From: Chris Marusich <cmmarusich@gmail.com>
To: Henk Katerberg <henk.katerberg@verum.com>
Cc: 33165@debbugs.gnu.org
Subject: bug#33165: GNOME keyring SSH agent => sign_and_send_pubkey: signing failed: agent refused operation
Date: Thu, 29 Nov 2018 18:00:16 -0800 [thread overview]
Message-ID: <87d0qncojz.fsf@gmail.com> (raw)
In-Reply-To: <743863752d3942c2a73477794d223b9b@mx.verum.com> (Henk Katerberg's message of "Fri, 26 Oct 2018 08:51:41 +0000")
[-- Attachment #1: Type: text/plain, Size: 2066 bytes --]
Henk Katerberg <henk.katerberg@verum.com> writes:
> On GuixSD running Gnome: the command 'ssh <remote>' results in error
> sign_and_send_pubkey: signing failed: agent refused operation
> and then falls back to password authentication.
>
> (Work-around is to manually start the openssh agent 'eval
> $(ssh-agent)' after which 'ssh <remote>' is successfull. From this I
> conclude that the key pair used and the .ssh/config entry for <remote>
> are OK.)
This sounds a lot like the issue I describe in my blog post here:
https://www.gnu.org/software/guix/blog/2018/customize-guixsd-use-stock-ssh-agent-everywhere/
From the blog post:
"Unfortunately, up until GNOME 3.28 (the current release), the GNOME
Keyring's SSH agent implementation was not as complete as the stock SSH
agent from OpenSSH. As a result, earlier versions of GNOME Keyring did
not support many use cases. This was a problem for me, since GNOME
Keyring couldn't read my modern SSH keys.
[...]
Happily, starting with GNOME 3.28, GNOME Keyring delegates all SSH agent
functionality to the stock SSH agent from OpenSSH. They have removed
their custom implementation entirely. This means that today, I could
solve my problem simply by using the most recent version of GNOME
Keyring. I'll probably do just that when the new release gets included
in Guix. However, when I first encountered this problem, GNOME 3.28
hadn't been released yet, so the only option available to me was to
customize GNOME Keyring or remove it entirely."
Since your work-around was the same as mine - use the stock OpenSSH
ssh-agent - you might find the blog post useful for your situation.
The version of GNOME currently packaged in Guix is 3.24.3 (see
gnu/packages/gnome.scm). Because GNOME Keyring just wrap's OpenSSH's
ssh-agent starting with GNOME 3.28, it seems likely that upgrading to
GNOME 3.28 or later will fix your issue. If your problem continues to
occur even after Guix has upgraded GNOME to 3.28 or later, then we will
need to investigate more.
--
Chris
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
next prev parent reply other threads:[~2018-11-30 2:01 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-26 8:51 bug#33165: GNOME keyring SSH agent => sign_and_send_pubkey: signing failed: agent refused operation Henk Katerberg
2018-11-30 2:00 ` Chris Marusich [this message]
2018-11-30 3:46 ` Ricardo Wurmus
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87d0qncojz.fsf@gmail.com \
--to=cmmarusich@gmail.com \
--cc=33165@debbugs.gnu.org \
--cc=henk.katerberg@verum.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).