After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 571060 - gnome-keyring-daemon makes ssh fail with DSA keys
gnome-keyring-daemon makes ssh fail with DSA keys
Status: RESOLVED NOTGNOME
Product: gnome-keyring
Classification: Core
Component: keyring files
2.25.x
Other All
: Normal major
: ---
Assigned To: GNOME keyring maintainer(s)
GNOME keyring maintainer(s)
Depends on:
Blocks:
 
 
Reported: 2009-02-09 16:30 UTC by Udo Rader
Modified: 2010-01-06 10:34 UTC
See Also:
GNOME target: ---
GNOME version: 2.25/2.26

Attachments
Narrow down problem further. (1.15 KB, patch)
2009-02-18 15:35 UTC, Stef Walter 		none Details | Review

Description Udo Rader 2009-02-09 16:30:30 UTC 
Please describe the problem:
as seen on https://bugzilla.redhat.com/show_bug.cgi?id=484459 and https://bugzilla.redhat.com/show_bug.cgi?id=484459 gnome-keyring-daemon makes ssh fail, if one uses DSA keys:

$ ssh -v root@hel
OpenSSH_5.1p1, OpenSSL 0.9.8i 15 Sep 2008
debug1: Reading configuration data /home/udo/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to hel [X.X.X.X] port 22.
debug1: Connection established.
debug1: identity file /home/udo/.ssh/identity type -1
debug1: identity file /home/udo/.ssh/id_rsa type -1
debug1: identity file /home/udo/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5
debug1: match: OpenSSH_5.1p1 Debian-5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'hel' is known and matches the RSA host key.
debug1: Found key in /home/udo/.ssh/known_hosts:108
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
buffer_get_ret: trying to get more bytes 4 than in buffer 0
buffer_get_int: buffer error


Steps to reproduce:


Actual results:


Expected results:


Does this happen every time?


Other information:
Comment 1 Udo Rader 2009-02-09 16:31:23 UTC 
sorry, the second bugtracker URL should read https://qa.mandriva.com/show_bug.cgi?id=47595
Comment 2 Pascal Terjan 2009-02-09 16:47:33 UTC 
What is your architecture ? I can't reproduce on my i586 laptop
Comment 3 Pascal Terjan 2009-02-09 17:00:17 UTC 
I can't reproduce on x86_64 either
Comment 4 Udo Rader 2009-02-09 17:01:20 UTC 
I have x86_64 here
Comment 5 Stef Walter 2009-02-13 19:13:52 UTC 
Odd, I can use an encrypted and unencrypted DSA key, just fine on x86_64.
Comment 6 Stef Walter 2009-02-13 19:21:11 UTC 
Some ways we can move forward to find the problem:

Udo, could you include any relevant gnome-keyring lines from /var/log/auth.log? That'll show us if it's an error we can work around.

Also, is it possible to generate a key that doesn't work and attach it to this bug? 

Another thing to test if this problem is still in the very latest SVN head development version. If that's a possibility for you. 

Thanks!
Comment 7 Udo Rader 2009-02-13 19:41:35 UTC 
ok, /var/log/auth.log says this:

----------CUT---------
Feb 13 20:29:05 localhost gnome-keyring-daemon[6899]: gck_ssh_agent_proto_write_public_dsa: assertion `attr' failed
----------CUT---------

Unfortunately I don't seem to be able to generate a new failing DSA key.

And as another fact, I see that the daemon only fails if it is autostarted intially like this:

/usr/bin/gnome-keyring-daemon --daemonize --login

If I manually kill it and start it manually just like this

$ gnome-keyring-daemon

everything is fine. No idea why it is automagically started with the --login option, but who knows :-)
Comment 8 Stef Walter 2009-02-18 15:33:36 UTC 
Startup of gnome-keyring-daemon is described here: 

http://live.gnome.org/GnomeKeyring/RunningDaemon

When you ran it from the command line did you set the environment variables into your environment via eval or related? 

Which exact version of gnome-keyring are you running? 

Does the output of 'ssh-add -l' and 'ssh-add -L' include the key in question? 

So in essence, it's that one single DSA key which doesn't work with gnome-keyring? Other newly generated keys work?
Comment 9 Stef Walter 2009-02-18 15:35:20 UTC 
Created attachment 128986 [details] [review]
Narrow down problem further.

The /var/log/auth.log output is helpful. In order to further narrow down the problem, could you run gnome-keyring-daemon with the attached patch, and add the new output of /var/log/auth.log to this bug?

Thanks for your help!
Comment 10 Akhil Laddha 2009-12-11 06:32:35 UTC 
Udo, ping, did you get time to try out patch from comment#9 ?
Comment 11 Udo Rader 2010-01-06 10:34:48 UTC 
sorry for the very late response, I simply forgot about the problem. Obviously it has just been an intermittent "development time" only issue that has gone away, so closing the bug.