[lucid] gpg-agent prevents unprotection of passphrases
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GnuPG2 |
Fix Released
|
Unknown
|
|||
gnupg2 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: gpg-agent
gpg-agent version 2.0.14 has a known bug which prevents unprotection of new or changed gpg-agent passphrases.
If someone tries to unlock an ssh-key which has been changed with the lucid's version of the agent (2.0.14) the pinentry program will always report a wrong passphrase and ssh will fail with "Agent admitted failure to sign using the key."
https:/
http://
A patch from upstream has been attached (http://
TEST CASE:
- Prepare a SSH key (or take an existing one):
ssh-keygen -C "test key" -f test_key
cat test_key.pub >> ~/.ssh/
- Test that it's broken:
eval "$(gpg-agent --daemon --enable-
ssh-add test_key
ssh localhost
- Test that the fix works:
ssh-add -d test_key
rm ~/.gnupg/
Install the fixed packages
eval "$(gpg-agent --daemon --enable-
ssh-add test_key
ssh localhost
Related branches
Changed in gnupg2 (Ubuntu): | |
status: | New → Confirmed |
description: | updated |
tags: | added: patch |
Changed in gnupg2: | |
status: | Unknown → Fix Released |
description: | updated |
tags: |
added: verification-done removed: verification-needed |
to reproduce the error (you should backup your ~/.ssh/ authorized_ keys file):
eval "$(gpg-agent --daemon --enable- ssh-support) " authorized_ keys
ssh-keygen -C "test key" -f test_key
ssh-add test_key
cat test_key.pub > ~/.ssh/
ssh localhost