sshProject
ActivePublic

Members

  • This project does not have any members.

Recent Activity

Oct 14 2019

npreining added a comment to T2760: Populate comment field when exporting authentication key for SSH.

@werner Yes, that sounds great, and would help already a lot, but extending it for card keys would be optimal. Thanks for your work.

Oct 14 2019, 12:58 PM · ssh, gnupg (gpg23), Feature Request
werner edited projects for T2760: Populate comment field when exporting authentication key for SSH, added: gnupg (gpg23), ssh; removed gnupg.

In master (to be 2.3) you can add a Label: line into the sub key file of on-disk keys. I use this for quite some time now to show me alabel for my on-disk ssh keys so that I known which one was requested. We can and should extend this to card keys.

Oct 14 2019, 9:28 AM · ssh, gnupg (gpg23), Feature Request

May 21 2019

werner closed T4502: keys added via gpg-agent's ssh-agent interface are stored in private-keys-v1.d/ with a trailing null byte as Resolved.

Also fixed for 2.2

May 21 2019, 9:16 AM · gpgagent, ssh
werner added a commit to T4502: keys added via gpg-agent's ssh-agent interface are stored in private-keys-v1.d/ with a trailing null byte: rG6e39541f4f48: agent: For SSH key, don't put NUL-byte at the end..
May 21 2019, 9:16 AM · gpgagent, ssh
gniibe added a commit to T4502: keys added via gpg-agent's ssh-agent interface are stored in private-keys-v1.d/ with a trailing null byte: rG479f7bf31ce4: agent: For SSH key, don't put NUL-byte at the end..
May 21 2019, 8:54 AM · gpgagent, ssh
gniibe claimed T4502: keys added via gpg-agent's ssh-agent interface are stored in private-keys-v1.d/ with a trailing null byte.

I located the bug in agent/command-ssh.c.
Our practice is two calls of gcry_sexp_sprint; One to determine the length including last NUL byte, and another to actually fills the buffer.
The first call return +1 for NUL byte.
The second call fills NUL at the end, but returns +0 length (length sans last NUL).

May 21 2019, 8:48 AM · gpgagent, ssh

May 15 2019

werner closed T4490: --export-secret-keys fails with unusually-created secret key as Resolved.

Applied to master and 2.2. Thanks.

May 15 2019, 9:04 AM · ssh, gnupg (gpg22)
werner added a commit to T4490: --export-secret-keys fails with unusually-created secret key: rG9c704d9d4633: gpg: enable OpenPGP export of cleartext keys with comments.
May 15 2019, 9:03 AM · ssh, gnupg (gpg22)
werner added a commit to T4490: --export-secret-keys fails with unusually-created secret key: rG392e59a3d487: gpg: enable OpenPGP export of cleartext keys with comments.
May 15 2019, 9:03 AM · ssh, gnupg (gpg22)

May 14 2019

werner raised the priority of T4490: --export-secret-keys fails with unusually-created secret key from Normal to High.
May 14 2019, 4:39 PM · ssh, gnupg (gpg22)
dkg added a comment to T4490: --export-secret-keys fails with unusually-created secret key.

I think this patch should be backported to STABLE-BRANCH-2-2

May 14 2019, 6:35 AM · ssh, gnupg (gpg22)
dkg added a comment to T4490: --export-secret-keys fails with unusually-created secret key.

I've just pushed 29adca88f5f6425f5311c27bb839718a4956ec3a to the dkg/fix-T4490 branch, which i believe fixes this issue.

May 14 2019, 3:43 AM · ssh, gnupg (gpg22)
dkg added a comment to T4490: --export-secret-keys fails with unusually-created secret key.

And, i just discovered that when i manually edit the key to remove the (comment) list from the *.key S-expression file, the final --export-secret-key works fine. so the failure appears to be due to the presence of the (comment) clause. (same as in T4501)

May 14 2019, 1:48 AM · ssh, gnupg (gpg22)

May 12 2019

werner triaged T4502: keys added via gpg-agent's ssh-agent interface are stored in private-keys-v1.d/ with a trailing null byte as Normal priority.

I often put an extra nul byte at the end of binary data so that accidental printing the data (e.g. in gdb) assures that there is a string terminator. But right, it should not go out to a file.

May 12 2019, 8:16 PM · gpgagent, ssh
dkg created T4502: keys added via gpg-agent's ssh-agent interface are stored in private-keys-v1.d/ with a trailing null byte.
May 12 2019, 12:37 AM · gpgagent, ssh

May 10 2019

dkg added a comment to T4490: --export-secret-keys fails with unusually-created secret key.

I was trying to use the above technique to be able to generate an OpenPGP transferable secret key in an ephemeral homedir. Ephemeral directories are recommended in the GnuPG info page's "unattended usage" section, but they do not work here.

