From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qk1-x731.google.com (mail-qk1-x731.google.com [IPv6:2607:f8b0:4864:20::731]) by sourceware.org (Postfix) with ESMTPS id B46CB385DC00 for ; Tue, 2 Jun 2020 21:52:37 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org B46CB385DC00 Received: by mail-qk1-x731.google.com with SMTP id s1so64830qkf.9 for ; Tue, 02 Jun 2020 14:52:37 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=rzP4KS+6ExAlXdjUjfAOsLnkc/lLnYKF+T6nGG1rZWM=; b=qvgKx13rFo92X+DUsjTDFLLlLbfaksXgnwWSZS9ko/NAJd/iW6QzWeeOcQjp9hpzF0 PI6CaR2N9rQOs30Wi5H0DOlcnSWv4PwDvfL5lxhrzz3NM8gVT6E72Gf5MoZ7By3dm/3x ry4B0udSlzY8TpwImS/OgrNMTwnJ410XvsxDsGB05kw6lXHEzgnEltqcOHA5xRAS19HH v4rpS4IKNt1dcEEEDNVJOqAGlo+4raKkRzJhd/OE0GnslvRqrzM/hGJIGXvvr4t8r0iw Dg14TQ/x8NbYG/mdKZ7CxiOwTvBEpbyoEFPbn9phftiEIdOOlPRh1VfM46+tUcmouDMi 1Mzw== X-Gm-Message-State: AOAM532ZB9IJEjP+P6t2pS/oa1wW309vHcNvdk0h9WCh0ArQuzpZJHG5 CHw+cOYiOcCV5evADj5iiqE= X-Google-Smtp-Source: ABdhPJx1T+rzYS8uE08PW2/7l8/oIMXBuT324nGVPXhQHm9EKmw/iKqLhVRvC4tYdqJyR4Kb6nAuQw== X-Received: by 2002:a37:9342:: with SMTP id v63mr7407917qkd.221.1591134757171; Tue, 02 Jun 2020 14:52:37 -0700 (PDT) Received: from [192.168.0.41] (75-166-103-121.hlrn.qwest.net. [75.166.103.121]) by smtp.gmail.com with ESMTPSA id l69sm3489202qke.112.2020.06.02.14.52.35 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 02 Jun 2020 14:52:36 -0700 (PDT) Subject: Re: sign_and_send_pubkey: signing failed: agent refused operation To: Jonathan Wakely Cc: Overseers mailing list , "Frank Ch. Eigler" , gcc mailing list References: <20200601181037.GB16575@redhat.com> From: Martin Sebor Message-ID: Date: Tue, 2 Jun 2020 15:52:34 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3.8 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: overseers@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Overseers mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jun 2020 21:52:38 -0000 On 6/2/20 2:43 PM, Jonathan Wakely wrote: > On Tue, 2 Jun 2020 at 21:26, Martin Sebor wrote: >> >> On 6/1/20 1:12 PM, Jonathan Wakely via Overseers wrote: >>> On Mon, 1 Jun 2020 at 19:11, Frank Ch. Eigler via Gcc wrote: >>>> >>>> Hi - >>>> >>>>> git pull from the GCC and Glibc repos is failing for me with the error >>>>> below. It worked fine last week and I haven't made any changes to my >>>>> ssh keys. >>>> >>>> And are you logging in from the same workstation with access to the same >>>> set of ssh private keys? >>>> >>>>> Is this a transient glitch or has something changed recently that I >>>>> need to make some adjustments for? >>>> >>>> I know of nothing relevant that has changed on the sourceware side. >>>> >>>>> sign_and_send_pubkey: signing failed: agent refused operation >>>>> msebor@gcc.gnu.org: Permission denied (publickey). >>>>> fatal: Could not read from remote repository. >>>> >>>> The usual advice is to run % ssh -vv gcc.gnu.org alive >>>> and report the ssh level error. >>>> >>>> "agent refused operation" sounds like a problem on the client end. >>> >>> Yes, it is. "agent" refers to the ssh-agent program. >>> >>> Martin, what does 'ssh-add -l' show? >>> >>> Is there only one ssh-agent process shown by 'ps -ef | fgrep >>> [s]sh-agent'? Does its PID match $SSH_AGENT_PID? >>> >>> Another possible cause is that the file permissions are not strict >>> enough on the private key, or on the ~/.ssh directory that contains >>> it. Key files should be 600 and ~/.ssh should be 700. >> >> We solved the problem over IRC last night so just to close the loop >> on it here: it turned out to be caused by Gnome keyring setting >> SSH_AUTH_SOCK=/run/user/1000/keyring/ssh. With the environment >> variable undefined I get prompted for the password as expected. > > But that just means you're not using an agent, right? It just means I know what's causing the problem. Until just now I haven't thought about how to deal with it in a smarter way than by remembering to run ssh-add either first, or when I see the error. > > Do you really want to enter a passphrase every time you connect to gcc.gnu.org? Ideally, I'd prefer never to have to enter it but until that happy day comes I'll settle for just typing it in once a day. > > Solving it by the GNOME keyring would match Jim's suggestion that the > GNOME keyring won't use your key. > > You could generate a new 4K key that GNOME keyring will accept, upload > the public key to gcc.gnu.org, and use that instead. Then you could > use the keyring as your agent. I just saw Jim's email. I'll see if going to 4k keys works. Thanks Martin