Page MenuHome GnuPG
Create Task
Maniphest T7799

gpg-agent crashes when using putty for ssh connection
Closed, ResolvedPublic
Actions

Description

recent versions of gpg-agent from Gpg4Win 5 beta (at least since beta345, windows 10) are unable to establish ssh connections with putty. when trying to open an ssh connection, the taskmanager shows that for a brief moment a smartcard daemon is started, but soon after both the smartcard daemon as well as the running gpg-agent are killed. after this failure of public key auth, the remote ssh server switches to another available auth method (e.g., prompt for a password).

using windows' built-in OpenSSH is not affected.

Details

External Link
https://forum.gnupg.org/t/gpg4win-5-0-beta-gpg-agent-seems-crashing-when-pagent-connects/6711/1

Revisions and Commits

rG GnuPG
rG106d73de8685 agent:w32: Fix non-release of MAPSID.

Related Objects

Event Timeline

m.eik created this task.Thu, Aug 28, 10:57 AM
m.eik changed the edit policy from "All Users" to "Contributor (Project)".Thu, Aug 28, 11:06 AM
m.eik added a project: gpd5x.
gniibe claimed this task.Tue, Sep 2, 2:22 AM
gniibe added a comment.EditedTue, Sep 2, 6:53 AM

@m.eik Could you please enable debug option for gpg-agent and get the log output for the crash?

Reading the putty_message_proc function, I found a possible bug with GetSecurityInfo.
https://learn.microsoft.com/en-us/windows/win32/api/aclapi/nf-aclapi-getsecurityinfo

This is fixed in: rG106d73de8685: agent:w32: Fix non-release of MAPSID.
It is a long standing bug.

Please test (I don't have Windows environment, only Wine emulation).

gniibe added a commit: rG106d73de8685: agent:w32: Fix non-release of MAPSID..Tue, Sep 2, 7:04 AM
werner triaged this task as Normal priority.Tue, Sep 2, 9:12 AM
werner added a subscriber: werner.

We will do a new gpg4win beta soon.

werner changed the task status from Open to Testing.Tue, Sep 2, 9:12 AM
werner mentioned this in T7756: Release GnuPG 2.5.12.Tue, Sep 2, 2:55 PM
ebo moved this task from Backlog to WIP on the gpd5x board.Wed, Sep 3, 4:35 PM
m.eik added a comment.Thu, Sep 4, 10:14 AM

i've included logfiles for gpg-agent and scdaemon with debug-level 10. the files include

  1. starting gpg-agent
  2. ssh login using OpenSSH (success)
  3. ssh login using PuTTY (crash)

gpg-agent.log9 KBDownload

scdaemon.log83 KBDownload

m.eik closed this task as Resolved.Thu, Sep 4, 2:18 PM
werner mentioned this in rWe89747757013: Add two patches which may fix T7799.Thu, Sep 4, 3:23 PM
m.eik added a comment.Fri, Sep 12, 10:37 AM

fix tested and confirmed with GnuPG 2.5.12 on windows 10

gpg-agent.conf:

enable-ssh-support
enable-putty-support
enable-extended-key-format
enable-win32-openssh-support
  • gpgconf --launch gpg-agent
  • in PuTTY, opened SSH connection to a host with publickey auth where the private key was on a yubikey
  • expected and observed behaviour: successful login without crash of gpg-agent
m.eik moved this task from WIP to Done on the gpd5x board.Fri, Sep 12, 10:50 AM
gniibe mentioned this in Unknown Object (Maniphest Task).Mon, Sep 15, 7:10 AM
werner mentioned this in rWbfdd98cb2118: Add two gpgme patches which may fix T7799.Wed, Sep 17, 2:21 PM