Ubuntu
gvfs package

Permission denied when mounting sftp using gpg-agent and smart card

Bug #1719981 reported by David Mandelberg
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gvfs (Ubuntu)
New
Undecided
Unassigned

Bug Description

When I try to mount an sftp backend using public key authentication with the private key stored on a smart card, I get a permission denied error. I'm on Ubuntu 16.04.3 LTS, with gvfs 1.28.2-1ubuntu1~16.04.2.

dseomn@solaria:~$ echo $SSH_AUTH_SOCK
/home/dseomn/.gnupg/S.gpg-agent.ssh
dseomn@solaria:~$ dbus-update-activation-environment GVFS_DEBUG=x GVFS_DEBUG_FUSE=x
dseomn@solaria:~$ killall gvfsd
dseomn@solaria:~$ gvfs-mount sftp://[redacted]@[redacted]/[redacted]
Error mounting location: Permission denied
dseomn@solaria:~$ tail -n 9 /var/log/syslog
Sep 27 14:48:21 solaria org.gtk.vfs.Daemon[2234]: Added new job source 0xdae0e0 (GVfsBackendSftp)
Sep 27 14:48:21 solaria org.gtk.vfs.Daemon[2234]: Queued new job 0xd946f0 (GVfsJobMount)
Sep 27 14:48:21 solaria org.gtk.vfs.Daemon[2234]: spawn_ssh: /usr/bin/ssh -oForwardX11 no -oForwardAgent no -oPermitLocalCommand no -oClearAllForwardings yes -oProtocol 2 -oNoHostAuthenticationForLocalhost yes -l [redacted] -s [redacted] sftp
Sep 27 14:48:21 solaria org.gtk.vfs.Daemon[2234]: handle_login #1 initial_connection = 1 - user: [redacted], host: [redacted], port: -1
Sep 27 14:48:21 solaria org.gtk.vfs.Daemon[2234]: handle_login #1 - password_save: 0
Sep 27 14:48:21 solaria org.gtk.vfs.Daemon[2234]: handle_login #1 - ret_val: 1
Sep 27 14:48:21 solaria org.gtk.vfs.Daemon[2234]: stderr: Permission denied (publickey).
Sep 27 14:48:21 solaria org.gtk.vfs.Daemon[2234]: send_reply(0xd946f0), failed=1 (Permission denied)
Sep 27 14:48:21 solaria org.gtk.vfs.Daemon[2234]: ** (gvfsd:22467): WARNING **: dbus_mount_reply: Error from org.gtk.vfs.Mountable.mount(): Permission denied
dseomn@solaria:~$ /usr/bin/ssh -v '-oForwardX11 no' '-oForwardAgent no' '-oPermitLocalCommand no' '-oClearAllForwardings yes' '-oProtocol 2' '-oNoHostAuthenticationForLocalhost yes' -l [redacted] -s [redacted] sftp
OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /home/dseomn/.ssh/config
debug1: /home/dseomn/.ssh/config line 4: Applying options for *
debug1: /home/dseomn/.ssh/config line 12: Applying options for [redacted]
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Executing proxy command: exec [redacted]
debug1: key_load_public: No such file or directory
debug1: identity file /home/dseomn/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dseomn/.ssh/id_rsa-cert type -1
debug1: permanently_drop_suid: 1000
debug1: key_load_public: No such file or directory
debug1: identity file /home/dseomn/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dseomn/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dseomn/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dseomn/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dseomn/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dseomn/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Debian-10+deb9u1
debug1: match: OpenSSH_7.4p1 Debian-10+deb9u1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to [redacted]:22 as '[redacted]'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: <email address hidden>
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: <email address hidden> MAC: <implicit> compression: none
debug1: kex: client->server cipher: <email address hidden> MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:iIlPeeVmFl4u0FgrK6OurVl++0Kv4h00sQtDbqczY/s
debug1: Host '[redacted]' is known and matches the RSA host key.
debug1: Found key in /home/dseomn/.ssh/known_hosts:9
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: cardno:[redacted]
debug1: Server accepts key: pkalg ssh-rsa blen 535
debug1: Authentication succeeded (publickey).
Authenticated to [redacted] (via proxy).
debug1: channel 0: new [client-session]
debug1: Requesting <email address hidden>
debug1: Entering interactive session.
debug1: pledge: proc
debug1: client_input_global_request: rtype <email address hidden> want_reply 0
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending subsystem: sftp
^Cdebug1: channel 0: free: client-session, nchannels 1
debug1: Killed by signal 2.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.