Page MenuHome GnuPG
Feed Advanced Search

Sep 2 2020

bvieira added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I'm actually trying to do the following:

Sep 2 2020, 2:10 PM · Not A Bug, workaround, gnupg24, Windows, ssh
avemilia added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

In the meantime you can use [0]. I have tested with ssh key on yubikey and AuthenticationMethods publickey, win32-ssh (or ssh-portable, which is the new repository name) correctly works with gpg and pinentry is called. Despite it being called wsl, wsl environment is not required.

Sep 2 2020, 1:59 PM · Not A Bug, workaround, gnupg24, Windows, ssh
gniibe claimed T5041: gpg-agent/scdaemon/gnuk unable to sign ssh certificate (Couldn't certify key … via agent: agent refused operation).
Sep 2 2020, 5:42 AM · Restricted Project, ssh, Bug Report
gniibe added a comment to T5041: gpg-agent/scdaemon/gnuk unable to sign ssh certificate (Couldn't certify key … via agent: agent refused operation).

I just confirmed that Gnuk has a limitation for the input length is less than or equals to 256.
So, this is the issue of Gnuk, not GnuPG (or at least, Gnuk has the problem).

Sep 2 2020, 5:40 AM · Restricted Project, ssh, Bug Report
gniibe added a comment to T5041: gpg-agent/scdaemon/gnuk unable to sign ssh certificate (Couldn't certify key … via agent: agent refused operation).

Please show us concrete example of debug output by scdaemon, when you run ssh-keygen.
You can have a setup in .gnupg/scdaemon.conf like:

Sep 2 2020, 5:11 AM · Restricted Project, ssh, Bug Report

Sep 1 2020

ccx updated the task description for T5041: gpg-agent/scdaemon/gnuk unable to sign ssh certificate (Couldn't certify key … via agent: agent refused operation).
Sep 1 2020, 4:24 PM · Restricted Project, ssh, Bug Report
ccx added a comment to T5041: gpg-agent/scdaemon/gnuk unable to sign ssh certificate (Couldn't certify key … via agent: agent refused operation).

I've meant scdaemon rather than OpenSC. I'll correct the descritpion.

Sep 1 2020, 4:23 PM · Restricted Project, ssh, Bug Report
werner added a project to T5041: gpg-agent/scdaemon/gnuk unable to sign ssh certificate (Couldn't certify key … via agent: agent refused operation): ssh.

gpg-agent has only very limited support for ssh certificates which is the reason that your command fails.

Sep 1 2020, 2:47 PM · Restricted Project, ssh, Bug Report

Jul 20 2020

bvieira added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Any news on this?

Jul 20 2020, 12:48 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Jul 14 2020

werner closed T4979: enable-ssh-support in windows is broken. as Invalid.
Jul 14 2020, 10:32 AM · ssh, Duplicate, Bug Report

Dec 12 2019

werner added a project to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent: gnupg (gpg23).
Dec 12 2019, 1:08 PM · Not A Bug, workaround, gnupg24, Windows, ssh
werner claimed T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.
Dec 12 2019, 1:07 PM · Not A Bug, workaround, gnupg24, Windows, ssh
werner added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Although I don't use the ssh client on Windows I had to integrate the Windows ssh server into our release process (GlobalSign sent us a Windows-only token, for the new cert and so we can't anymore use osslsigncode). The ssh server is really stable and so it makes a lot of sense to better integrate our ssh-agent into Windows.

Dec 12 2019, 1:07 PM · Not A Bug, workaround, gnupg24, Windows, ssh

Oct 14 2019

npreining added a comment to T2760: Populate comment field when exporting authentication key for SSH.

@werner Yes, that sounds great, and would help already a lot, but extending it for card keys would be optimal. Thanks for your work.

Oct 14 2019, 12:58 PM · gnupg24, ssh, Feature Request
werner edited projects for T2760: Populate comment field when exporting authentication key for SSH, added: gnupg (gpg23), ssh; removed gnupg.

