Page MenuHome GnuPG
Create Task
Maniphest T3880

gpg-agent's ssh-agent does not handle flags in signing requests properly
Closed, ResolvedPublic
Actions

Description

https://tools.ietf.org/html/draft-miller-ssh-agent-02#section-4.5 says:

If the agent does not support the requested flags, or is otherwise
unable or unwilling to generate the signature (e.g. because it
doesn't have the specified key, or the user refused confirmation of a
constrained key), it must reply with a SSH_AGENT_FAILURE message.

but ssh_handler_sign_request in agent/command-ssh.c shows that flags is read and then ignored.

This means that with OpenSSH 7.7, we see the following warning when using gpg-agent as ssh-agent:

warning: agent returned different signature type ssh-rsa (expected rsa-sha2-512)

Details

Version
2.2.5

Revisions and Commits

rG GnuPG
rG381c46818ffa agent: unknown flags on ssh signing requests cause an error.
rG80b775bdbb85 agent: Support SSH signature flags.

Event Timeline

dkg created this task.Apr 5 2018, 5:43 PM
gniibe added a commit: rG80b775bdbb85: agent: Support SSH signature flags..Apr 6 2018, 8:08 AM
gniibe changed the task status from Open to Testing.Apr 6 2018, 8:51 AM
gniibe claimed this task.
glow added a subscriber: glow.Apr 6 2018, 9:49 AM
werner closed this task as Resolved.Apr 9 2018, 10:46 PM
werner added a subscriber: werner.

It is in 2.2.6

dkg reopened this task as Open.Apr 10 2018, 12:14 AM

Thanks for the fix! however, the fix only addresses the two flags we currently know about. I've pushed a branch T3880-fix that tries to implement the If the agent does not support the requested flags […] It must reply with a SSH_AGENT_FAILURE message part of the spec.

dkg added a commit: rG381c46818ffa: agent: unknown flags on ssh signing requests cause an error..Apr 10 2018, 8:07 AM
werner changed the task status from Open to Testing.Apr 10 2018, 8:08 AM

Thanks. I took these patches and simplified them. Not test tested, though,.

gniibe triaged this task as Normal priority.Apr 11 2018, 10:01 AM
gniibe closed this task as Resolved.Dec 13 2018, 3:42 PM