[pkg-gnupg-maint] Bug#846175: gnupg-agent: Unable to use SSH key with empty passphrase since upgrade to Stretch

Sascha Silbe sascha-debian-bugs-gpg-agent-2018-07-07 at silbe.org
Sat Jul 7 09:59:47 BST 2018 

Package: gnupg-agent
Version: 2.1.18-8~deb9u2
Followup-For: Bug #846175

Dear Maintainer,

after the upgrade to Stretch we're hitting this bug, too. We have an
SSH key that's shared between a group of users and used by automated
processes, too (so it cannot be password-protected). The OpenSSH
client refuses to use a private key that's group-readable (bmo#2713
[1]) so as a work-around we've been feeding ssh-add the key from stdin
and using it via the agent rather than directly from the file. Adding
the key to the agent still works, but the key cannot actually be used
by SSH since the upgrade to Stretch:

=== Begin shell session ===
sascha at twin:~/www$ ./rsync-to-outpost+tuple.sh
sign_and_send_pubkey: signing failed: agent refused operation
Permission denied (publickey).
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: unexplained error (code 255) at io.c(235) [sender=3.1.2]
sign_and_send_pubkey: signing failed: agent refused operation
Permission denied (publickey).
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: error in rsync protocol data stream (code 12) at io.c(235) [sender=3.1.2]
=== End shell session ===

=== Begin syslog ===
Jul  7 10:48:55 twin gpg-agent[9439]: Failed to lookup password for key s/D8B841113308EB78E0E12F4C41A144783CCEC9D0 with secret service: Cannot autolaunch D-Bus without X11 $DISPLAY
Jul  7 10:48:55 twin pinentry[1189]: it took 8 tries to grab the keyboard
Jul  7 10:49:01 twin gpg-agent[9439]: failed to unprotect the secret key: No passphrase given
Jul  7 10:49:01 twin gpg-agent[9439]: failed to read the secret key
Jul  7 10:49:01 twin gpg-agent[9439]: ssh sign request failed: No passphrase given <GPG Agent>
Jul  7 10:49:01 twin gpg-agent[9439]: Failed to lookup password for key s/D8B841113308EB78E0E12F4C41A144783CCEC9D0 with secret service: Cannot autolaunch D-Bus without X11 $DISPLAY
Jul  7 10:49:01 twin pinentry[1195]: it took 8 tries to grab the keyboard
Jul  7 10:49:03 twin gpg-agent[9439]: failed to unprotect the secret key: No passphrase given
Jul  7 10:49:03 twin gpg-agent[9439]: failed to read the secret key
Jul  7 10:49:03 twin gpg-agent[9439]: ssh sign request failed: No passphrase given <GPG Agent>
=== End syslog ===

Sascha

[1] https://bugzilla.mindrot.org/show_bug.cgi?id=2713

-- System Information:
Debian Release: 9.4
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (100, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en:en_US:C:de_DE:de (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages gnupg-agent depends on:
ii  libassuan0                  2.4.3-2
ii  libc6                       2.24-11+deb9u3
ii  libgcrypt20                 1.7.6-2+deb9u3
ii  libgpg-error0               1.26-2
ii  libnpth0                    1.3-1
ii  libreadline7                7.0-3
ii  pinentry-curses [pinentry]  1.0.0-2
ii  pinentry-gtk2 [pinentry]    1.0.0-2

Versions of packages gnupg-agent recommends:
ii  gnupg  2.1.18-8~deb9u2
ii  gpgsm  2.1.18-8~deb9u2

Versions of packages gnupg-agent suggests:
pn  dbus-user-session  <none>
ii  libpam-systemd     232-25+deb9u2
pn  pinentry-gnome3    <none>
ii  scdaemon           2.1.18-8~deb9u2

-- no debconf information

More information about the pkg-gnupg-maint mailing list