2020-03-31 14:40:05 |
Andreas Hasenack |
bug |
|
|
added bug |
2020-03-31 14:40:43 |
Andreas Hasenack |
description |
I can't exactly pinpoint which gnome package is responsible for this. It might be gnome-keyring. Let's go with gnome-shell first.
TL;DR openssh 8.2p1 in focal has support for U2F authentication. You can create a keypair and the authentication only succeeds if you have the u2f hardware device plugged in, and touch it at the moment of authentication.
In a console only env, it works like this:
"""
andreas@nsnx:~$ env|grep SSH
andreas@nsnx:~$ ssh -i .ssh/id_ecdsa_sk 10.0.100.75
Confirm user presence for key ECDSA-SK SHA256:bS6vX6b+Bp8Xu/LF4Gw10dV0Y6AkjFPjPoO5q0A546M
Welcome to Ubuntu Focal Fossa (development branch) (GNU/Linux 5.4.0-21-generic x86_64)
...
Last login: Tue Mar 31 13:35:44 2020 from 10.0.100.1
"""
The "Confirm" prompt is asking the user to touch the hardware device (a yubikey in this case).
If I use openssh's ssh-agent, it still works as expected and I see that prompt:
"""
andreas@nsnx:~$ env|grep SSH
andreas@nsnx:~$ eval $(ssh-agent)
Agent pid 68267
andreas@nsnx:~$ env|grep SSH
SSH_AUTH_SOCK=/tmp/ssh-75OwXd9gR6tq/agent.68252
SSH_AGENT_PID=68267
andreas@nsnx:~$ ssh -i .ssh/id_ecdsa_sk 10.0.100.75
Warning: Permanently added '10.0.100.75' (ECDSA) to the list of known hosts.
Confirm user presence for key ECDSA-SK SHA256:bS6vX6b+Bp8Xu/LF4Gw10dV0Y6AkjFPjPoO5q0A546M
Welcome to Ubuntu Focal Fossa (development branch) (GNU/Linux 5.4.0-21-generic x86_64)
(...)
Last login: Tue Mar 31 14:33:18 2020 from 10.0.100.1
"""
But with "gnome's ssh-agent" (I'm waving my hands here a bit), it just stalls. The prompt is swallowed by something. Here I opened a new gnome terminal in my existing focal desktop session:
"""
andreas@nsnx:~$ env|grep SSH
SSH_AUTH_SOCK=/run/user/1000/keyring/ssh
SSH_AGENT_PID=4655
andreas@nsnx:~$ ssh -i .ssh/id_ecdsa_sk 10.0.100.75
<hangs here, and the yubikey starts flashing>
"""
It only moves forward if I touch the device, which is expected. But the "Confirm user presence" prompt is nowhere to be seen.
I'm not sure how gnome-keyring interacts with ssh-agent. I see it is spawned by gnome-keyring-daemon:
4556 ? Sl 0:00 /usr/bin/gnome-keyring-daemon --daemonize --login
6449 ? S 0:00 \_ /usr/bin/ssh-agent -D -a /run/user/1000/keyring/.ssh
But the PID referenced by the SSH_AGENT_PID shell variable above points to another copy, spawned by gnome-session-binary:
4583 tty3 Sl+ 0:00 \_ /usr/libexec/gnome-session-binary --systemd --systemd --session=ubuntu
4655 ? Ss 0:00 \_ /usr/bin/ssh-agent /usr/bin/im-launch env GNOME_SHELL_SESSION_MODE=ubuntu /usr/bin/gnome-session --systemd --session=ubuntu
In any case, the actual prompt "Confirm user presence for key" comes from openssh code:
./ssh-agent.c: "Confirm user presence for key %s %s",
./sshconnect2.c: "Confirm user presence for key %s %s",
My guess is that the gnome wrapper, whatever it is, is not expecting that prompt.
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: gnome-shell 3.36.0-2ubuntu2
ProcVersionSignature: Ubuntu 5.4.0-21.25-generic 5.4.27
Uname: Linux 5.4.0-21-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu21
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Tue Mar 31 11:29:06 2020
DisplayManager: gdm3
InstallationDate: Installed on 2019-10-13 (169 days ago)
InstallationMedia: Ubuntu 19.10 "Eoan Ermine" - Beta amd64 (20191010)
RelatedPackageVersions: mutter-common 3.36.0-2ubuntu1
SourcePackage: gnome-shell
UpgradeStatus: Upgraded to focal on 2020-01-30 (60 days ago) |
I can't exactly pinpoint which gnome package is responsible for this. It might be gnome-keyring. Let's go with gnome-shell first.
TL;DR openssh 8.2p1 in focal has support for U2F authentication. This is a new feature we will highlight in the release notes and a blog post.
You can create a keypair and the authentication only succeeds if you have the u2f hardware device plugged in, and touch it at the moment of authentication.
In a console only env, it works like this:
"""
andreas@nsnx:~$ env|grep SSH
andreas@nsnx:~$ ssh -i .ssh/id_ecdsa_sk 10.0.100.75
Confirm user presence for key ECDSA-SK SHA256:bS6vX6b+Bp8Xu/LF4Gw10dV0Y6AkjFPjPoO5q0A546M
Welcome to Ubuntu Focal Fossa (development branch) (GNU/Linux 5.4.0-21-generic x86_64)
...
Last login: Tue Mar 31 13:35:44 2020 from 10.0.100.1
"""
The "Confirm" prompt is asking the user to touch the hardware device (a yubikey in this case).
If I use openssh's ssh-agent, it still works as expected and I see that prompt:
"""
andreas@nsnx:~$ env|grep SSH
andreas@nsnx:~$ eval $(ssh-agent)
Agent pid 68267
andreas@nsnx:~$ env|grep SSH
SSH_AUTH_SOCK=/tmp/ssh-75OwXd9gR6tq/agent.68252
SSH_AGENT_PID=68267
andreas@nsnx:~$ ssh -i .ssh/id_ecdsa_sk 10.0.100.75
Warning: Permanently added '10.0.100.75' (ECDSA) to the list of known hosts.
Confirm user presence for key ECDSA-SK SHA256:bS6vX6b+Bp8Xu/LF4Gw10dV0Y6AkjFPjPoO5q0A546M
Welcome to Ubuntu Focal Fossa (development branch) (GNU/Linux 5.4.0-21-generic x86_64)
(...)
Last login: Tue Mar 31 14:33:18 2020 from 10.0.100.1
"""
But with "gnome's ssh-agent" (I'm waving my hands here a bit), it just stalls. The prompt is swallowed by something. Here I opened a new gnome terminal in my existing focal desktop session:
"""
andreas@nsnx:~$ env|grep SSH
SSH_AUTH_SOCK=/run/user/1000/keyring/ssh
SSH_AGENT_PID=4655
andreas@nsnx:~$ ssh -i .ssh/id_ecdsa_sk 10.0.100.75
<hangs here, and the yubikey starts flashing>
"""
It only moves forward if I touch the device, which is expected. But the "Confirm user presence" prompt is nowhere to be seen.
I'm not sure how gnome-keyring interacts with ssh-agent. I see it is spawned by gnome-keyring-daemon:
4556 ? Sl 0:00 /usr/bin/gnome-keyring-daemon --daemonize --login
6449 ? S 0:00 \_ /usr/bin/ssh-agent -D -a /run/user/1000/keyring/.ssh
But the PID referenced by the SSH_AGENT_PID shell variable above points to another copy, spawned by gnome-session-binary:
4583 tty3 Sl+ 0:00 \_ /usr/libexec/gnome-session-binary --systemd --systemd --session=ubuntu
4655 ? Ss 0:00 \_ /usr/bin/ssh-agent /usr/bin/im-launch env GNOME_SHELL_SESSION_MODE=ubuntu /usr/bin/gnome-session --systemd --session=ubuntu
In any case, the actual prompt "Confirm user presence for key" comes from openssh code:
./ssh-agent.c: "Confirm user presence for key %s %s",
./sshconnect2.c: "Confirm user presence for key %s %s",
My guess is that the gnome wrapper, whatever it is, is not expecting that prompt.
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: gnome-shell 3.36.0-2ubuntu2
ProcVersionSignature: Ubuntu 5.4.0-21.25-generic 5.4.27
Uname: Linux 5.4.0-21-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu21
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Tue Mar 31 11:29:06 2020
DisplayManager: gdm3
InstallationDate: Installed on 2019-10-13 (169 days ago)
InstallationMedia: Ubuntu 19.10 "Eoan Ermine" - Beta amd64 (20191010)
RelatedPackageVersions: mutter-common 3.36.0-2ubuntu1
SourcePackage: gnome-shell
UpgradeStatus: Upgraded to focal on 2020-01-30 (60 days ago) |
|
2020-03-31 14:49:22 |
Joshua Powers |
bug |
|
|
added subscriber Joshua Powers |
2020-03-31 17:12:38 |
Andreas Hasenack |
description |
I can't exactly pinpoint which gnome package is responsible for this. It might be gnome-keyring. Let's go with gnome-shell first.
TL;DR openssh 8.2p1 in focal has support for U2F authentication. This is a new feature we will highlight in the release notes and a blog post.
You can create a keypair and the authentication only succeeds if you have the u2f hardware device plugged in, and touch it at the moment of authentication.
In a console only env, it works like this:
"""
andreas@nsnx:~$ env|grep SSH
andreas@nsnx:~$ ssh -i .ssh/id_ecdsa_sk 10.0.100.75
Confirm user presence for key ECDSA-SK SHA256:bS6vX6b+Bp8Xu/LF4Gw10dV0Y6AkjFPjPoO5q0A546M
Welcome to Ubuntu Focal Fossa (development branch) (GNU/Linux 5.4.0-21-generic x86_64)
...
Last login: Tue Mar 31 13:35:44 2020 from 10.0.100.1
"""
The "Confirm" prompt is asking the user to touch the hardware device (a yubikey in this case).
If I use openssh's ssh-agent, it still works as expected and I see that prompt:
"""
andreas@nsnx:~$ env|grep SSH
andreas@nsnx:~$ eval $(ssh-agent)
Agent pid 68267
andreas@nsnx:~$ env|grep SSH
SSH_AUTH_SOCK=/tmp/ssh-75OwXd9gR6tq/agent.68252
SSH_AGENT_PID=68267
andreas@nsnx:~$ ssh -i .ssh/id_ecdsa_sk 10.0.100.75
Warning: Permanently added '10.0.100.75' (ECDSA) to the list of known hosts.
Confirm user presence for key ECDSA-SK SHA256:bS6vX6b+Bp8Xu/LF4Gw10dV0Y6AkjFPjPoO5q0A546M
Welcome to Ubuntu Focal Fossa (development branch) (GNU/Linux 5.4.0-21-generic x86_64)
(...)
Last login: Tue Mar 31 14:33:18 2020 from 10.0.100.1
"""
But with "gnome's ssh-agent" (I'm waving my hands here a bit), it just stalls. The prompt is swallowed by something. Here I opened a new gnome terminal in my existing focal desktop session:
"""
andreas@nsnx:~$ env|grep SSH
SSH_AUTH_SOCK=/run/user/1000/keyring/ssh
SSH_AGENT_PID=4655
andreas@nsnx:~$ ssh -i .ssh/id_ecdsa_sk 10.0.100.75
<hangs here, and the yubikey starts flashing>
"""
It only moves forward if I touch the device, which is expected. But the "Confirm user presence" prompt is nowhere to be seen.
I'm not sure how gnome-keyring interacts with ssh-agent. I see it is spawned by gnome-keyring-daemon:
4556 ? Sl 0:00 /usr/bin/gnome-keyring-daemon --daemonize --login
6449 ? S 0:00 \_ /usr/bin/ssh-agent -D -a /run/user/1000/keyring/.ssh
But the PID referenced by the SSH_AGENT_PID shell variable above points to another copy, spawned by gnome-session-binary:
4583 tty3 Sl+ 0:00 \_ /usr/libexec/gnome-session-binary --systemd --systemd --session=ubuntu
4655 ? Ss 0:00 \_ /usr/bin/ssh-agent /usr/bin/im-launch env GNOME_SHELL_SESSION_MODE=ubuntu /usr/bin/gnome-session --systemd --session=ubuntu
In any case, the actual prompt "Confirm user presence for key" comes from openssh code:
./ssh-agent.c: "Confirm user presence for key %s %s",
./sshconnect2.c: "Confirm user presence for key %s %s",
My guess is that the gnome wrapper, whatever it is, is not expecting that prompt.
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: gnome-shell 3.36.0-2ubuntu2
ProcVersionSignature: Ubuntu 5.4.0-21.25-generic 5.4.27
Uname: Linux 5.4.0-21-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu21
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Tue Mar 31 11:29:06 2020
DisplayManager: gdm3
InstallationDate: Installed on 2019-10-13 (169 days ago)
InstallationMedia: Ubuntu 19.10 "Eoan Ermine" - Beta amd64 (20191010)
RelatedPackageVersions: mutter-common 3.36.0-2ubuntu1
SourcePackage: gnome-shell
UpgradeStatus: Upgraded to focal on 2020-01-30 (60 days ago) |
I can't exactly pinpoint which gnome package is responsible for this. It might be gnome-keyring. Let's go with gnome-shell first.
openssh 8.2p1[1] in focal has support for U2F authentication. This is a new feature we will highlight in the release notes and a blog post.
You can create a keypair and the authentication only succeeds if you have the u2f hardware device plugged in, and touch it at the moment of authentication.
In a console only env, it works like this:
"""
andreas@nsnx:~$ env|grep SSH
andreas@nsnx:~$ ssh -i .ssh/id_ecdsa_sk 10.0.100.75
Confirm user presence for key ECDSA-SK SHA256:bS6vX6b+Bp8Xu/LF4Gw10dV0Y6AkjFPjPoO5q0A546M
Welcome to Ubuntu Focal Fossa (development branch) (GNU/Linux 5.4.0-21-generic x86_64)
...
Last login: Tue Mar 31 13:35:44 2020 from 10.0.100.1
"""
The "Confirm" prompt is asking the user to touch the hardware device (a yubikey in this case).
If I use openssh's ssh-agent, it still works as expected and I see that prompt:
"""
andreas@nsnx:~$ env|grep SSH
andreas@nsnx:~$ eval $(ssh-agent)
Agent pid 68267
andreas@nsnx:~$ env|grep SSH
SSH_AUTH_SOCK=/tmp/ssh-75OwXd9gR6tq/agent.68252
SSH_AGENT_PID=68267
andreas@nsnx:~$ ssh -i .ssh/id_ecdsa_sk 10.0.100.75
Warning: Permanently added '10.0.100.75' (ECDSA) to the list of known hosts.
Confirm user presence for key ECDSA-SK SHA256:bS6vX6b+Bp8Xu/LF4Gw10dV0Y6AkjFPjPoO5q0A546M
Welcome to Ubuntu Focal Fossa (development branch) (GNU/Linux 5.4.0-21-generic x86_64)
(...)
Last login: Tue Mar 31 14:33:18 2020 from 10.0.100.1
"""
But with "gnome's ssh-agent" (I'm waving my hands here a bit), it just stalls. The prompt is swallowed by something. Here I opened a new gnome terminal in my existing focal desktop session:
"""
andreas@nsnx:~$ env|grep SSH
SSH_AUTH_SOCK=/run/user/1000/keyring/ssh
SSH_AGENT_PID=4655
andreas@nsnx:~$ ssh -i .ssh/id_ecdsa_sk 10.0.100.75
<hangs here, and the yubikey starts flashing>
"""
It only moves forward if I touch the device, which is expected. But the "Confirm user presence" prompt is nowhere to be seen.
I'm not sure how gnome-keyring interacts with ssh-agent. I see it is spawned by gnome-keyring-daemon:
4556 ? Sl 0:00 /usr/bin/gnome-keyring-daemon --daemonize --login
6449 ? S 0:00 \_ /usr/bin/ssh-agent -D -a /run/user/1000/keyring/.ssh
But the PID referenced by the SSH_AGENT_PID shell variable above points to another copy, spawned by gnome-session-binary:
4583 tty3 Sl+ 0:00 \_ /usr/libexec/gnome-session-binary --systemd --systemd --session=ubuntu
4655 ? Ss 0:00 \_ /usr/bin/ssh-agent /usr/bin/im-launch env GNOME_SHELL_SESSION_MODE=ubuntu /usr/bin/gnome-session --systemd --session=ubuntu
In any case, the actual prompt "Confirm user presence for key" comes from openssh code:
./ssh-agent.c: "Confirm user presence for key %s %s",
./sshconnect2.c: "Confirm user presence for key %s %s",
My guess is that the gnome wrapper, whatever it is, is not expecting that prompt.
1. https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1869897
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: gnome-shell 3.36.0-2ubuntu2
ProcVersionSignature: Ubuntu 5.4.0-21.25-generic 5.4.27
Uname: Linux 5.4.0-21-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu21
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Tue Mar 31 11:29:06 2020
DisplayManager: gdm3
InstallationDate: Installed on 2019-10-13 (169 days ago)
InstallationMedia: Ubuntu 19.10 "Eoan Ermine" - Beta amd64 (20191010)
RelatedPackageVersions: mutter-common 3.36.0-2ubuntu1
SourcePackage: gnome-shell
UpgradeStatus: Upgraded to focal on 2020-01-30 (60 days ago) |
|
2020-04-07 14:19:00 |
Martin Wimpress |
gnome-shell (Ubuntu): importance |
Undecided |
Wishlist |
|
2020-04-07 14:51:05 |
Sebastien Bacher |
tags |
amd64 apport-bug champagne focal |
amd64 apport-bug focal rls-ff-notfixing |
|
2020-04-07 17:35:12 |
Andreas Hasenack |
bug watch added |
|
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2598 |
|
2020-04-07 17:35:19 |
Andreas Hasenack |
bug task added |
|
gnome-shell |
|
2020-04-07 17:35:45 |
Andreas Hasenack |
description |
I can't exactly pinpoint which gnome package is responsible for this. It might be gnome-keyring. Let's go with gnome-shell first.
openssh 8.2p1[1] in focal has support for U2F authentication. This is a new feature we will highlight in the release notes and a blog post.
You can create a keypair and the authentication only succeeds if you have the u2f hardware device plugged in, and touch it at the moment of authentication.
In a console only env, it works like this:
"""
andreas@nsnx:~$ env|grep SSH
andreas@nsnx:~$ ssh -i .ssh/id_ecdsa_sk 10.0.100.75
Confirm user presence for key ECDSA-SK SHA256:bS6vX6b+Bp8Xu/LF4Gw10dV0Y6AkjFPjPoO5q0A546M
Welcome to Ubuntu Focal Fossa (development branch) (GNU/Linux 5.4.0-21-generic x86_64)
...
Last login: Tue Mar 31 13:35:44 2020 from 10.0.100.1
"""
The "Confirm" prompt is asking the user to touch the hardware device (a yubikey in this case).
If I use openssh's ssh-agent, it still works as expected and I see that prompt:
"""
andreas@nsnx:~$ env|grep SSH
andreas@nsnx:~$ eval $(ssh-agent)
Agent pid 68267
andreas@nsnx:~$ env|grep SSH
SSH_AUTH_SOCK=/tmp/ssh-75OwXd9gR6tq/agent.68252
SSH_AGENT_PID=68267
andreas@nsnx:~$ ssh -i .ssh/id_ecdsa_sk 10.0.100.75
Warning: Permanently added '10.0.100.75' (ECDSA) to the list of known hosts.
Confirm user presence for key ECDSA-SK SHA256:bS6vX6b+Bp8Xu/LF4Gw10dV0Y6AkjFPjPoO5q0A546M
Welcome to Ubuntu Focal Fossa (development branch) (GNU/Linux 5.4.0-21-generic x86_64)
(...)
