sshProject
ActivePublic

Members

  • This project does not have any members.

Recent Activity

Fri, Nov 16

anarcat created T4261: create matching --import-ssh-key in the S1 Public space.
Fri, Nov 16, 6:38 PM · ssh
werner triaged T4260: export all valid authentication subkeys in --export-ssh-key as Low priority.
Fri, Nov 16, 9:11 AM · ssh, Feature Request

Oct 29 2018

werner triaged T4167: Pinentry prompt is confusing with regards to multiple smartcards when gpg-agent is used as ssh-agent as Normal priority.
Oct 29 2018, 9:46 AM · Feature Request, ssh, gpgagent
werner added a comment to T4167: Pinentry prompt is confusing with regards to multiple smartcards when gpg-agent is used as ssh-agent.

We had this idea to have a label: or similar item in the extended-key-format which is displayed in addition to the other info. The user can then use an editor to put whatever she likes into this field.

Oct 29 2018, 9:46 AM · Feature Request, ssh, gpgagent

Oct 19 2018

gniibe added a comment to T4167: Pinentry prompt is confusing with regards to multiple smartcards when gpg-agent is used as ssh-agent.

there should be clearer labelling of smartcards so that users can tell them apart more easily

Oct 19 2018, 6:17 AM · Feature Request, ssh, gpgagent

Oct 5 2018

werner added projects to T4167: Pinentry prompt is confusing with regards to multiple smartcards when gpg-agent is used as ssh-agent: gpgagent, ssh.
Oct 5 2018, 9:44 AM · Feature Request, ssh, gpgagent

May 16 2018

ccharabaruk added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

@werner I was hoping to make a modified gpg-agent build that would let me walk through what's going on after the nonce is sent but it looks like the gpg4win process only takes in a package of pre-built gpg binaries which rules that out. As far as I can figure out, after the nonce is read and accepted, libassuan creates a stream object out of the socket and then finding nothing in the stream terminates the ssh handler. We send the actual client request immediately after the nonce but in a separate call to send() so I now wonder if by not having anything read in at the same time as the nonce gpg-agent or libassuan thinks that it's a 0-length stream.

May 16 2018, 6:54 PM · Windows, ssh, gpgagent, Feature Request

Apr 21 2018

ccharabaruk added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I just took a look through assuan-socket.c and it appears that we just need to send the nonce and don't need to read anything back. We also found a bug on our side that was preventing the nonce from being sent, which has been fixed. The error message logged above no longer happens.

Apr 21 2018, 9:16 PM · Windows, ssh, gpgagent, Feature Request
werner added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

The nonce is a string of octets thus it needs to be passed verbatim. I would need to study the code in libassun/src/assuan-socket.c to tell more.

Apr 21 2018, 12:11 AM · Windows, ssh, gpgagent, Feature Request

Apr 20 2018

ccharabaruk added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

@werner After sending the nonce value from the socket file, does anything need to be read back before ssh-agent commands can be sent? Are there any byte ordering requirements for sending the nonce or can they be sent in the same order as they are in the file?

Apr 20 2018, 5:41 PM · Windows, ssh, gpgagent, Feature Request

Apr 14 2018

ccharabaruk added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I've been working with one of Microsoft's developers on a temporary tool that should bridge the connection between named pipes and the Unix sockets emulation used by gpg-agent but things appear to trip up with sending the nonce. From the position of the tool, the nonce value is successfully sent (send returns 16), but never seems to be picked up by gpg-agent. Instead both gpg-agent and the bridge sit there until whatever tool is using them (I test using ssh-add -l) is terminated, at which point gpg-agent immediately spits up the message

Apr 14 2018, 4:37 AM · Windows, ssh, gpgagent, Feature Request

Apr 11 2018

gniibe triaged T3880: gpg-agent's ssh-agent does not handle flags in signing requests properly as Normal priority.
Apr 11 2018, 10:01 AM · ssh, gpgagent, Bug Report

Apr 10 2018

werner added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Rhat's for the client, right. I never used it. We used to run a Windows 8 instance in a VM to run tests via ssh on it. That worked most not really stable. For obvious reasons I am more interested in the server part ;-)

Apr 10 2018, 8:15 AM · Windows, ssh, gpgagent, Feature Request
werner changed the status of T3880: gpg-agent's ssh-agent does not handle flags in signing requests properly from Open to Testing.

Thanks. I took these patches and simplified them. Not test tested, though,.

Apr 10 2018, 8:08 AM · ssh, gpgagent, Bug Report
dkg added a commit to T3880: gpg-agent's ssh-agent does not handle flags in signing requests properly: rG381c46818ffa: agent: unknown flags on ssh signing requests cause an error..
Apr 10 2018, 8:07 AM · ssh, gpgagent, Bug Report
ccharabaruk added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I would argue that the Windows port of OpenSSH is not unstable at this point, especially given that Microsoft is even providing it as an installable feature in the next regular Windows 10 release. The fact that the port is now using actual OpenSSH version numbers instead of their own 0.x versions lends credence to this as well.

Apr 10 2018, 2:19 AM · Windows, ssh, gpgagent, Feature Request
dkg reopened T3880: gpg-agent's ssh-agent does not handle flags in signing requests properly as "Open".

Thanks for the fix! however, the fix only addresses the two flags we currently know about. I've pushed a branch T3880-fix that tries to implement the If the agent does not support the requested flags […] It must reply with a SSH_AGENT_FAILURE message part of the spec.

Apr 10 2018, 12:14 AM · ssh, gpgagent, Bug Report

Apr 9 2018

werner closed T3880: gpg-agent's ssh-agent does not handle flags in signing requests properly as Resolved.

It is in 2.2.6

Apr 9 2018, 10:46 PM · ssh, gpgagent, Bug Report
werner triaged T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent as Normal priority.

Thanks for the pointer. But as long as the Windows ssh server is that instable I see no urgent need to add this to GnuPG.

Apr 9 2018, 10:25 AM · Windows, ssh, gpgagent, Feature Request

Apr 7 2018

ccharabaruk created T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.
Apr 7 2018, 12:59 AM · Windows, ssh, gpgagent, Feature Request

Apr 6 2018

gniibe changed the status of T3880: gpg-agent's ssh-agent does not handle flags in signing requests properly from Open to Testing.
Apr 6 2018, 8:51 AM · ssh, gpgagent, Bug Report
gniibe added a commit to T3880: gpg-agent's ssh-agent does not handle flags in signing requests properly: rG80b775bdbb85: agent: Support SSH signature flags..
Apr 6 2018, 8:08 AM · ssh, gpgagent, Bug Report

Apr 5 2018

dkg created T3880: gpg-agent's ssh-agent does not handle flags in signing requests properly.
Apr 5 2018, 5:43 PM · ssh, gpgagent, Bug Report

Jun 26 2017

justus added a commit to T2856: Can't ssh-add a key w/o a passphrase: rG273964798592: agent: Support unprotected ssh keys..
Jun 26 2017, 3:11 PM · Debian, Bug Report, gnupg, ssh
justus closed T2856: Can't ssh-add a key w/o a passphrase as Resolved.

Fixed in 273964798592cd479c111f47e8ce46d5b1999d6a.

Jun 26 2017, 2:57 PM · Debian, Bug Report, gnupg, ssh

Jun 23 2017

werner raised the priority of T2856: Can't ssh-add a key w/o a passphrase from Normal to High.

Well, can you then please fix it?

Jun 23 2017, 5:14 PM · Debian, Bug Report, gnupg, ssh

May 24 2017

justus added a commit to T2106: Support SHA-256 fingerprints for ssh: rG525f2c482abb: agent: Make digest algorithms for ssh fingerprints configurable..
May 24 2017, 6:13 PM · gnupg (gpg22), gnupg, ssh, Feature Request
justus added a commit to T2106: Support SHA-256 fingerprints for ssh: rGa5f046d99a08: agent: Write both ssh fingerprints to 'sshcontrol' file..
May 24 2017, 6:13 PM · gnupg (gpg22), gnupg, ssh, Feature Request
justus added a commit to T2106: Support SHA-256 fingerprints for ssh: rG3a07a69dfc87: common: Correctly render SHA256-based ssh fingerprints..
May 24 2017, 6:13 PM · gnupg (gpg22), gnupg, ssh, Feature Request
justus added a commit to T2106: Support SHA-256 fingerprints for ssh: rG3ac1a9d3a018: common: Support different digest algorithms for ssh fingerprints..
May 24 2017, 6:13 PM · gnupg (gpg22), gnupg, ssh, Feature Request
justus closed T2106: Support SHA-256 fingerprints for ssh as Resolved.

Fixed as of 525f2c482abb6bc2002eb878b03558fb43e6b004.

