From mboxrd@z Thu Jan 1 00:00:00 1970 From: Chris Marusich Subject: bug#33165: GNOME keyring SSH agent => sign_and_send_pubkey: signing failed: agent refused operation Date: Thu, 29 Nov 2018 18:00:16 -0800 Message-ID: <87d0qncojz.fsf@gmail.com> References: <743863752d3942c2a73477794d223b9b@mx.verum.com> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:42493) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gSY79-0004zj-1J for bug-guix@gnu.org; Thu, 29 Nov 2018 21:01:08 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gSY75-0005pz-9V for bug-guix@gnu.org; Thu, 29 Nov 2018 21:01:06 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:51093) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gSY74-0005od-6r for bug-guix@gnu.org; Thu, 29 Nov 2018 21:01:03 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1gSY73-0004qL-Tz for bug-guix@gnu.org; Thu, 29 Nov 2018 21:01:01 -0500 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <743863752d3942c2a73477794d223b9b@mx.verum.com> (Henk Katerberg's message of "Fri, 26 Oct 2018 08:51:41 +0000") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Henk Katerberg Cc: 33165@debbugs.gnu.org --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Henk Katerberg writes: > On GuixSD running Gnome: the command 'ssh ' results in error > sign_and_send_pubkey: signing failed: agent refused operation > and then falls back to password authentication. > > (Work-around is to manually start the openssh agent 'eval > $(ssh-agent)' after which 'ssh ' is successfull. From this I > conclude that the key pair used and the .ssh/config entry for > are OK.) This sounds a lot like the issue I describe in my blog post here: https://www.gnu.org/software/guix/blog/2018/customize-guixsd-use-stock-ssh-= agent-everywhere/ From=20the blog post: "Unfortunately, up until GNOME 3.28 (the current release), the GNOME Keyring's SSH agent implementation was not as complete as the stock SSH agent from OpenSSH. As a result, earlier versions of GNOME Keyring did not support many use cases. This was a problem for me, since GNOME Keyring couldn't read my modern SSH keys. [...] Happily, starting with GNOME 3.28, GNOME Keyring delegates all SSH agent functionality to the stock SSH agent from OpenSSH. They have removed their custom implementation entirely. This means that today, I could solve my problem simply by using the most recent version of GNOME Keyring. I'll probably do just that when the new release gets included in Guix. However, when I first encountered this problem, GNOME 3.28 hadn't been released yet, so the only option available to me was to customize GNOME Keyring or remove it entirely." Since your work-around was the same as mine - use the stock OpenSSH ssh-agent - you might find the blog post useful for your situation. The version of GNOME currently packaged in Guix is 3.24.3 (see gnu/packages/gnome.scm). Because GNOME Keyring just wrap's OpenSSH's ssh-agent starting with GNOME 3.28, it seems likely that upgrading to GNOME 3.28 or later will fix your issue. If your problem continues to occur even after Guix has upgraded GNOME to 3.28 or later, then we will need to investigate more. =2D-=20 Chris --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlwAmbAACgkQ3UCaFdgi Rp1mag/9EeVwjeZUS829IFlY6OwY50Xowj8igaq2b47EnXPbZMAiwVOUw0uqPiBf B2wNXQ2T/5Lj2/rBuRyfiFENnxqLtWnVmvAx9E/6bIeZRK4A+Zwfe0YvWhGRWyTp mOMUrqCluT+3N+uqSb+eT84RhLaCQJ6IkflGotGZbB4+Ll2mnhjaoeQ4M7cVTHHk 8eHJso9PRQGMjYRMJnSm7+hGlqH/hgvH8wfZmUy8XwEhMJFM/Avugisb3sB5a1jS +s8aQp5mXFbtfnLKBnYJvwEU8VNfX2ir92j+tCJTakHLmut5TWyw64fMHzLrG0YW yDWdHB7mS5VFL0MR5HQm6Q1yhCynLLR1gQ0K16fOv5naQ/Gz53aC3OW6OPAsqPUh U4siE8eUyjTDC43svcv2nSr+3Oh3VlCjGTceF1690IsfhDyh4MYB8Jf2FTTYc30W rzHZ1+i30hdSQFKscYO/KHXR4vH2wCtzSN061dPPUyr4yrGgPGyylkB3Dwz+FGz2 X3wJPq+xjtyrSzLzYMpoari9Uv9f98yc9JJ5Xorcc+wnwznlI8BKEN09pVUoSXc7 1LKsMeOV7GkG2j4Q9gbvoEVLV4kH4cUTXKXs/YiacRz4iU+wUXpF6/UrUH1YsNS0 l0w5FcTeeCiChgO2WjDf2LlhWAZEX17iHh+47mLLYXawxPEHfwo= =5/6D -----END PGP SIGNATURE----- --=-=-=--