ssh-agent / gnome keyring / gpg-agent issue

To: "debian-user@lists.debian.org" <debian-user@lists.debian.org>
Subject: ssh-agent / gnome keyring / gpg-agent issue
From: Jon Dowland <jon+debian-user@alcopop.org>
Date: Wed, 8 Apr 2009 09:28:05 +0100
Message-id: <[🔎] 20090408082805.GB29892@ncl.ac.uk>

Hi folks,

For some reason the gpg/ssh key agent part of my gnome
sessions on a recent sid desktop have stopped working.

when I login the environment has SSH_AGENT_PID and
SSH_AUTH_SOCK declared, but nothing for the GPG agent.

When I use ssh, GNOME prompts me for my keyphrase. Once
supplied, ssh-add -l shows that the agent has the key
cashed, but the client connections don't use it (output at
the end of the email).

This occurs for connections to several remote hosts, so I
am certain it is not a remote host configuration change.

If I unset the SSH_AGENT_PID and SSH_AUTH_SOCK variables
and eval `ssh-agent`, then ssh-add, everything works as
expected, so it's whichever agent process is started as
part of my GNOME session that is faulty.

The process tree looks something like

root /usr/sbin/gdm
root  \_ /usr/sbin/gdm
root      \_ /usr/bin/X :0 -audit 0 -auth /var/lib/gdm/:0.Xauth -nolisten tcp vt7
jon       \_ x-session-manager
jon           \_ /usr/bin/ssh-agent /usr/bin/dbus-launch --exit-with-session x-session-manager
jon           \_ gnome-settings-daemon
jon           \_ /usr/bin/metacity --sm-client-id=default0
jon           \_ gnome-panel --sm-client-id default1
jon           \_ nautilus --no-default-window --sm-client-id default2
jon           \_ gnome-power-manager
jon           \_ /usr/lib/vino/vino-server

Not parented to this tree are also

jon  /usr/bin/gnome-keyring-daemon --daemonize --login
jon  /usr/bin/dbus-launch --exit-with-session x-session-manager
jon  /usr/bin/dbus-daemon --fork --print-pid 6 --print-address 9 --session

When I attempt to send an email using mutt, I am not
prompted for my GPG key by the desktop environment (which I
normally would be) probably because the agent environment
is missing.

Can anyone help me to shed light on what has happened?

output of ssh client example:
$ ssh -vvv alcopop.org
OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007
...
debug1: identity file /home/jon/.ssh/id_rsa type 1
...
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5
debug1: match: OpenSSH_5.1p1 Debian-5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-5
...
debug2: key: /home/jon/.ssh/id_rsa (0x7fa32f14ca20)
debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: gssapi,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Ticket expired

debug1: Unspecified GSS failure.  Minor code may provide more information
Ticket expired

debug1: Unspecified GSS failure.  Minor code may provide more information


debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/jon/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug2: input_userauth_pk_ok: fp 24:18:40:b5:9a:5d:69:33:8d:c9:b9:6a:f1:0c:05:c7
debug3: sign_and_send_pubkey
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive
debug1: Trying private key: /home/jon/.ssh/identity
debug3: no such identity: /home/jon/.ssh/identity
debug1: Trying private key: /home/jon/.ssh/id_dsa
debug3: no such identity: /home/jon/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password: 

^^ i.e., the public key has not been offered.

Versions:

ii  gnome-keyring       2.26.0-2            GNOME keyring services (daemon and tools)
ii  gnupg               1.4.9-4             GNU privacy guard - a free PGP replacement
ii  openssh-client      1:5.1p1-5           secure shell client, an rlogin/rsh/rcp replacement
ii  seahorse            2.24.1-2            GNOME front end for GnuPG

-- 
Jon Dowland

Reply to:

Prev by Date: Re: Advice on raid/lvm
Next by Date: Re: Advice on raid/lvm
Previous by thread: Re: Can't install package
Next by thread: The tools through which a bunch of servers can be easily set up and maintained - wanted.
Index(es):
- Date
- Thread