Bug 30480

Summary: can't use a (password-protected) key in the default DE
Product: Branch p7 Reporter: Ivan Zakharyaschev <imz>
Component: openssh-clientsAssignee: Andrey Cherepanov <cas>
Status: NEW --- QA Contact: qa-p7 <qa-p7>
Severity: normal    
Priority: P3    
Version: не указана   
Hardware: all   
OS: Linux   

Description Ivan Zakharyaschev 2014-11-18 12:03:30 MSK
openssh-clients-5.9p1-alt7 in SimplyLinux 7.0.4

I've installed SimplyLinux 7.0.1 (x86_64), and I'm using the default DE.

I have a password-protected SSH key.

On login, I'm asked the password (by the GUI dialog).

Then, whenever I do ssh, I'm asked the password again by the GUI dialog.

But I'm not authenticated then! (This is the problem!)

Something is wrong with ssh-agent and ssh-askpass in the default DE.

If I invoke them manually, there are no problems:

[imz@z ~]$ killall ssh-agent 
[imz@z ~]$ ssh-agent -u -d &
[1] 3164
[imz@z ~]$ SSH_AUTH_SOCK=/home/imz/.ssh/agent; export SSH_AUTH_SOCK;
echo Agent pid 3164;

[imz@z ~]$ ssh-add </dev/null
debug1: type 17
Identity added: /home/imz/.ssh/id_rsa (/home/imz/.ssh/id_rsa)
[imz@z ~]$ debug1: XXX shrink: 3 < 4

[imz@z ~]$ ssh vaio
debug1: type 11
debug1: type 13
debug1: XXX shrink: 3 < 4
Last login: Tue Nov 18 12:44:25 2014 from 81.200.29.43
[imz@localhost ~]$ logout
[3;J




Connection to ob.qwerty closed.
[imz@z ~]$
Comment 1 Ivan Zakharyaschev 2014-11-18 12:07:10 MSK
This is how it fails to use the key (after the correct password was entered in the GUI, 2 times: on DE login, and when doing ssh).

[imz@z ~]$ ssh -v vaio
OpenSSH_5.9p1, OpenSSL 1.0.1j 15 Oct 2014
debug1: Reading configuration data /home/imz/.ssh/config
debug1: /home/imz/.ssh/config line 1: Applying options for vaio
debug1: Reading configuration data /etc/openssh/ssh_config
debug1: /etc/openssh/ssh_config line 20: Applying options for *
debug1: Connecting to ob.qwerty [79.165.54.227] port 2202.
debug1: Connection established.
debug1: identity file /home/imz/.ssh/id_rsa type 1
debug1: identity file /home/imz/.ssh/id_rsa-cert type -1
debug1: identity file /home/imz/.ssh/id_dsa type -1
debug1: identity file /home/imz/.ssh/id_dsa-cert type -1
debug1: identity file /home/imz/.ssh/id_ecdsa type -1
debug1: identity file /home/imz/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes256-ctr hmac-md5 zlib@openssh.com
debug1: kex: client->server aes256-ctr hmac-md5 zlib@openssh.com
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 3b:2c:f4:eb:35:dc:7b:b1:f3:80:e3:b6:61:c6:3b:a8
debug1: Host '[ob.qwerty]:2202' is known and matches the ECDSA host key.
debug1: Found key in /home/imz/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/imz/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
Agent admitted failure to sign using the key.
debug1: Trying private key: /home/imz/.ssh/id_dsa
debug1: Trying private key: /home/imz/.ssh/id_ecdsa
debug1: No more authentication methods to try.
ssh: Permission denied (publickey).
[imz@z ~]$
Comment 2 Ivan Zakharyaschev 2014-11-18 14:28:02 MSK
If I run ssh-add in terminal in this case, it works:

[imz@z ~]$ ssh vaio
Agent admitted failure to sign using the key.
ssh: Permission denied (publickey).
[imz@z ~]$ ssh-add
Enter passphrase for /home/imz/.ssh/id_rsa: 
Identity added: /home/imz/.ssh/id_rsa (/home/imz/.ssh/id_rsa)
[imz@z ~]$ ssh vaio
Last login: Tue Nov 18 15:20:22 2014 from 81.200.29.43
[imz@localhost ~]$