In master (to be 2.3) you can add a Label: line into the sub key file of on-disk keys. I use this for quite some time now to show me alabel for my on-disk ssh keys so that I known which one was requested. We can and should extend this to card keys.

Oct 14 2019, 9:28 AM · gnupg24, ssh, Feature Request

May 21 2019

werner closed T4502: keys added via gpg-agent's ssh-agent interface are stored in private-keys-v1.d/ with a trailing null byte as Resolved.

Also fixed for 2.2

May 21 2019, 9:16 AM · gpgagent, ssh
gniibe claimed T4502: keys added via gpg-agent's ssh-agent interface are stored in private-keys-v1.d/ with a trailing null byte.

I located the bug in agent/command-ssh.c.
Our practice is two calls of gcry_sexp_sprint; One to determine the length including last NUL byte, and another to actually fills the buffer.
The first call return +1 for NUL byte.
The second call fills NUL at the end, but returns +0 length (length sans last NUL).

May 21 2019, 8:48 AM · gpgagent, ssh

May 15 2019

werner closed T4490: --export-secret-keys fails with unusually-created secret key as Resolved.

Applied to master and 2.2. Thanks.

May 15 2019, 9:04 AM · ssh, gnupg (gpg22)

May 14 2019

werner raised the priority of T4490: --export-secret-keys fails with unusually-created secret key from Normal to High.
May 14 2019, 4:39 PM · ssh, gnupg (gpg22)
dkg added a comment to T4490: --export-secret-keys fails with unusually-created secret key.

I think this patch should be backported to STABLE-BRANCH-2-2

May 14 2019, 6:35 AM · ssh, gnupg (gpg22)
dkg added a comment to T4490: --export-secret-keys fails with unusually-created secret key.

I've just pushed 29adca88f5f6425f5311c27bb839718a4956ec3a to the dkg/fix-T4490 branch, which i believe fixes this issue.

May 14 2019, 3:43 AM · ssh, gnupg (gpg22)
dkg added a comment to T4490: --export-secret-keys fails with unusually-created secret key.

And, i just discovered that when i manually edit the key to remove the (comment) list from the *.key S-expression file, the final --export-secret-key works fine. so the failure appears to be due to the presence of the (comment) clause. (same as in T4501)

May 14 2019, 1:48 AM · ssh, gnupg (gpg22)

May 12 2019

werner triaged T4502: keys added via gpg-agent's ssh-agent interface are stored in private-keys-v1.d/ with a trailing null byte as Normal priority.

I often put an extra nul byte at the end of binary data so that accidental printing the data (e.g. in gdb) assures that there is a string terminator. But right, it should not go out to a file.

May 12 2019, 8:16 PM · gpgagent, ssh
dkg created T4502: keys added via gpg-agent's ssh-agent interface are stored in private-keys-v1.d/ with a trailing null byte.
May 12 2019, 12:37 AM · gpgagent, ssh

May 10 2019

dkg added a comment to T4490: --export-secret-keys fails with unusually-created secret key.

I was trying to use the above technique to be able to generate an OpenPGP transferable secret key in an ephemeral homedir. Ephemeral directories are recommended in the GnuPG info page's "unattended usage" section, but they do not work here.

May 10 2019, 10:45 PM · ssh, gnupg (gpg22)
werner triaged T4490: --export-secret-keys fails with unusually-created secret key as Normal priority.
May 10 2019, 10:20 AM · ssh, gnupg (gpg22)

Mar 5 2019

werner closed T4387: Export ssh key fails (brainpoolP256r1) as Resolved.

ssh does nut support brainpool curves and thus GnuPG does not know how to map its internal name of the curve to the name as specified by ssh. GnuPG supports these curves:

Mar 5 2019, 8:23 AM · ssh, Not A Bug

Dec 13 2018

gniibe closed T3880: gpg-agent's ssh-agent does not handle flags in signing requests properly as Resolved.
Dec 13 2018, 3:42 PM · ssh, gpgagent, Bug Report