May 10 2019, 10:45 PM · ssh, gnupg (gpg22)
werner triaged T4490: --export-secret-keys fails with unusually-created secret key as Normal priority.
May 10 2019, 10:20 AM · ssh, gnupg (gpg22)

Mar 5 2019

werner closed T4387: Export ssh key fails (brainpoolP256r1) as Resolved.

ssh does nut support brainpool curves and thus GnuPG does not know how to map its internal name of the curve to the name as specified by ssh. GnuPG supports these curves:

Mar 5 2019, 8:23 AM · ssh, Not A Bug

Dec 13 2018

gniibe closed T3880: gpg-agent's ssh-agent does not handle flags in signing requests properly as Resolved.
Dec 13 2018, 3:42 PM · ssh, gpgagent, Bug Report

Nov 16 2018

anarcat created T4261: create matching --import-ssh-key in the S1 Public space.
Nov 16 2018, 6:38 PM · ssh
werner triaged T4260: export all valid authentication subkeys in --export-ssh-key as Low priority.
Nov 16 2018, 9:11 AM · ssh, Feature Request

Oct 29 2018

werner triaged T4167: Pinentry prompt is confusing with regards to multiple smartcards when gpg-agent is used as ssh-agent as Normal priority.
Oct 29 2018, 9:46 AM · Feature Request, ssh, gpgagent
werner added a comment to T4167: Pinentry prompt is confusing with regards to multiple smartcards when gpg-agent is used as ssh-agent.

We had this idea to have a label: or similar item in the extended-key-format which is displayed in addition to the other info. The user can then use an editor to put whatever she likes into this field.

Oct 29 2018, 9:46 AM · Feature Request, ssh, gpgagent

Oct 19 2018

gniibe added a comment to T4167: Pinentry prompt is confusing with regards to multiple smartcards when gpg-agent is used as ssh-agent.

there should be clearer labelling of smartcards so that users can tell them apart more easily

Oct 19 2018, 6:17 AM · Feature Request, ssh, gpgagent

Oct 5 2018

werner added projects to T4167: Pinentry prompt is confusing with regards to multiple smartcards when gpg-agent is used as ssh-agent: gpgagent, ssh.
Oct 5 2018, 9:44 AM · Feature Request, ssh, gpgagent

May 16 2018

ccharabaruk added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

@werner I was hoping to make a modified gpg-agent build that would let me walk through what's going on after the nonce is sent but it looks like the gpg4win process only takes in a package of pre-built gpg binaries which rules that out. As far as I can figure out, after the nonce is read and accepted, libassuan creates a stream object out of the socket and then finding nothing in the stream terminates the ssh handler. We send the actual client request immediately after the nonce but in a separate call to send() so I now wonder if by not having anything read in at the same time as the nonce gpg-agent or libassuan thinks that it's a 0-length stream.

May 16 2018, 6:54 PM · Windows, ssh, gpgagent, Feature Request

Apr 21 2018

ccharabaruk added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I just took a look through assuan-socket.c and it appears that we just need to send the nonce and don't need to read anything back. We also found a bug on our side that was preventing the nonce from being sent, which has been fixed. The error message logged above no longer happens.

Apr 21 2018, 9:16 PM · Windows, ssh, gpgagent, Feature Request
werner added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

The nonce is a string of octets thus it needs to be passed verbatim. I would need to study the code in libassun/src/assuan-socket.c to tell more.

Apr 21 2018, 12:11 AM · Windows, ssh, gpgagent, Feature Request

Apr 20 2018

ccharabaruk added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

@werner After sending the nonce value from the socket file, does anything need to be read back before ssh-agent commands can be sent? Are there any byte ordering requirements for sending the nonce or can they be sent in the same order as they are in the file?

Apr 20 2018, 5:41 PM · Windows, ssh, gpgagent, Feature Request

Apr 14 2018

ccharabaruk added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I've been working with one of Microsoft's developers on a temporary tool that should bridge the connection between named pipes and the Unix sockets emulation used by gpg-agent but things appear to trip up with sending the nonce. From the position of the tool, the nonce value is successfully sent (send returns 16), but never seems to be picked up by gpg-agent. Instead both gpg-agent and the bridge sit there until whatever tool is using them (I test using ssh-add -l) is terminated, at which point gpg-agent immediately spits up the message

Apr 14 2018, 4:37 AM · Windows, ssh, gpgagent, Feature Request

Apr 11 2018

gniibe triaged T3880: gpg-agent's ssh-agent does not handle flags in signing requests properly as Normal priority.
Apr 11 2018, 10:01 AM · ssh, gpgagent, Bug Report

Apr 10 2018

werner added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Rhat's for the client, right. I never used it. We used to run a Windows 8 instance in a VM to run tests via ssh on it. That worked most not really stable. For obvious reasons I am more interested in the server part ;-)

Apr 10 2018, 8:15 AM · Windows, ssh, gpgagent, Feature Request
werner changed the status of T3880: gpg-agent's ssh-agent does not handle flags in signing requests properly from Open to Testing.

Thanks. I took these patches and simplified them. Not test tested, though,.

Apr 10 2018, 8:08 AM · ssh, gpgagent, Bug Report
dkg added a commit to T3880: gpg-agent's ssh-agent does not handle flags in signing requests properly: rG381c46818ffa: agent: unknown flags on ssh signing requests cause an error..
Apr 10 2018, 8:07 AM · ssh, gpgagent, Bug Report
ccharabaruk added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I would argue that the Windows port of OpenSSH is not unstable at this point, especially given that Microsoft is even providing it as an installable feature in the next regular Windows 10 release. The fact that the port is now using actual OpenSSH version numbers instead of their own 0.x versions lends credence to this as well.

Apr 10 2018, 2:19 AM · Windows, ssh, gpgagent, Feature Request
dkg reopened T3880: gpg-agent's ssh-agent does not handle flags in signing requests properly as "Open".

Thanks for the fix! however, the fix only addresses the two flags we currently know about. I've pushed a branch T3880-fix that tries to implement the If the agent does not support the requested flags […] It must reply with a SSH_AGENT_FAILURE message part of the spec.

Apr 10 2018, 12:14 AM · ssh, gpgagent, Bug Report

Apr 9 2018

werner closed T3880: gpg-agent's ssh-agent does not handle flags in signing requests properly as Resolved.

It is in 2.2.6

Apr 9 2018, 10:46 PM · ssh, gpgagent, Bug Report
werner triaged T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent as Normal priority.

Thanks for the pointer. But as long as the Windows ssh server is that instable I see no urgent need to add this to GnuPG.

Apr 9 2018, 10:25 AM · Windows, ssh, gpgagent, Feature Request

Apr 7 2018

ccharabaruk created T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.
Apr 7 2018, 12:59 AM · Windows, ssh, gpgagent, Feature Request

Apr 6 2018

gniibe changed the status of T3880: gpg-agent's ssh-agent does not handle flags in signing requests properly from Open to Testing.
Apr 6 2018, 8:51 AM · ssh, gpgagent, Bug Report
gniibe added a commit to T3880: gpg-agent's ssh-agent does not handle flags in signing requests properly: rG80b775bdbb85: agent: Support SSH signature flags..
Apr 6 2018, 8:08 AM · ssh, gpgagent, Bug Report

Apr 5 2018

dkg created T3880: gpg-agent's ssh-agent does not handle flags in signing requests properly.
Apr 5 2018, 5:43 PM · ssh, gpgagent, Bug Report

Jun 26 2017

justus added a commit to T2856: Can't ssh-add a key w/o a passphrase: rG273964798592: agent: Support unprotected ssh keys..
Jun 26 2017, 3:11 PM · Debian, Bug Report, gnupg, ssh
justus closed T2856: Can't ssh-add a key w/o a passphrase as Resolved.

Fixed in 273964798592cd479c111f47e8ce46d5b1999d6a.

Jun 26 2017, 2:57 PM · Debian, Bug Report, gnupg, ssh

Jun 23 2017

werner raised the priority of T2856: Can't ssh-add a key w/o a passphrase from Normal to High.

Well, can you then please fix it?

Jun 23 2017, 5:14 PM · Debian, Bug Report, gnupg, ssh

May 24 2017

justus added a commit to T2106: Support SHA-256 fingerprints for ssh: rG525f2c482abb: agent: Make digest algorithms for ssh fingerprints configurable..
May 24 2017, 6:13 PM · gnupg (gpg22), gnupg, ssh, Feature Request
justus added a commit to T2106: Support SHA-256 fingerprints for ssh: rGa5f046d99a08: agent: Write both ssh fingerprints to 'sshcontrol' file..
May 24 2017, 6:13 PM · gnupg (gpg22), gnupg, ssh, Feature Request
justus added a commit to T2106: Support SHA-256 fingerprints for ssh: rG3a07a69dfc87: common: Correctly render SHA256-based ssh fingerprints..
May 24 2017, 6:13 PM · gnupg (gpg22), gnupg, ssh, Feature Request
justus added a commit to T2106: Support SHA-256 fingerprints for ssh: rG3ac1a9d3a018: common: Support different digest algorithms for ssh fingerprints..
May 24 2017, 6:13 PM · gnupg (gpg22), gnupg, ssh, Feature Request
justus closed T2106: Support SHA-256 fingerprints for ssh as Resolved.

Fixed as of 525f2c482abb6bc2002eb878b03558fb43e6b004.

May 24 2017, 6:13 PM · gnupg (gpg22), gnupg, ssh, Feature Request