Ubuntu
ssh-askpass package

ssh agent seems to confuse two copies of keys

Bug #913649 reported by Jeff Abrahamson
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssh (Debian)
New
Unknown
ssh-askpass (Ubuntu)
New
Undecided
Unassigned

Bug Description

This bug concerns an interaction between ssh-askpass / gnome-keyring-agent, ssh-agent, and ssh-add.

When I login, my two ssh public keys are automatically added to the agent (by gnome, I think). I use ssh-add <keyname> to set the passwords. I expect the agent now to know about all of my keys and their pass phrases, but the agent seems to know about two copies of each key, one with passphrase (which I provided) and one without (which it auto-discovered).

jeff@nantes:.ssh $ ssh-add -l
2048 65:f6:25:dd:dc:39:19:08:75:cf:d3:34:1c:da:2b:1b jeff-@nantes (RSA)
2048 e1:a0:e1:38:4b:a0:27:68:bf:60:d8:4c:b4:ef:4c:c6 id_rsa.git (RSA)
2048 65:f6:25:dd:dc:39:19:08:75:cf:d3:34:1c:da:2b:1b id_rsa (RSA)
2048 e1:a0:e1:38:4b:a0:27:68:bf:60:d8:4c:b4:ef:4c:c6 jeff-git@nantes (RSA)
jeff@nantes:.ssh $ grep -H @ *pub | tr : ' ' | awk '{print $1 ":" $4}'
id_rsa.git.pub:jeff-git@nantes
id_rsa.pub:jeff-@nantes
jeff@nantes:.ssh $

Note that there are two key signatures above, each known twice by the agent.

The result is that some ssh actions work fine (e.g., ssh depending on the key in id_rsa.pub). But ssh depending on the key in id_rsa.git.pub results in the keyring agent asking me for a key. Once I provide the key, all is fine. But providing it is a bit of a bother, since the key is long and hard to type, and the request window is modal, preventing me from going and copying it from my password manager. And, anyway, my goal was to provide all my keys on my own schedule, not at random points in my workflow.

I am aware that what I am reporting involves a number of hidden steps that I have deduced, and so possibly incorrectly. I'm certainly open to actions to further define what is happening.

ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: ssh-askpass (not installed)
ProcVersionSignature: Ubuntu 3.0.0-14.23-generic 3.0.9
Uname: Linux 3.0.0-14-generic i686
ApportVersion: 1.23-0ubuntu4
Architecture: i386
Date: Mon Jan 9 07:48:13 2012
EcryptfsInUse: Yes
InstallationMedia: Ubuntu-Netbook-Remix 9.10 "Karmic Koala" - Release i386 (20091028.4)
SourcePackage: ssh-askpass
UpgradeStatus: Upgraded to oneiric on 2011-12-30 (9 days ago)

Revision history for this message
Jeff Abrahamson (jeff-purple) wrote :
Bug Watch Updater (bug-watch-updater)
Changed in openssh (Debian):
status: Unknown → New
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.