[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#702708: openssh-client: ssh-agent aborts quietly when ssh-askpass is not installed

Package: openssh-client
Version: 1:6.0p1-4
Severity: normal

Dear Maintainer,

I'm using xfce and did not have ssh-askpass installed. When I tried
to add my key to ssh-agent with the '-c' flag (to force asking
confirmation for using the key) and subsequently using the key,
it admitted failure to use the key. Later attempts to connect to
the agent failed (with ssh-add -l); the socket was gone.

The syslog (/var/log/auth.log) shows:

Mar 10 13:04:05 rowlf ssh-agent[6160]: fatal: ssh_askpass:
exec(/usr/bin/ssh-askpass): No such file or directory

And a trace of the ssh-agent process shows it actually quits:

6240  execve("/usr/bin/ssh-askpass", ["/usr/bin/ssh-askpass", "Allow use
of key /home/user/.ssh"...], [/* 34 vars */]) = -1 ENOENT (No such file
or directory)
6240  time([1362917645])                = 1362917645
6240  open("/etc/localtime", O_RDONLY)  = 5
6240  fstat(5, {st_mode=S_IFREG|0644, st_size=2917, ...}) = 0
6240  fstat(5, {st_mode=S_IFREG|0644, st_size=2917, ...}) = 0
6240  mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0x7f8b6ab3c000
6240  read(5,
"TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\r\0\0\0\r\0\0\0\0"..., 4096)
= 2917
6240  lseek(5, -1843, SEEK_CUR)         = 1074
6240  read(5,
"TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\16\0\0\0\16\0\0\0\0"...,
4096) = 1843
6240  close(5)                          = 0
6240  munmap(0x7f8b6ab3c000, 4096)      = 0
6240  socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
6240  connect(5, {sa_family=AF_FILE, path="/dev/log"}, 110) = 0
6240  sendto(5, "<34>Mar 10 13:14:05 ssh-agent[62"..., 110,
MSG_NOSIGNAL, NULL, 0) = 110
6240  close(5)                          = 0
6240  unlink("/tmp/ssh-EGHqx1HqHD8i/agent.6231") = 0
6240  rmdir("/tmp/ssh-EGHqx1HqHD8i")    = 0
6240  exit_group(255)                   = ?
6232  <... read resumed> "", 1023)      = 0
6232  --- SIGCHLD (Child exited) @ 0 (0) ---

I'm not sure what the bug is here; either it's a dependency issue
(since ssh-agent clearly expect ssh-askpass), but it could also be
addressed by better feedback to the user about the situation.

E.g. instead of

"Agent admitted failure to sign using the key."

say

"The agent could not ask for confirmation and has quit."

But I'm not sure how the protocol works; it may be hard
to pass such data.

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssh-client depends on:
ii  adduser                3.113+nmu3
ii  debconf [debconf-2.0]  1.5.49
ii  dpkg                   1.16.9
ii  libc6                  2.13-38
ii  libedit2               2.11-20080614-5
ii  libgssapi-krb5-2       1.10.1+dfsg-4
ii  libselinux1            2.1.9-5
ii  libssl1.0.0            1.0.1e-1
ii  passwd                 1:4.1.5.1-1
ii  zlib1g                 1:1.2.7.dfsg-13

Versions of packages openssh-client recommends:
ii  openssh-blacklist        0.4.1+nmu1
ii  openssh-blacklist-extra  0.4.1+nmu1
ii  xauth                    1:1.0.7-1

Versions of packages openssh-client suggests:
pn  keychain      <none>
pn  libpam-ssh    <none>
pn  monkeysphere  <none>
ii  ssh-askpass   1:1.2.4.1-9

-- no debconf information
Reply to: