GNU bug report logs - #33165
GNOME keyring SSH agent => sign_and_send_pubkey: signing failed: agent refused operation

Message received at 33165 <at> debbugs.gnu.org:

Received: (at 33165) by debbugs.gnu.org; 30 Nov 2018 03:47:32 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Nov 29 22:47:32 2018
Received: from localhost ([127.0.0.1]:55388 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1gSZm8-0000yF-B2
	for submit <at> debbugs.gnu.org; Thu, 29 Nov 2018 22:47:32 -0500
Received: from sender-of-o52.zoho.com ([135.84.80.217]:21406)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <rekado@HIDDEN>) id 1gSZm6-0000y7-6z
 for 33165 <at> debbugs.gnu.org; Thu, 29 Nov 2018 22:47:30 -0500
ARC-Seal: i=1; a=rsa-sha256; t=1543549595; cv=none; d=zoho.com; s=zohoarc; 
 b=KaRtg5u7A5zYguUz9GfmA97Z4BiWJs5d6+Khl96KNPYl8HD/BUQgqXjxVe9BfJ1z8djQ06bWVai/RXO0+BpKAXlRYV6+jvSZYdtgam/9AjC/BFHanO1UFebzgq9zwBLMxtiBite/+xDz30okEJzyxP3ZkupeZXx+1nRh7tJ32q4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com;
 s=zohoarc; t=1543549595;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To:ARC-Authentication-Results;
 bh=XtEhtH4WQW75HLpcJHWUH3sxfhWswxCNAUxKyMQJAaw=; 
 b=LcVoCTokq9c1MLJFo1ZX0GOWKfEgozAFuPV9CPrHWwqsawrQORp/dTRxA/zs39WqsfH9U9QvBG5B6l00g6cnGwcE4OdNqcCT6HGFRF5g+KW1gABHl6uljDXdjYrXulxT1qX4/xzDRVhytoYDAvu+K8IsuUPK+5X4WLMrPZYrTrw=
ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass  header.i=elephly.net;
 spf=pass  smtp.mailfrom=rekado@HIDDEN;
 dmarc=pass header.from=<rekado@HIDDEN> header.from=<rekado@HIDDEN>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1543549595; 
 s=zoho; d=elephly.net; i=rekado@HIDDEN;
 h=References:From:To:Cc:Subject:In-reply-to:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding;
 l=593; bh=XtEhtH4WQW75HLpcJHWUH3sxfhWswxCNAUxKyMQJAaw=;
 b=UUQcvdLCwlMW/id98mHZXpD0Bu0ysZKPWnKtZ7EX+sIxeMPyn+A0mASP/FJdcYmr
 8naEqmZnUL3ZowwtQZOrpZZZsrywWayb/2ZsNcGxcKscwzbi7kq8+fN20yODmGrcaTf
 B692Xrd4nOJPv0pXaGJIV40jragV8O9P9dQCChEo=
Received: from localhost (p578E64B9.dip0.t-ipconnect.de [87.142.100.185]) by
 mx.zohomail.com with SMTPS id 1543549593977778.8825300564505;
 Thu, 29 Nov 2018 19:46:33 -0800 (PST)
References: <743863752d3942c2a73477794d223b9b@HIDDEN>
 <87d0qncojz.fsf@HIDDEN>
User-agent: mu4e 1.0; emacs 26.1
From: Ricardo Wurmus <rekado@HIDDEN>
To: Chris Marusich <cmmarusich@HIDDEN>
Subject: Re: bug#33165: GNOME keyring SSH agent => sign_and_send_pubkey:
 signing failed: agent refused operation
In-reply-to: <87d0qncojz.fsf@HIDDEN>
X-URL: https://elephly.net
X-PGP-Key: https://elephly.net/rekado.pubkey
X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
Date: Fri, 30 Nov 2018 04:46:30 +0100
Message-ID: <87a7lr2pnt.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-ZohoMailClient: External
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 33165
Cc: Henk Katerberg <henk.katerberg@HIDDEN>, 33165 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)


Chris Marusich <cmmarusich@HIDDEN> writes:

> The version of GNOME currently packaged in Guix is 3.24.3 (see
> gnu/packages/gnome.scm).  Because GNOME Keyring just wrap's OpenSSH's
> ssh-agent starting with GNOME 3.28, it seems likely that upgrading to
> GNOME 3.28 or later will fix your issue.  If your problem continues to
> occur even after Guix has upgraded GNOME to 3.28 or later, then we will
> need to investigate more.

Just FYI: we have an upgrade to GNOME 2.28 on a separate branch that=E2=80=
=99s
waiting for the core-updates branch to be merged.

--=20
Ricardo

Message received at 33165 <at> debbugs.gnu.org:

Received: (at 33165) by debbugs.gnu.org; 30 Nov 2018 02:00:30 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Nov 29 21:00:29 2018
Received: from localhost ([127.0.0.1]:55351 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1gSY6X-0004pN-LJ
	for submit <at> debbugs.gnu.org; Thu, 29 Nov 2018 21:00:29 -0500
Received: from mail-pl1-f172.google.com ([209.85.214.172]:41887)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <cmmarusich@HIDDEN>) id 1gSY6W-0004pA-Fd
 for 33165 <at> debbugs.gnu.org; Thu, 29 Nov 2018 21:00:29 -0500
Received: by mail-pl1-f172.google.com with SMTP id u6so1970172plm.8
 for <33165 <at> debbugs.gnu.org>; Thu, 29 Nov 2018 18:00:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:references:date:in-reply-to:message-id
 :user-agent:mime-version;
 bh=KjUp6Ia2ZKOlhYFSvA24qVSWOv9inwzu7Sy6VfMiPzY=;
 b=n1tQCxApBNSLDAEiCWYVO4mGD5EYNKrsyp2LdmTTPjFTTHESdpiWbBjPQW9jkBo/iO
 QpqjW1NWwqde8BSXuPgAN2O4Z2MeoKmr1aPf0MPLULn9U0LueA4wtnkHUcLCZaG0g9On
 7oXdKcPV6yYRLDfkiFwQS1JNGsLxyqHwFiDOo8QtBBPmtDSTPCy0zQ8YpNQW0BpufG7t
 bbmNTzYFqO3qs94bwyPitBCqi1gr8UdqEVTQ5ejOm5lzjC/OjTMGJRyCfhdCMbz/D220
 /aar0cL5K3IdDSKrHwEGiRq4nANSXhgMpsimj2dHYo8djy5Bfn/ghF94l+yjnwiyLWXj
 BCww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
 :message-id:user-agent:mime-version;
 bh=KjUp6Ia2ZKOlhYFSvA24qVSWOv9inwzu7Sy6VfMiPzY=;
 b=TF10s0dlpknOWm+dVGtEW9G1aL5EomO4gRyEok+NAlsRaNnab7PAe+NM2cf5gnv+Hq
 Zvmul2y0t/q7Z70H1iKoJPQEz35UvJMztkTrD53PPD9gEIUHFmmCIRhEO2+EIIxosaw1
 AKHxI8WH5Z0zdBvrtK5ibys5ATHYsj1CMvHH7K98EE0fcbtqxUI5YLL+tbpmURBtOwE0
 QJJCz9uDZE6rALpwpywqIe45kv4fFaH9eVzCB3bRb9tZncLAVqV2jeaAw5u0/qk44Uek
 45ttdHtlFjQhu2341KDkrtzKbqGz0zJi2pCPGnbiK16DQ8N6fW2L1tS4O5Z4y/zaaUME
 K1Dw==
X-Gm-Message-State: AA+aEWZ6IKKeTLFQ9E2fTixCxtVn18UfN/CK5CnefxoyZ7Wkr7KJ5dpz
 QXqckWHZ4Hy79aj2cuWUsihfiEu7
X-Google-Smtp-Source: AFSGD/WDSbe7OYzXXsLaEJxrGxj4dVyN1Ka9CcaQlrEYzDVRriaOpBoq4PaWQ3CI/4/b9d3rWMjVvg==
X-Received: by 2002:a17:902:7c85:: with SMTP id
 y5mr3771050pll.63.1543543221888; 
 Thu, 29 Nov 2018 18:00:21 -0800 (PST)
Received: from garuda.local ([2601:601:9d00:3c88:1552:e07e:420f:e529])
 by smtp.gmail.com with ESMTPSA id 64sm4353036pff.101.2018.11.29.18.00.19
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Thu, 29 Nov 2018 18:00:20 -0800 (PST)
From: Chris Marusich <cmmarusich@HIDDEN>
To: Henk Katerberg <henk.katerberg@HIDDEN>
Subject: Re: bug#33165: GNOME keyring SSH agent => sign_and_send_pubkey:
 signing failed: agent refused operation
References: <743863752d3942c2a73477794d223b9b@HIDDEN>
Date: Thu, 29 Nov 2018 18:00:16 -0800
In-Reply-To: <743863752d3942c2a73477794d223b9b@HIDDEN> (Henk Katerberg's
 message of "Fri, 26 Oct 2018 08:51:41 +0000")
Message-ID: <87d0qncojz.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha256; protocol="application/pgp-signature"
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 33165
Cc: 33165 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Henk Katerberg <henk.katerberg@HIDDEN> writes:

> On GuixSD running Gnome: the command 'ssh <remote>' results in error
>   sign_and_send_pubkey: signing failed: agent refused operation
> and then falls back to password authentication.
>
> (Work-around is to manually start the openssh agent 'eval
> $(ssh-agent)' after which 'ssh <remote>' is successfull. From this I
> conclude that the key pair used and the .ssh/config entry for <remote>
> are OK.)

This sounds a lot like the issue I describe in my blog post here:

https://www.gnu.org/software/guix/blog/2018/customize-guixsd-use-stock-ssh-=
agent-everywhere/

From=20the blog post:

"Unfortunately, up until GNOME 3.28 (the current release), the GNOME
Keyring's SSH agent implementation was not as complete as the stock SSH
agent from OpenSSH. As a result, earlier versions of GNOME Keyring did
not support many use cases. This was a problem for me, since GNOME
Keyring couldn't read my modern SSH keys.

[...]

Happily, starting with GNOME 3.28, GNOME Keyring delegates all SSH agent
functionality to the stock SSH agent from OpenSSH. They have removed
their custom implementation entirely. This means that today, I could
solve my problem simply by using the most recent version of GNOME
Keyring. I'll probably do just that when the new release gets included
in Guix. However, when I first encountered this problem, GNOME 3.28
hadn't been released yet, so the only option available to me was to
customize GNOME Keyring or remove it entirely."

Since your work-around was the same as mine - use the stock OpenSSH
ssh-agent - you might find the blog post useful for your situation.

The version of GNOME currently packaged in Guix is 3.24.3 (see
gnu/packages/gnome.scm).  Because GNOME Keyring just wrap's OpenSSH's
ssh-agent starting with GNOME 3.28, it seems likely that upgrading to
GNOME 3.28 or later will fix your issue.  If your problem continues to
occur even after Guix has upgraded GNOME to 3.28 or later, then we will
need to investigate more.

=2D-=20
Chris

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlwAmbAACgkQ3UCaFdgi
Rp1mag/9EeVwjeZUS829IFlY6OwY50Xowj8igaq2b47EnXPbZMAiwVOUw0uqPiBf
B2wNXQ2T/5Lj2/rBuRyfiFENnxqLtWnVmvAx9E/6bIeZRK4A+Zwfe0YvWhGRWyTp
mOMUrqCluT+3N+uqSb+eT84RhLaCQJ6IkflGotGZbB4+Ll2mnhjaoeQ4M7cVTHHk
8eHJso9PRQGMjYRMJnSm7+hGlqH/hgvH8wfZmUy8XwEhMJFM/Avugisb3sB5a1jS
+s8aQp5mXFbtfnLKBnYJvwEU8VNfX2ir92j+tCJTakHLmut5TWyw64fMHzLrG0YW
yDWdHB7mS5VFL0MR5HQm6Q1yhCynLLR1gQ0K16fOv5naQ/Gz53aC3OW6OPAsqPUh
U4siE8eUyjTDC43svcv2nSr+3Oh3VlCjGTceF1690IsfhDyh4MYB8Jf2FTTYc30W
rzHZ1+i30hdSQFKscYO/KHXR4vH2wCtzSN061dPPUyr4yrGgPGyylkB3Dwz+FGz2
X3wJPq+xjtyrSzLzYMpoari9Uv9f98yc9JJ5Xorcc+wnwznlI8BKEN09pVUoSXc7
1LKsMeOV7GkG2j4Q9gbvoEVLV4kH4cUTXKXs/YiacRz4iU+wUXpF6/UrUH1YsNS0
l0w5FcTeeCiChgO2WjDf2LlhWAZEX17iHh+47mLLYXawxPEHfwo=
=5/6D
-----END PGP SIGNATURE-----
--=-=-=--

Message received at submit <at> debbugs.gnu.org:

Received: (at submit) by debbugs.gnu.org; 26 Oct 2018 15:21:48 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Oct 26 11:21:48 2018
Received: from localhost ([127.0.0.1]:44244 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1gG3vn-00057c-Bm
	for submit <at> debbugs.gnu.org; Fri, 26 Oct 2018 11:21:48 -0400
Received: from eggs.gnu.org ([208.118.235.92]:58509)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <henk.katerberg@HIDDEN>) id 1gFxwN-00028B-9T
 for submit <at> debbugs.gnu.org; Fri, 26 Oct 2018 04:58:01 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <henk.katerberg@HIDDEN>) id 1gFxwD-00068m-MW
 for submit <at> debbugs.gnu.org; Fri, 26 Oct 2018 04:57:53 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_00,
 RECEIVED_FROM_WINDOWS_HOST autolearn=disabled version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:42995)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <henk.katerberg@HIDDEN>)
 id 1gFxwA-00064v-LH
 for submit <at> debbugs.gnu.org; Fri, 26 Oct 2018 04:57:47 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:39784)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <henk.katerberg@HIDDEN>) id 1gFxw9-0004zV-R6
 for bug-guix@HIDDEN; Fri, 26 Oct 2018 04:57:46 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <henk.katerberg@HIDDEN>) id 1gFxw3-0005yn-SC
 for bug-guix@HIDDEN; Fri, 26 Oct 2018 04:57:45 -0400
Received: from mx.verum.com ([31.223.170.65]:52876)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <henk.katerberg@HIDDEN>)
 id 1gFxw1-0005nI-8W
 for bug-guix@HIDDEN; Fri, 26 Oct 2018 04:57:39 -0400
Received: from mx.verum.com (192.168.32.202) by mx.verum.com (192.168.32.202)
 with Microsoft SMTP Server (TLS) id 15.0.1130.7;
 Fri, 26 Oct 2018 10:51:42 +0200
Received: from mx.verum.com ([192.168.32.202]) by mx.verum.com
 ([192.168.32.202]) with mapi id 15.00.1130.005; Fri, 26 Oct 2018 10:51:42
 +0200
From: Henk Katerberg <henk.katerberg@HIDDEN>
To: "bug-guix@HIDDEN" <bug-guix@HIDDEN>
Subject: GNOME keyring SSH agent => sign_and_send_pubkey: signing failed:
 agent refused operation
Thread-Topic: GNOME keyring SSH agent => sign_and_send_pubkey: signing failed:
 agent refused operation
Thread-Index: AQHUbQkcImqd8lqq/EiIcJvM+897Gw==
Date: Fri, 26 Oct 2018 08:51:41 +0000
Message-ID: <743863752d3942c2a73477794d223b9b@HIDDEN>
Accept-Language: en-US, nl-NL
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.168.32.146]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy]
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -4.0 (----)
X-Debbugs-Envelope-To: submit
X-Mailman-Approved-At: Fri, 26 Oct 2018 11:21:46 -0400
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

On GuixSD running Gnome: the command 'ssh <remote>' results in error
  sign_and_send_pubkey: signing failed: agent refused operation
and then falls back to password authentication.

(Work-around is to manually start the openssh agent 'eval $(ssh-agent)' aft=
er which 'ssh <remote>' is successfull. From this I conclude that the key p=
air used and the .ssh/config entry for <remote> are OK.)=