Ubuntu
openssh package

'ssh-add -l' doesn't list the key email/comment (unlike gnome-keyring's agent used to)

Bug #1758924 reported by Nathan Neulinger
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

Updated today, it moved from

2018-03-26 08:11:25 upgrade gnome-keyring:amd64 3.27.4-2ubuntu1 3.28.0.1-1ubuntu1

to

2018-03-26 08:14:34 status installed gnome-keyring:amd64 3.28.0.1-1ubuntu1

After this, noticed that some local code that uses ssh key comments (from 'ssh-add -l' output) for automatic annotations is no longer working right.

Previously (example from 16.04):

nneul@skyhawk:~ $ ssh-add -l
2048 SHA256:...... <email address hidden> (RSA)

Now (from current 18):

nneul@infinity:~ $ ssh-add -l
2048 SHA256:...... /users/nneul/.ssh/id_rsa (RSA)

This is a negative change from my perspective as we are making use of that comment for automatic annotations (not security sensitive) and things like automatically populating git identity when managing a shared application development/server accounts.

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: gnome-keyring 3.28.0.1-1ubuntu1
ProcVersionSignature: Ubuntu 4.13.0-17.20-generic 4.13.8
Uname: Linux 4.13.0-17-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia
ApportVersion: 2.20.9-0ubuntu1
Architecture: amd64
CurrentDesktop: XFCE
Date: Mon Mar 26 08:51:30 2018
InstallationDate: Installed on 2015-11-09 (867 days ago)
InstallationMedia: Ubuntu-Server 15.10 "Wily Werewolf" - Release amd64 (20151021)
SourcePackage: gnome-keyring
UpgradeStatus: Upgraded to bionic on 2017-12-05 (110 days ago)

Revision history for this message
Nathan Neulinger (nneul-0) wrote :
Revision history for this message
Nathan Neulinger (nneul-0) wrote :

Workaround appears to be 'ssh-add -d' to remove the dynamically added identities - it then seems to reload from identity file and includes the key comment.

Revision history for this message
Nathan Neulinger (nneul-0) wrote :

Update - that ssh-add -d did not actually work. It appears that it does get the 'ssh-add -l' output back to correct, but any attempt to actually USE the agent immediately re-adds the entry with only the filename/path as the comment.

Revision history for this message
Nathan Neulinger (nneul-0) wrote :

I have confirmed that overwriting gnome-keyring-daemon with an older version from ub16 does return the behavior to expected.

Revision history for this message
Sebastien Bacher (seb128) wrote :

Thank you for your bug report, in that version gnome-keyring removed its own ssh-agent implementation to use the openssh one,
https://gitlab.gnome.org/GNOME/gnome-keyring/commit/8db2b978

That's a behaviour change but not really a bug/something gnome-keyring is going to be able to fix, rather a request for openssh to behaves differently (as gnome-keyring's implementation was doing), reassigning there

affects: gnome-keyring (Ubuntu) → openssh (Ubuntu)
summary: - gnome-keyring no longer including ssh key comment 3.27.4-2 to 3.28.0.1-1
+ 'ssh-add -l' doesn't like the key email/comment (unlike gnome-keyring's
+ agent used to)
Revision history for this message
Christian Ehrhardt  (paelzer) wrote : Re: 'ssh-add -l' doesn't like the key email/comment (unlike gnome-keyring's agent used to)

Thanks Sebastien for re-assigning.

And thank you Nathan, for taking the time to report this bug and helping to make Ubuntu better. I appreciate the quality of this bug report and I'm sure it'll be helpful to others experiencing the same issue.

I agree to the triage made so far, but in that case that is not more or less than an openssh upstream feature request.
You should check if that was not resolved in the meantime. Bionic is on 1:7.6p1-4ubuntu0.3 while Current Disco Development release 19.04 is already on upstreams latest 1:7.9p1-9.

Once confirmed to be upstream bug (by checking it exists in the latest version), the best route to getting it fixed in Ubuntu in this case would be to file an upstream bug if you're able to do that. Otherwise, I'm not sure what we can do directly in Ubuntu to fix the problem.

OTOH it might also be worth to check if there is some key attribute that makes it work again.
Here my current list:
$ ssh-add -l
4096 SHA256:... /home/paelzer/.ssh/id_rsa (RSA)
2048 SHA256:... ubuntu@cpaelzer-bastion (RSA)
4096 SHA256:... paelzer@lap (RSA)
4096 SHA256:... <email address hidden>... (RSA)
You see all but the first one have the comment listed - yet I fail to see the difference as they keys look the same and id_rsa{.pub} has the same style of mentioning an id like the others that work. Never the less maybe a path for you to evaluate (or clarify with upstream).

If you do end up filing an upstream bug, please link to it from (or at least mention it) here. Thanks!

Changed in openssh (Ubuntu):
status: New → Incomplete
Sebastien Bacher (seb128)
summary: - 'ssh-add -l' doesn't like the key email/comment (unlike gnome-keyring's
+ 'ssh-add -l' doesn't list the key email/comment (unlike gnome-keyring's
agent used to)
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for openssh (Ubuntu) because there has been no activity for 60 days.]

Changed in openssh (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.