- Package:
- gnome-keyring
- Source:
- gnome-keyring
- Description:
- GNOME keyring services (daemon and tools)
- Submitter:
- Wouter Verhelst
- Date:
- 2019-12-28 11:00:07 UTC
- Severity:
- wishlist
Hi, Since a while, when running 'ssh-add -c' (which is supposed to make ssh-agent ask the user for confirmation before allowing use of an ssh key), ssh-add prints "SSH_AGENT_FAILURE" on a line by itself (without explaining what the exact failure is). The result seems to be that ssh-agent then does know the key and allows software to use it, but it does not request user confirmation before giving out the secret key.
I can't reproduce this: <cjwatson@sarantium ~>$ ssh-add -c Enter passphrase for /home/cjwatson/.ssh/id_rsa: Identity added: /home/cjwatson/.ssh/id_rsa (/home/cjwatson/.ssh/id_rsa) The user has to confirm each use of the key Is it possible that you are not in fact using ssh-agent, but a different not-quite-compatible agent provided by something like seahorse? Have a look at what's behind $SSH_AUTH_SOCK.
Yes, that does appear to be the case; $SSH_AUTH_SOCK seems to be served by gnome-agent. I apparently also can't get rid of it without removing gdm. Sigh. Why do the gnome people have to be so insane? Oh well.
There's no match for "gnome-agent" in dists/unstable/Contents-i386.gz. Would you mind figuring out the correct package and reassigning this bug? Thanks,
reassign 493874 gnome-keyring severity 493874 wishlist thanks confused by the fact that ssh calls it an 'agent'. To the maintainer of gnome-keyring: ssh-add has a '-c' option, which will cause ssh-add to request from ssh-agent that it requests confirmation from the user every time an application tries to access the key; this is a benefit security-wise. It would be nice if gnome-keyring were to implement this.
hey folks-- #493874 (gnome-keyring doesn't ask for confirmation with ssh keys), in combination with #516230 (gnome-keyring daemon acts as ssh-agent even when instructed not to) causes a potentially serious security problem. In particular, people who use ssh-agent regularly, and expect to receive confirmation before use of their keys are at risk. Since the default debian desktop installs gnome, and gnome installs gnome-keyring, those users are at a serious risk of having their keys available for non-confirmed use. if gnome-keyring is unable to honor a constraint requested by a user, it should *not* import the key in the first place and fail hard, as opposed to importing it and ignoring the requested constraint.
forwarded 493874 https://bugzilla.mindrot.org/show_bug.cgi?id=1612 thanks So i looked into this further. And while gnome-keyring has dubious behavior, it actually correctly reports when it does not support constraints. See the discussion with gnome folks here: https://bugzilla.gnome.org/show_bug.cgi?id=525574 The most serious bug is in ssh-add, which sees the failure to add-key with constraints, and then goes ahead and tries to re-submit the key *without* constraints. I've reported this to openssh upstream, along with a patch: https://bugzilla.mindrot.org/show_bug.cgi?id=1612 they seem to be indicating (via bugzilla bug blocking/dependency trees) that the patch will be incorporated into OpenSSH by version 5.4.
My best guess is that with gnome-keyring and ssh-agent both having no DISPLAY= variable set, it's unable to ask for confirmation. I'll file a separate bug, but this one can be closed?