Nov 16 2018

anarcat created T4261: create matching --import-ssh-key in the S1 Public space.
Nov 16 2018, 6:38 PM · ssh
werner triaged T4260: export all valid authentication subkeys in --export-ssh-key as Low priority.
Nov 16 2018, 9:11 AM · ssh, Feature Request

Oct 29 2018

werner triaged T4167: Pinentry prompt is confusing with regards to multiple smartcards when gpg-agent is used as ssh-agent as Normal priority.
Oct 29 2018, 9:46 AM · Feature Request, ssh, gpgagent
werner added a comment to T4167: Pinentry prompt is confusing with regards to multiple smartcards when gpg-agent is used as ssh-agent.

We had this idea to have a label: or similar item in the extended-key-format which is displayed in addition to the other info. The user can then use an editor to put whatever she likes into this field.

Oct 29 2018, 9:46 AM · Feature Request, ssh, gpgagent

Oct 19 2018

gniibe added a comment to T4167: Pinentry prompt is confusing with regards to multiple smartcards when gpg-agent is used as ssh-agent.

there should be clearer labelling of smartcards so that users can tell them apart more easily

Oct 19 2018, 6:17 AM · Feature Request, ssh, gpgagent

Oct 5 2018

werner added projects to T4167: Pinentry prompt is confusing with regards to multiple smartcards when gpg-agent is used as ssh-agent: gpgagent, ssh.
Oct 5 2018, 9:44 AM · Feature Request, ssh, gpgagent

May 16 2018

ccharabaruk added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

@werner I was hoping to make a modified gpg-agent build that would let me walk through what's going on after the nonce is sent but it looks like the gpg4win process only takes in a package of pre-built gpg binaries which rules that out. As far as I can figure out, after the nonce is read and accepted, libassuan creates a stream object out of the socket and then finding nothing in the stream terminates the ssh handler. We send the actual client request immediately after the nonce but in a separate call to send() so I now wonder if by not having anything read in at the same time as the nonce gpg-agent or libassuan thinks that it's a 0-length stream.

May 16 2018, 6:54 PM · Not A Bug, workaround, gnupg24, Windows, ssh

Apr 21 2018

ccharabaruk added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I just took a look through assuan-socket.c and it appears that we just need to send the nonce and don't need to read anything back. We also found a bug on our side that was preventing the nonce from being sent, which has been fixed. The error message logged above no longer happens.

Apr 21 2018, 9:16 PM · Not A Bug, workaround, gnupg24, Windows, ssh
werner added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

The nonce is a string of octets thus it needs to be passed verbatim. I would need to study the code in libassun/src/assuan-socket.c to tell more.

Apr 21 2018, 12:11 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Apr 20 2018

ccharabaruk added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

@werner After sending the nonce value from the socket file, does anything need to be read back before ssh-agent commands can be sent? Are there any byte ordering requirements for sending the nonce or can they be sent in the same order as they are in the file?

Apr 20 2018, 5:41 PM · Not A Bug, workaround, gnupg24, Windows, ssh

Apr 14 2018

ccharabaruk added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I've been working with one of Microsoft's developers on a temporary tool that should bridge the connection between named pipes and the Unix sockets emulation used by gpg-agent but things appear to trip up with sending the nonce. From the position of the tool, the nonce value is successfully sent (send returns 16), but never seems to be picked up by gpg-agent. Instead both gpg-agent and the bridge sit there until whatever tool is using them (I test using ssh-add -l) is terminated, at which point gpg-agent immediately spits up the message

Apr 14 2018, 4:37 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Apr 11 2018

gniibe triaged T3880: gpg-agent's ssh-agent does not handle flags in signing requests properly as Normal priority.
Apr 11 2018, 10:01 AM · ssh, gpgagent, Bug Report

Apr 10 2018

werner added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Rhat's for the client, right. I never used it. We used to run a Windows 8 instance in a VM to run tests via ssh on it. That worked most not really stable. For obvious reasons I am more interested in the server part ;-)

Apr 10 2018, 8:15 AM · Not A Bug, workaround, gnupg24, Windows, ssh
werner changed the status of T3880: gpg-agent's ssh-agent does not handle flags in signing requests properly from Open to Testing.

Thanks. I took these patches and simplified them. Not test tested, though,.

Apr 10 2018, 8:08 AM · ssh, gpgagent, Bug Report
ccharabaruk added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I would argue that the Windows port of OpenSSH is not unstable at this point, especially given that Microsoft is even providing it as an installable feature in the next regular Windows 10 release. The fact that the port is now using actual OpenSSH version numbers instead of their own 0.x versions lends credence to this as well.

Apr 10 2018, 2:19 AM · Not A Bug, workaround, gnupg24, Windows, ssh
dkg reopened T3880: gpg-agent's ssh-agent does not handle flags in signing requests properly as "Open".

Thanks for the fix! however, the fix only addresses the two flags we currently know about. I've pushed a branch T3880-fix that tries to implement the If the agent does not support the requested flags […] It must reply with a SSH_AGENT_FAILURE message part of the spec.

Apr 10 2018, 12:14 AM · ssh, gpgagent, Bug Report

Apr 9 2018

werner closed T3880: gpg-agent's ssh-agent does not handle flags in signing requests properly as Resolved.

It is in 2.2.6

Apr 9 2018, 10:46 PM · ssh, gpgagent, Bug Report
werner triaged T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent as Normal priority.

Thanks for the pointer. But as long as the Windows ssh server is that instable I see no urgent need to add this to GnuPG.

Apr 9 2018, 10:25 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Apr 7 2018

ccharabaruk created T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.
Apr 7 2018, 12:59 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Apr 6 2018

gniibe changed the status of T3880: gpg-agent's ssh-agent does not handle flags in signing requests properly from Open to Testing.
Apr 6 2018, 8:51 AM · ssh, gpgagent, Bug Report

Apr 5 2018

dkg created T3880: gpg-agent's ssh-agent does not handle flags in signing requests properly.
Apr 5 2018, 5:43 PM · ssh, gpgagent, Bug Report

Jun 26 2017

justus closed T2856: Can't ssh-add a key w/o a passphrase as Resolved.

Fixed in 273964798592cd479c111f47e8ce46d5b1999d6a.

Jun 26 2017, 2:57 PM · Debian, Bug Report, gnupg, ssh

Jun 23 2017

werner raised the priority of T2856: Can't ssh-add a key w/o a passphrase from Normal to High.

Well, can you then please fix it?

Jun 23 2017, 5:14 PM · Debian, Bug Report, gnupg, ssh

May 24 2017

justus closed T2106: Support SHA-256 fingerprints for ssh as Resolved.

Fixed as of 525f2c482abb6bc2002eb878b03558fb43e6b004.

May 24 2017, 6:13 PM · gnupg (gpg22), gnupg, ssh, Feature Request
justus moved T2106: Support SHA-256 fingerprints for ssh from Backlog to Wishlist on the gnupg (gpg22) board.
May 24 2017, 1:17 PM · gnupg (gpg22), gnupg, ssh, Feature Request

May 17 2017

srgblnchtrn added a watcher for ssh: srgblnchtrn.
May 17 2017, 9:20 AM

Apr 7 2017

gniibe added a comment to T3027: gpg-agent crash on macOS Sierra triggerd by ssh.

Applied as ebe12be034f0.

Apr 7 2017, 2:15 AM · Bug Report, gpgagent, gnupg

Apr 6 2017

gniibe added a comment to T3027: gpg-agent crash on macOS Sierra triggerd by ssh.

While I can't reproduce this problem myself, I think I found an issue of gpg-agent passphrase caching.
Double free may happen when multiple threads enter agent_put_cache, for example.

Apr 6 2017, 4:38 AM · Bug Report, gpgagent, gnupg

Apr 4 2017

gniibe added a project to T3027: gpg-agent crash on macOS Sierra triggerd by ssh: In Progress.
Apr 4 2017, 2:56 AM · Bug Report, gpgagent, gnupg
gniibe reopened T3027: gpg-agent crash on macOS Sierra triggerd by ssh as "Open".
Apr 4 2017, 2:54 AM · Bug Report, gpgagent, gnupg
gniibe closed T3027: gpg-agent crash on macOS Sierra triggerd by ssh as Resolved.

In 2.1.19, gpg-agent uses getpeerucred for macOS. I changed it (since it seemed not working). In 2.1.20, gpg-agent now uses getsockopt with LOCAL_PEERPID.
It seems for me that the crash occurs by ucred_free. If this is the case, 2.1.20 fixes this issue.

Apr 4 2017, 2:54 AM · Bug Report, gpgagent, gnupg

Mar 30 2017

marcus moved T3027: gpg-agent crash on macOS Sierra triggerd by ssh from In Progress to Backlog on the gnupg board.
Mar 30 2017, 7:36 PM · Bug Report, gpgagent, gnupg
marcus moved T3027: gpg-agent crash on macOS Sierra triggerd by ssh from Backlog to In Progress on the gnupg board.
Mar 30 2017, 7:35 PM · Bug Report, gpgagent, gnupg
admin created ssh.
Mar 30 2017, 6:42 PM
landro added projects to T3027: gpg-agent crash on macOS Sierra triggerd by ssh: MacOS, ssh, gnupg, gnupg (gpg21), gpgagent, Bug Report.
Mar 30 2017, 3:22 PM · Bug Report, gpgagent, gnupg
landro set Version to 2.1.19 on T3027: gpg-agent crash on macOS Sierra triggerd by ssh.
Mar 30 2017, 3:22 PM · Bug Report, gpgagent, gnupg

Feb 8 2017

justus added a comment to T2856: Can't ssh-add a key w/o a passphrase.

I can reproduce this. Our test indeed feeds a passphrase to the agent.

Feb 8 2017, 10:16 AM · Debian, Bug Report, gnupg, ssh

Feb 5 2017

dkg changed External Link from 846175@bugs.debian.org to https://bugs.debian.org/846175 on T2856: Can't ssh-add a key w/o a passphrase.
Feb 5 2017, 9:18 AM · Debian, Bug Report, gnupg, ssh
dkg added a comment to T2856: Can't ssh-add a key w/o a passphrase.

Any thoughts or progress on this?

Feb 5 2017, 9:18 AM · Debian, Bug Report, gnupg, ssh

Jan 26 2017

justus claimed T2856: Can't ssh-add a key w/o a passphrase.
Jan 26 2017, 5:24 PM · Debian, Bug Report, gnupg, ssh

Jan 6 2017

werner added a project to T2106: Support SHA-256 fingerprints for ssh: gnupg (gpg22).
Jan 6 2017, 5:47 PM · gnupg (gpg22), gnupg, ssh, Feature Request
werner added a comment to T2106: Support SHA-256 fingerprints for ssh.

Adding %f does not help much because it is only used internally. I would be in
favor of adding an ssh-key-mode option so that the user can select the hash algo
and the output format.

Jan 6 2017, 5:47 PM · gnupg (gpg22), gnupg, ssh, Feature Request

Nov 29 2016

werner set External Link to 846175@bugs.debian.org on T2856: Can't ssh-add a key w/o a passphrase.
Nov 29 2016, 10:40 AM · Debian, Bug Report, gnupg, ssh
werner set Version to 2.1.16 on T2856: Can't ssh-add a key w/o a passphrase.
Nov 29 2016, 10:40 AM · Debian, Bug Report, gnupg, ssh
werner added projects to T2856: Can't ssh-add a key w/o a passphrase: ssh, gnupg, Bug Report, Debian.
Nov 29 2016, 10:40 AM · Debian, Bug Report, gnupg, ssh

Oct 13 2016

justus added a comment to T2316: ssh-add ignores keys already in private-keys-v1.d but not in sshcontrol.

John is using 2.1.14, but this bug was fixed in 2.1.15.

Oct 13 2016, 1:26 PM · gnupg, Not A Bug, Bug Report, ssh, gpgagent, gnupg (gpg21)
justus closed T2316: ssh-add ignores keys already in private-keys-v1.d but not in sshcontrol as Resolved.
Oct 13 2016, 1:26 PM · gnupg, Not A Bug, Bug Report, ssh, gpgagent, gnupg (gpg21)

Oct 12 2016

dkg reopened T2316: ssh-add ignores keys already in private-keys-v1.d but not in sshcontrol as "Open".
Oct 12 2016, 11:51 PM · gnupg, Not A Bug, Bug Report, ssh, gpgagent, gnupg (gpg21)
dkg added a comment to T2316: ssh-add ignores keys already in private-keys-v1.d but not in sshcontrol.

This is apparently just re-reported on gnupg-users:

https://lists.gnupg.org/pipermail/gnupg-users/2016-October/056892.html

So i don't think it's fixed.

And fwiw, it seems like a clear bug to me if i use "ssh-add" and then it is not
added to the agent.

From the ssh-add's client's perspective, some keys are magically never added,
but others are. This kind of mystery behavior is confusing and frustrating. If
gpg-agent is going to handle the ssh-agent protocol, it should aim toward behave
as the user of the ssh-agent protocol expects, regardless of whether the user
knows that they're using gpg-agent or some other implementation.

Oct 12 2016, 11:51 PM · gnupg, Not A Bug, Bug Report, ssh, gpgagent, gnupg (gpg21)

Jul 19 2016

justus added a comment to T2316: ssh-add ignores keys already in private-keys-v1.d but not in sshcontrol.

I do consider it a bug, at least because we did not signal an error to ssh-add.
Fortunately, this was easy to fix.

Fixed in 270f7f7b.

Jul 19 2016, 4:54 PM · gnupg, Not A Bug, Bug Report, ssh, gpgagent, gnupg (gpg21)
justus closed T2316: ssh-add ignores keys already in private-keys-v1.d but not in sshcontrol as Resolved.
Jul 19 2016, 4:54 PM · gnupg, Not A Bug, Bug Report, ssh, gpgagent, gnupg (gpg21)

Apr 15 2016

werner added a project to T2316: ssh-add ignores keys already in private-keys-v1.d but not in sshcontrol: gnupg.
Apr 15 2016, 8:31 AM · gnupg, Not A Bug, Bug Report, ssh, gpgagent, gnupg (gpg21)

Apr 14 2016

werner added a project to T2316: ssh-add ignores keys already in private-keys-v1.d but not in sshcontrol: Not A Bug.
Apr 14 2016, 3:48 PM · gnupg, Not A Bug, Bug Report, ssh, gpgagent, gnupg (gpg21)
werner added a comment to T2316: ssh-add ignores keys already in private-keys-v1.d but not in sshcontrol.

I would not consider this a bug. sshcontrol is used to enable certain keys for
use with ssh. Updating keys is useless if they are already available.

If you remove the keys from sshcontrol you disable them. I would suggest to put
a '!' in front of the keygrip instead of deleting the line in sshcontrol. This
allows to re-enable a key w/o problems.

Apr 14 2016, 3:48 PM · gnupg, Not A Bug, Bug Report, ssh, gpgagent, gnupg (gpg21)

Apr 13 2016

DamienCassou added a comment to T2316: ssh-add ignores keys already in private-keys-v1.d but not in sshcontrol.

The solution is to remove the key in private-keys-v1.d before running ssh-add.

http://superuser.com/a/1064269/216912

Apr 13 2016, 10:49 AM · gnupg, Not A Bug, Bug Report, ssh, gpgagent, gnupg (gpg21)
DamienCassou set Version to 2.1.11 on T2316: ssh-add ignores keys already in private-keys-v1.d but not in sshcontrol.
Apr 13 2016, 10:48 AM · gnupg, Not A Bug, Bug Report, ssh, gpgagent, gnupg (gpg21)
DamienCassou added projects to T2316: ssh-add ignores keys already in private-keys-v1.d but not in sshcontrol: gnupg (gpg21), gpgagent, ssh, Bug Report.
Apr 13 2016, 10:48 AM · gnupg, Not A Bug, Bug Report, ssh, gpgagent, gnupg (gpg21)

Jan 21 2016

werner closed T2212: Wish for a gpgkey2ssh replacement as Resolved.
Jan 21 2016, 8:43 AM · ssh, gnupg, gnupg (gpg21), Feature Request
werner removed a project from T2212: Wish for a gpgkey2ssh replacement: Restricted Project.
Jan 21 2016, 8:43 AM · ssh, gnupg, gnupg (gpg21), Feature Request

Jan 20 2016

aheinecke added a comment to T2212: Wish for a gpgkey2ssh replacement.

Thanks, now this works as expected for me :-)

Jan 20 2016, 4:10 PM · ssh, gnupg, gnupg (gpg21), Feature Request

Jan 11 2016

werner added a comment to T2212: Wish for a gpgkey2ssh replacement.

Right, getkey_next had a somewhat surprising semantic. I fixed that with commit
b280aa6.

It also works with ECDSA keys.

Jan 11 2016, 11:49 AM · ssh, gnupg, gnupg (gpg21), Feature Request
werner removed a project from T2212: Wish for a gpgkey2ssh replacement: In Progress.
Jan 11 2016, 11:49 AM · ssh, gnupg, gnupg (gpg21), Feature Request
werner added a project to T2212: Wish for a gpgkey2ssh replacement: Restricted Project.
Jan 11 2016, 11:49 AM · ssh, gnupg, gnupg (gpg21), Feature Request

Jan 8 2016

aheinecke added a comment to T2212: Wish for a gpgkey2ssh replacement.

Current master b2da3951 segfaults on me.
Btw. I think this is likely because i have a local ID without an Authentication
subkey for aheinecke@gnupg.org

(gdb) run --export-ssh-key aheinecke@gnupg.org
Starting program: /opt/gnupg/bin/gpg2 --export-ssh-key aheinecke@gnupg.org
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: enabled debug flags: memstat

Program received signal SIGSEGV, Segmentation fault.
lookup (ctx=ctx@entry=0x6dd940, ret_keyblock=ret_keyblock@entry=0x0,
ret_found_key=ret_found_key@entry=0x7fffffffd998,

want_secret=<optimized out>) at ../../g10/getkey.c:3116

3116 *ret_keyblock = keyblock; /* Return the keyblock. */
(gdb) bt full
#0 lookup (ctx=ctx@entry=0x6dd940, ret_keyblock=ret_keyblock@entry=0x0,
ret_found_key=ret_found_key@entry=0x7fffffffd998,

want_secret=<optimized out>) at ../../g10/getkey.c:3116
    rc = 0
    no_suitable_key = 0
    keyblock = 0x0
    found_key = 0x701980

#1 0x0000000000415bb6 in getkey_next (ctx=0x6dd940, pk=0x0, ret_keyblock=0x0)
at ../../g10/getkey.c:1636

rc = <optimized out>
found_key = 0x0

#2 0x000000000045713a in export_ssh_key (ctrl=0x6dd810, userid=0x7fffffffe420
"aheinecke@gnupg.org") at ../../g10/export.c:1437

getkeyctx = 0x6dd940
keyblock = 0x6fd160
desc = {mode = KEYDB_SEARCH_MODE_SUBSTR, skipfnc = 0x0, skipfncvalue =

0x0, sn = 0x0, snlen = 0, u = {

name = 0x7fffffffe420 "aheinecke@gnupg.org", fpr = "

\344\377\377\377\177", '\000' <repeats 17 times>, kid = {

4294960160, 32767}, grip = " \344\377\377\377\177", '\000'

<repeats 13 times>}, exact = 0}

curtime = 1452288169
pk = 0x0
identifier = 0x6ddb80 ""
mb = {len = 0, size = 4096, buf = 0x6e5d70 "", out_of_core = 0}
fp = 0x6dd810
b64_state = {flags = 7199040, idx = 0, quad_count = -153676256, fp =

0x10, stream = 0x6dd800, title = 0x6ddb80 "",

radbuf = "\000\000\000", crc = 0, stop_seen = -1, invalid_encoding =

0, lasterr = 0}

fname = 0x7fffffffe420 "aheinecke@gnupg.org"

#3 0x000000000040dc00 in main (argc=1, argv=0x7fffffffdfe8) at ../../g10/gpg.c:4193

pargs = {argc = 0x7fffffffdb9c, argv = 0x7fffffffdb90, flags = 32769,

err = 0, r_opt = 0, r_type = 0, r = {ret_int = 0,

ret_long = 0, ret_ulong = 0, ret_str = 0x0}, internal = {idx = 2,

inarg = 0, stopped = 1,

last = 0x7fffffffe420 "aheinecke@gnupg.org", aliases = 0x0,

cur_alias = 0x0, iio_list = 0x0}}

a = 0x6dd800
orig_argc = 0
orig_argv = 0x6ddb80
fname = 0x7fffffffe420 "aheinecke@gnupg.org"
sl = 0x0
remusr = 0x6ddb40
locusr = 0x0
nrings = 0x0
afx = 0x7fffffffe420
configfp = 0x7fffffffe420
configlineno = 27
parse_debug = 7198720
cmd = aExportSshKey
malloc_hooks = {malloc = 0x405ee0 <gcry_malloc@plt>, realloc = 0x406d40

<gcry_realloc@plt>, free = 0x406290 <gcry_free@plt>}

ctrl = 0x6dd810
Jan 8 2016, 10:27 PM · ssh, gnupg, gnupg (gpg21), Feature Request
werner added a project to T2212: Wish for a gpgkey2ssh replacement: In Progress.
Jan 8 2016, 5:29 PM · ssh, gnupg, gnupg (gpg21), Feature Request
werner added a comment to T2212: Wish for a gpgkey2ssh replacement.

Done with commit 4970868 to be released with 2.1.11.
This uses a new command and not an export option so that export options can be
kept in the conf file.

ECDSA keys (NIST keys) do not yet work.

Jan 8 2016, 5:29 PM · ssh, gnupg, gnupg (gpg21), Feature Request
werner claimed T2212: Wish for a gpgkey2ssh replacement.
Jan 8 2016, 2:05 PM · ssh, gnupg, gnupg (gpg21), Feature Request

Jan 7 2016

werner added a comment to T2212: Wish for a gpgkey2ssh replacement.

Right, this is what I actually had in mind. Using the "<keyid>!" notaion it
would also be possible to export any primary of subkey in ssh format.

Jan 7 2016, 3:43 PM · ssh, gnupg, gnupg (gpg21), Feature Request
werner raised the priority of T2212: Wish for a gpgkey2ssh replacement from Wishlist to Normal.
Jan 7 2016, 3:43 PM · ssh, gnupg, gnupg (gpg21), Feature Request
aheinecke added projects to T2212: Wish for a gpgkey2ssh replacement: Feature Request, gnupg (gpg21), gnupg, ssh.
Jan 7 2016, 2:42 PM · ssh, gnupg, gnupg (gpg21), Feature Request
aheinecke updated subscribers of T2212: Wish for a gpgkey2ssh replacement.
Jan 7 2016, 2:42 PM · ssh, gnupg, gnupg (gpg21), Feature Request

Dec 18 2015

werner added a comment to T2106: Support SHA-256 fingerprints for ssh.

That fingerprint looks more like gibberish than something which should be
compared by the user. In that regard a SHA-1 fingerprint looks much more
serious and IMHO will be more secure than a base-64 fingerprint where you have
to explain that the users also need to match the case - if they are at all able
to compare that fingerprint.

We should take this to the mailing list.

Dec 18 2015, 5:20 PM · gnupg (gpg22), gnupg, ssh, Feature Request