May 24 2017, 6:13 PM · gnupg (gpg22), gnupg, ssh, Feature Request
justus moved T2106: Support SHA-256 fingerprints for ssh from Backlog to Wishlist on the gnupg (gpg22) board.
May 24 2017, 1:17 PM · gnupg (gpg22), gnupg, ssh, Feature Request

May 17 2017

srgblnchtrn added a watcher for ssh: srgblnchtrn.
May 17 2017, 9:20 AM

Apr 7 2017

gniibe added a comment to T3027: gpg-agent crash on macOS Sierra triggerd by ssh.

Applied as ebe12be034f0.

Apr 7 2017, 2:15 AM · Bug Report, gpgagent, gnupg

Apr 6 2017

gniibe added a comment to T3027: gpg-agent crash on macOS Sierra triggerd by ssh.

While I can't reproduce this problem myself, I think I found an issue of gpg-agent passphrase caching.
Double free may happen when multiple threads enter agent_put_cache, for example.

Apr 6 2017, 4:38 AM · Bug Report, gpgagent, gnupg

Apr 4 2017

gniibe added a project to T3027: gpg-agent crash on macOS Sierra triggerd by ssh: In Progress.
Apr 4 2017, 2:56 AM · Bug Report, gpgagent, gnupg
gniibe reopened T3027: gpg-agent crash on macOS Sierra triggerd by ssh as "Open".
Apr 4 2017, 2:54 AM · Bug Report, gpgagent, gnupg
gniibe closed T3027: gpg-agent crash on macOS Sierra triggerd by ssh as Resolved.

In 2.1.19, gpg-agent uses getpeerucred for macOS. I changed it (since it seemed not working). In 2.1.20, gpg-agent now uses getsockopt with LOCAL_PEERPID.
It seems for me that the crash occurs by ucred_free. If this is the case, 2.1.20 fixes this issue.

Apr 4 2017, 2:54 AM · Bug Report, gpgagent, gnupg

Mar 30 2017

marcus moved T3027: gpg-agent crash on macOS Sierra triggerd by ssh from In Progress to Backlog on the gnupg board.
Mar 30 2017, 7:36 PM · Bug Report, gpgagent, gnupg
marcus moved T3027: gpg-agent crash on macOS Sierra triggerd by ssh from Backlog to In Progress on the gnupg board.
Mar 30 2017, 7:35 PM · Bug Report, gpgagent, gnupg
admin created ssh.
Mar 30 2017, 6:42 PM
landro added projects to T3027: gpg-agent crash on macOS Sierra triggerd by ssh: MacOS, ssh, gnupg, gnupg (gpg21), gpgagent, Bug Report.
Mar 30 2017, 3:22 PM · Bug Report, gpgagent, gnupg
landro set Version to 2.1.19 on T3027: gpg-agent crash on macOS Sierra triggerd by ssh.
Mar 30 2017, 3:22 PM · Bug Report, gpgagent, gnupg

Feb 8 2017

justus added a comment to T2856: Can't ssh-add a key w/o a passphrase.

I can reproduce this. Our test indeed feeds a passphrase to the agent.

Feb 8 2017, 10:16 AM · Debian, Bug Report, gnupg, ssh

Feb 5 2017

dkg changed External Link from 846175@bugs.debian.org to https://bugs.debian.org/846175 on T2856: Can't ssh-add a key w/o a passphrase.
Feb 5 2017, 9:18 AM · Debian, Bug Report, gnupg, ssh
dkg added a comment to T2856: Can't ssh-add a key w/o a passphrase.

Any thoughts or progress on this?

Feb 5 2017, 9:18 AM · Debian, Bug Report, gnupg, ssh

Jan 26 2017

justus claimed T2856: Can't ssh-add a key w/o a passphrase.
Jan 26 2017, 5:24 PM · Debian, Bug Report, gnupg, ssh

Jan 6 2017

werner added a project to T2106: Support SHA-256 fingerprints for ssh: gnupg (gpg22).
Jan 6 2017, 5:47 PM · gnupg (gpg22), gnupg, ssh, Feature Request
werner added a comment to T2106: Support SHA-256 fingerprints for ssh.

Adding %f does not help much because it is only used internally. I would be in
favor of adding an ssh-key-mode option so that the user can select the hash algo
and the output format.

Jan 6 2017, 5:47 PM · gnupg (gpg22), gnupg, ssh, Feature Request

Nov 29 2016

werner set External Link to 846175@bugs.debian.org on T2856: Can't ssh-add a key w/o a passphrase.
Nov 29 2016, 10:40 AM · Debian, Bug Report, gnupg, ssh