): WARNING **: dbus_mount_reply: Error from org.gtk.vfs.Mountable.mount(): Permission denied dseomn@solaria:~$ /usr/bin/ssh -v '-oForwardX11 no' '-oForwardAgent no' '-oPermitLocalCommand no' '-oClearAllForwardings yes' '-oProtocol 2' '-oNoHostAuthenticationForLocalhost yes' -l [redacted] -s [redacted] sftp OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/dseomn/.ssh/config debug1: /home/dseomn/.ssh/config line 4: Applying options for * debug1: /home/dseomn/.ssh/config line 12: Applying options for [redacted] debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Executing proxy command: exec [redacted] debug1: key_load_public: No such file or directory debug1: identity file /home/dseomn/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/dseomn/.ssh/id_rsa-cert type -1 debug1: permanently_drop_suid: 1000 debug1: key_load_public: No such file or directory debug1: identity file /home/dseomn/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/dseomn/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/dseomn/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/dseomn/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/dseomn/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/dseomn/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Debian-10+deb9u1 debug1: match: OpenSSH_7.4p1 Debian-10+deb9u1 pat OpenSSH* compat 0x04000000 debug1: Authenticating to [redacted]:22 as '[redacted]' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: rsa-sha2-512 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ssh-rsa SHA256:iIlPeeVmFl4u0FgrK6OurVl++0Kv4h00sQtDbqczY/s debug1: Host '[redacted]' is known and matches the RSA host key. debug1: Found key in /home/dseomn/.ssh/known_hosts:9 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521> debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: cardno:[redacted] debug1: Server accepts key: pkalg ssh-rsa blen 535 debug1: Authentication succeeded (publickey). Authenticated to [redacted] (via proxy). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessi...@openssh.com debug1: Entering interactive session. debug1: pledge: proc debug1: client_input_global_request: rtype hostkeys...@openssh.com want_reply 0 debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 debug1: Sending subsystem: sftp ^Cdebug1: channel 0: free: client-session, nchannels 1 debug1: Killed by signal 2. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/1719981/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
