gpg-agent fails to sign request
Testing, NormalPublic


I have this error now for some time in my gentoo gnupg builds or from origin/master. The log reads

ssh sign request failed: Unknown option <GPG Agent>

so I hunted the code down to the ssh_handler_sign_request function that removes all known flags.
The error comes from flags != 0, so I started patching the code, by a measurement of what flags is in the end.

if (flags & 0x10000) {
  log_error ("strange flags in: 0x%x/%d\n", flags, flags);
  /* drop the strange flag */
  flags &= ~0x10000;

by such strange flags debug line I detected that the ssh client sets this 0x10000 flag, that is unknown to gpg-agent, so I added this little block above that filters this unknown flag.


gpg (GnuPG) 2.2.15
ikrabbe created this task.Jun 7 2019, 2:05 PM
ikrabbe changed the task status from Open to Testing.Jun 7 2019, 2:09 PM

Please check if this patch works for you and please check where this flag actually comes from and what it does say!

ikrabbe triaged this task as High priority.Jun 7 2019, 2:12 PM

This is a high prio error, I guess, because it breaks a very useable part of gnupg, that is really hard to maintain. If it is not stable to sign keys with the gpg-agent, it is very hard to use that. Many might switch back to the ssh-agent.

werner lowered the priority of this task from High to Normal.Jun 7 2019, 6:32 PM
gniibe added a subscriber: gniibe.

Which SSH client are you using?