1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1103720: ssh-askpass-gnome prompts for confirmation, but the connec

    From Colin Watson@21:1/5 to erebion on Mon Apr 21 19:10:01 2025
    On Mon, Apr 21, 2025 at 12:57:34AM +0200, erebion wrote:
    Using:

    - ssh-askpass (GNOME version)
    - KeePassXC
    - GNOME Keyring as the SSH Agent
    - setting /run/user/1000/gcr/ssh as SSH_AUTH_SOCK in the KeepassXC settings

    Askpass asks to allow using the SSH key. Upon clicking "no", a
    connection is still established.

    SSH outputs the following:

    sign_and_send_pubkey: signing failed for ED25519
    "/home/user/.ssh/id_ed25519" from agent: agent refused operation

    Then the prompt of the remote system appears.

    Can you please add the -vvv option to ssh, reproduce the same situation,
    and send the full output?

    * What outcome did you expect instead?

    Clicking "no" leads to the SSH connection not getting established.

    Well, that's not quite what denying the use of an SSH key means. It
    means that that particular key shouldn't be used for authentication; but perhaps some other authentication method is being used instead.
    Hopefully the -vvv debugging output will make it clear.

    Thanks,

    --
    Colin Watson (he/him) [cjwatson@debian.org]

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Colin Watson@21:1/5 to Colin Watson on Mon Apr 28 01:00:01 2025
    On Mon, Apr 21, 2025 at 06:02:55PM +0100, Colin Watson wrote:
    On Mon, Apr 21, 2025 at 12:57:34AM +0200, erebion wrote:
    Using:

    - ssh-askpass (GNOME version)
    - KeePassXC
    - GNOME Keyring as the SSH Agent
    - setting /run/user/1000/gcr/ssh as SSH_AUTH_SOCK in the KeepassXC settings >>
    Askpass asks to allow using the SSH key. Upon clicking "no", a
    connection is still established.

    SSH outputs the following:

    sign_and_send_pubkey: signing failed for ED25519 >>"/home/user/.ssh/id_ed25519" from agent: agent refused operation

    Then the prompt of the remote system appears.

    Can you please add the -vvv option to ssh, reproduce the same
    situation, and send the full output?

    * What outcome did you expect instead?

    Clicking "no" leads to the SSH connection not getting established.

    Well, that's not quite what denying the use of an SSH key means. It
    means that that particular key shouldn't be used for authentication;
    but perhaps some other authentication method is being used instead.
    Hopefully the -vvv debugging output will make it clear.

    Hi,

    Have you had an opportunity to look at getting this additional
    information? Since this bug currently has release-critical severity,
    I'd like it not to get stalled.

    Thanks,

    --
    Colin Watson (he/him) [cjwatson@debian.org]

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)