Bug#702708: openssh-client: ssh-agent aborts quietly when ssh-askpass is not installed
Package: openssh-client
Version: 1:6.0p1-4
Severity: normal
Dear Maintainer,
I'm using xfce and did not have ssh-askpass installed. When I tried
to add my key to ssh-agent with the '-c' flag (to force asking
confirmation for using the key) and subsequently using the key,
it admitted failure to use the key. Later attempts to connect to
the agent failed (with ssh-add -l); the socket was gone.
The syslog (/var/log/auth.log) shows:
Mar 10 13:04:05 rowlf ssh-agent[6160]: fatal: ssh_askpass:
exec(/usr/bin/ssh-askpass): No such file or directory
And a trace of the ssh-agent process shows it actually quits:
6240 execve("/usr/bin/ssh-askpass", ["/usr/bin/ssh-askpass", "Allow use
of key /home/user/.ssh"...], [/* 34 vars */]) = -1 ENOENT (No such file
or directory)
6240 time([1362917645]) = 1362917645
6240 open("/etc/localtime", O_RDONLY) = 5
6240 fstat(5, {st_mode=S_IFREG|0644, st_size=2917, ...}) = 0
6240 fstat(5, {st_mode=S_IFREG|0644, st_size=2917, ...}) = 0
6240 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0x7f8b6ab3c000
6240 read(5,
"TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\r\0\0\0\r\0\0\0\0"..., 4096)
= 2917
6240 lseek(5, -1843, SEEK_CUR) = 1074
6240 read(5,
"TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\16\0\0\0\16\0\0\0\0"...,
4096) = 1843
6240 close(5) = 0
6240 munmap(0x7f8b6ab3c000, 4096) = 0
6240 socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
6240 connect(5, {sa_family=AF_FILE, path="/dev/log"}, 110) = 0
6240 sendto(5, "<34>Mar 10 13:14:05 ssh-agent[62"..., 110,
MSG_NOSIGNAL, NULL, 0) = 110
6240 close(5) = 0
6240 unlink("/tmp/ssh-EGHqx1HqHD8i/agent.6231") = 0
6240 rmdir("/tmp/ssh-EGHqx1HqHD8i") = 0
6240 exit_group(255) = ?
6232 <... read resumed> "", 1023) = 0
6232 --- SIGCHLD (Child exited) @ 0 (0) ---
I'm not sure what the bug is here; either it's a dependency issue
(since ssh-agent clearly expect ssh-askpass), but it could also be
addressed by better feedback to the user about the situation.
E.g. instead of
"Agent admitted failure to sign using the key."
say
"The agent could not ask for confirmation and has quit."
But I'm not sure how the protocol works; it may be hard
to pass such data.
-- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages openssh-client depends on:
ii adduser 3.113+nmu3
ii debconf [debconf-2.0] 1.5.49
ii dpkg 1.16.9
ii libc6 2.13-38
ii libedit2 2.11-20080614-5
ii libgssapi-krb5-2 1.10.1+dfsg-4
ii libselinux1 2.1.9-5
ii libssl1.0.0 1.0.1e-1
ii passwd 1:4.1.5.1-1
ii zlib1g 1:1.2.7.dfsg-13
Versions of packages openssh-client recommends:
ii openssh-blacklist 0.4.1+nmu1
ii openssh-blacklist-extra 0.4.1+nmu1
ii xauth 1:1.0.7-1
Versions of packages openssh-client suggests:
pn keychain <none>
pn libpam-ssh <none>
pn monkeysphere <none>
ii ssh-askpass 1:1.2.4.1-9
-- no debconf information
Reply to: