[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#524018: openssh-client: ssh-agent as started by xsession can't use keys

Package: openssh-client
Version: 1:5.1p1-5
Severity: important

Recently, the ssh-agent instance started by xsession (as
part of a GNOME desktop login) cannot use my public key,
nor a newly generated passwordless RSA key.

After adding a new user, logging into a fresh desktop
session (no existing $HOME cruft), generating a new RSA key
with ssh-keygen -t rsa, no passphrase, and using ssh-add to
inject it into the agent, the following occurs

test@ra:~$ ssh njd33@aldred.ncl.ac.uk
Agent admitted failure to sign using the key.
njd33@aldred.ncl.ac.uk's password: 

With my normal user and key, I don't get that failure

-vvv output attached to report as 'attempt2'.

Strangely, both with this test environment and with my own
setup and key, if I do eval `ssh-agent`;ssh-add , all works
as expected, so it appears to be something to do with the
way in which ssh-agent is invoked by xsession (defined in
/etc/X11/Xsession.d/90x11-common_ssh-agent from package
x11-common it would seem) rather than ssh-agent itself.

The ssh-agent started by xsession is

    /usr/bin/ssh-agent /usr/bin/gpg-agent --daemon --sh
    /usr/bin/dbus-launch --exit-with-session

This is rather crippling my day to day work :(

Any hints on where to look further would be much

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages openssh-client depends on:
ii  adduser              3.110               add and remove users and groups
ii  debconf [debconf-2.0 1.5.26              Debian configuration management sy
ii  dpkg                 1.14.25             Debian package management system
ii  libc6                2.9-7               GNU C Library: Shared libraries
ii  libcomerr2           1.41.3-1            common error description library
ii  libedit2             2.11~20080614-1     BSD editline and history libraries
ii  libkrb53             1.6.dfsg.4~beta1-13 Transitional library package/krb4 
ii  libncurses5          5.7+20090404-1      shared libraries for terminal hand
ii  libssl0.9.8          0.9.8g-16           SSL shared libraries
ii  passwd               1:4.1.1-6           change and administer password and
ii  zlib1g               1:   compression library - runtime

Versions of packages openssh-client recommends:
ii  openssh-blacklist             0.4.1      list of default blacklisted OpenSS
ii  openssh-blacklist-extra       0.4.1      list of non-default blacklisted Op
ii  xauth                         1:1.0.3-2  X authentication utility

Versions of packages openssh-client suggests:
pn  keychain                      <none>     (no description available)
pn  libpam-ssh                    <none>     (no description available)
pn  ssh-askpass                   <none>     (no description available)

-- no debconf information

Jon Dowland            ISS UNIX Team    Newcastle University

Attachment: signature.asc
Description: Digital signature

Reply to: