gpg-agent chooses wrong identity when picking SSH key
Faru Guredo
faruguredo at gmail.com
Sat Feb 15 15:20:38 CET 2014
It worked with ssh-agent and still works without any agent -- settings in
~/.ssh/config just work as they should. But with gpg-agent there is such a
mess.
2014-02-15 18:19 GMT+04:00 Faru Guredo <faruguredo at gmail.com>:
> After I have done small investigation, I've found that it's only the
> second try when gpg-agent uses wrong identity. The first is done with
> correct identity, but ssh server failed to authenticate the key because of
> this error:
>
> error: RSA_public_decrypt failed:
> error:0407006A:lib(4):func(112):reason(106)
> debug1: ssh_rsa_verify: signature incorrect
>
> Both keys are RSA with the same length (4096).
>
> debug1: Server accepts key: pkalg ssh-rsa blen 535.
>
> But ssh server refuses to validate the first and approves only the latter
> one (there is a gitolite installation) which causes the push to be done
> with the wrong key, and hence, the wrong username.
>
>
> 2014-02-14 10:23 GMT+04:00 Faru Guredo <faruguredo at gmail.com>:
>
> Hello.
>>
>> I am migrating from ssh-agent to gpg-agent and have successfully loaded
>> my SSH keys into the new agent,
>>
>> $ ssh-add -l
>> 4096 5c:f3:b8:34:56:31:08:88:7b:4d:a3:ce:d8:9b:62:d7
>> /home/faru/.ssh/first-company (RSA)
>> 4096 d9:14:07:00:15:c4:7b:70:c4:94:73:6c:bb:5d:25:42
>> /home/faru/.ssh/second-company (RSA)
>> 4096 df:19:f5:24:c7:2f:09:c3:ef:15:03:9f:aa:46:4c:06
>> /home/faru/.ssh/third-company (RSA)
>> 4096 05:28:b8:2b:dc:65:55:d3:62:8b:37:e7:b5:a6:df:a4
>> /home/faru/.ssh/fourth-company (RSA)
>>
>> And in ~/.ssh/config I have lines, telling that ~/.ssh/third-company
>> should be used when connecting to third-company.com
>>
>> Host third-company
>> HostName third-company.com
>> User git
>> IdentityFile ~/.ssh/third-company
>>
>> Though, when I push commits there, git on the server says 'Access denied
>> for first-company'. So I figured out that gpg-agent uses first available
>> key instead of looking at the host and settings in ~/.ssh/config
>> Host is defined in .git/config as
>>
>> [remote "origin"]
>> url = ssh://git@third-company/reponame.git
>>
>> How could I fix that?
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140215/f83a548b/attachment.html>
More information about the Gnupg-users
mailing list