Last login: Tue Mar 31 14:33:18 2020 from 10.0.100.1
"""
But with "gnome's ssh-agent" (I'm waving my hands here a bit), it just stalls. The prompt is swallowed by something. Here I opened a new gnome terminal in my existing focal desktop session:
"""
andreas@nsnx:~$ env|grep SSH
SSH_AUTH_SOCK=/run/user/1000/keyring/ssh
SSH_AGENT_PID=4655
andreas@nsnx:~$ ssh -i .ssh/id_ecdsa_sk 10.0.100.75
<hangs here, and the yubikey starts flashing>
"""
It only moves forward if I touch the device, which is expected. But the "Confirm user presence" prompt is nowhere to be seen.
I'm not sure how gnome-keyring interacts with ssh-agent. I see it is spawned by gnome-keyring-daemon:
4556 ? Sl 0:00 /usr/bin/gnome-keyring-daemon --daemonize --login
6449 ? S 0:00 \_ /usr/bin/ssh-agent -D -a /run/user/1000/keyring/.ssh
But the PID referenced by the SSH_AGENT_PID shell variable above points to another copy, spawned by gnome-session-binary:
4583 tty3 Sl+ 0:00 \_ /usr/libexec/gnome-session-binary --systemd --systemd --session=ubuntu
4655 ? Ss 0:00 \_ /usr/bin/ssh-agent /usr/bin/im-launch env GNOME_SHELL_SESSION_MODE=ubuntu /usr/bin/gnome-session --systemd --session=ubuntu
In any case, the actual prompt "Confirm user presence for key" comes from openssh code:
./ssh-agent.c: "Confirm user presence for key %s %s",
./sshconnect2.c: "Confirm user presence for key %s %s",
My guess is that the gnome wrapper, whatever it is, is not expecting that prompt.
1. https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1869897
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: gnome-shell 3.36.0-2ubuntu2
ProcVersionSignature: Ubuntu 5.4.0-21.25-generic 5.4.27
Uname: Linux 5.4.0-21-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu21
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Tue Mar 31 11:29:06 2020
DisplayManager: gdm3
InstallationDate: Installed on 2019-10-13 (169 days ago)
InstallationMedia: Ubuntu 19.10 "Eoan Ermine" - Beta amd64 (20191010)
RelatedPackageVersions: mutter-common 3.36.0-2ubuntu1
SourcePackage: gnome-shell
UpgradeStatus: Upgraded to focal on 2020-01-30 (60 days ago) |
I can't exactly pinpoint which gnome package is responsible for this. It might be gnome-keyring. Let's go with gnome-shell first.
openssh 8.2p1[1] in focal has support for U2F authentication. This is a new feature we will highlight in the release notes and a blog post.
You can create a keypair and the authentication only succeeds if you have the u2f hardware device plugged in, and touch it at the moment of authentication.
In a console only env, it works like this:
"""
andreas@nsnx:~$ env|grep SSH
andreas@nsnx:~$ ssh -i .ssh/id_ecdsa_sk 10.0.100.75
Confirm user presence for key ECDSA-SK SHA256:bS6vX6b+Bp8Xu/LF4Gw10dV0Y6AkjFPjPoO5q0A546M
Welcome to Ubuntu Focal Fossa (development branch) (GNU/Linux 5.4.0-21-generic x86_64)
...
Last login: Tue Mar 31 13:35:44 2020 from 10.0.100.1
"""
The "Confirm" prompt is asking the user to touch the hardware device (a yubikey in this case).
If I use openssh's ssh-agent, it still works as expected and I see that prompt:
"""
andreas@nsnx:~$ env|grep SSH
andreas@nsnx:~$ eval $(ssh-agent)
Agent pid 68267
andreas@nsnx:~$ env|grep SSH
SSH_AUTH_SOCK=/tmp/ssh-75OwXd9gR6tq/agent.68252
SSH_AGENT_PID=68267
andreas@nsnx:~$ ssh -i .ssh/id_ecdsa_sk 10.0.100.75
Warning: Permanently added '10.0.100.75' (ECDSA) to the list of known hosts.
Confirm user presence for key ECDSA-SK SHA256:bS6vX6b+Bp8Xu/LF4Gw10dV0Y6AkjFPjPoO5q0A546M
Welcome to Ubuntu Focal Fossa (development branch) (GNU/Linux 5.4.0-21-generic x86_64)
(...)
Last login: Tue Mar 31 14:33:18 2020 from 10.0.100.1
"""
But with "gnome's ssh-agent" (I'm waving my hands here a bit), it just stalls. The prompt is swallowed by something. Here I opened a new gnome terminal in my existing focal desktop session:
"""
andreas@nsnx:~$ env|grep SSH
SSH_AUTH_SOCK=/run/user/1000/keyring/ssh
SSH_AGENT_PID=4655
andreas@nsnx:~$ ssh -i .ssh/id_ecdsa_sk 10.0.100.75
<hangs here, and the yubikey starts flashing>
"""
It only moves forward if I touch the device, which is expected. But the "Confirm user presence" prompt is nowhere to be seen.
I'm not sure how gnome-keyring interacts with ssh-agent. I see it is spawned by gnome-keyring-daemon:
4556 ? Sl 0:00 /usr/bin/gnome-keyring-daemon --daemonize --login
6449 ? S 0:00 \_ /usr/bin/ssh-agent -D -a /run/user/1000/keyring/.ssh
But the PID referenced by the SSH_AGENT_PID shell variable above points to another copy, spawned by gnome-session-binary:
4583 tty3 Sl+ 0:00 \_ /usr/libexec/gnome-session-binary --systemd --systemd --session=ubuntu
4655 ? Ss 0:00 \_ /usr/bin/ssh-agent /usr/bin/im-launch env GNOME_SHELL_SESSION_MODE=ubuntu /usr/bin/gnome-session --systemd --session=ubuntu
In any case, the actual prompt "Confirm user presence for key" comes from openssh code:
./ssh-agent.c: "Confirm user presence for key %s %s",
./sshconnect2.c: "Confirm user presence for key %s %s",
My guess is that the gnome wrapper, whatever it is, is not expecting that prompt.
1. https://www.openssh.com/txt/release-8.2
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: gnome-shell 3.36.0-2ubuntu2
ProcVersionSignature: Ubuntu 5.4.0-21.25-generic 5.4.27
Uname: Linux 5.4.0-21-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu21
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Tue Mar 31 11:29:06 2020
DisplayManager: gdm3
InstallationDate: Installed on 2019-10-13 (169 days ago)
InstallationMedia: Ubuntu 19.10 "Eoan Ermine" - Beta amd64 (20191010)
RelatedPackageVersions: mutter-common 3.36.0-2ubuntu1
SourcePackage: gnome-shell
UpgradeStatus: Upgraded to focal on 2020-01-30 (60 days ago) |
|
2020-04-10 16:24:28 |
Jani Uusitalo |
bug |
|
|
added subscriber Jani Uusitalo |
2020-04-17 07:14:31 |
Sebastien Bacher |
gnome-shell (Ubuntu): status |
New |
Triaged |
|
2020-05-04 19:49:54 |
David Negreira |
bug |
|
|
added subscriber David Negreira |
2020-05-10 21:18:53 |
Jean-Max Reymond |
bug |
|
|
added subscriber Jean-Max Reymond |
2020-05-18 00:35:23 |
Marcos Alano |
bug |
|
|
added subscriber Marcos Alano |
2022-04-21 07:32:35 |
Timothy Allen |
bug |
|
|
added subscriber Timothy Allen |
2022-10-29 07:48:56 |
Bug Watch Updater |
gnome-shell: status |
Unknown |
New |
|
2022-11-24 10:59:27 |
Harm van Bakel |
bug |
|
|
added subscriber Harm van Bakel |
2023-01-03 21:41:27 |
danilo neves cruz |
bug |
|
|
added subscriber danilo neves cruz |
2023-06-26 02:15:08 |
Birgit Edel |
bug |
|
|
added subscriber Birgit Edel |
2024-07-19 18:31:37 |
Tyler Stiene |
bug |
|
|
added subscriber Tyler Stiene |