scdaemon lockup with Yubikey NEO
the2nd at otpme.org
the2nd at otpme.org
Tue Dec 1 00:19:20 CET 2015
Hi again,
i asked for help on the openssh list and was told to ask the devs of
gpg-agent for help ;)
https://groups.google.com/forum/#!topic/mailing.unix.openssh-dev/qSPsDdj5-0M
So are any devs reading on this list? The problem is reproducible and i
am willing to help debugging and whatever is needed to fix the issue. :)
regards
the2nd
On 2015-11-23 16:53, the2nd at otpme.org wrote:
> Hi,
>
> i've done some more testing and found out that the problem starts to
> exist with openssh version 6.8p1. With 6.7p1 everything works perfect.
> I downloaded the openssh tarballs one by one, compiled with
> ./configure;make and just copied the "ssh" binary.
>
> I was able to reproduce the problem with the following steps:
>
> 1. Start gpg-agent: eval $(gpg-agent --daemon --enable-ssh-support
> --log-file ~/.gnupg/gpg-agent.log)
> 2. Login to any host with your SSH key and keep the session open: ssh
> -l root localhost
> 3. Plug your yubikey out/in
> 4. Try to login with your SSH key to any other host
>
> With openssh 6.8p1 this fails reproducable. With version 6.7p1 or
> earlier it works.
>
> As a workaround i replaced my ssh client binary with the old version.
>
> It would be great to get a real fix for this. But i am unsure where
> the realm problem lies, gpg or openssh.
>
> Maybe we should ask this on the openssh list?
>
> regards
> the2nd
>
>
> On 2015-11-22 03:06, Lance R. Vick wrote:
>> This happens to me constantly as well. I my case I frequently need to
>> kill and restart gpg-agent to get things working again on both Arch
>> Linux and Gentoo.
>>
>> On Sat, Nov 21, 2015 at 4:41 AM, the2nd <the2nd at otpme.org> wrote:
>>
>>> Hi Ben,
>>>
>>> We have a similar Problem since we've upgraded from Ubuntu 15.04 to
>>> 15.10. When starting gpg-agent with --log-file the log show the
>>> following:
>>>
>>> 2015-05-30 13:49:36 gpg-agent[3600] error accessing card:
>>> Conflicting use
>>> 2015-05-30 13:49:36 gpg-agent[3600] smartcard signing failed:
>>> Conflicting use
>>> 2015-05-30 13:49:38 gpg-agent[3600] error getting
>>> default authentication keyID of card: Conflicting use
>>>
>>> I've asked the list serval times about this issue but got now answer
>>> yet. So i dont have a solution but it may be interesting if your
>>> problem is the same...
>>>
>>> Regards
>>> The2nd
>>>
>>> -------- Ursprüngliche Nachricht --------
>>> Von: Ben Warren
>>> Datum:11.20.2015 16:26 (GMT+01:00)
>>> An: gnupg-users at gnupg.org
>>> Betreff: scdaemon lockup with Yubikey NEO
>>>
>>> Hi,
>>>
>>> I’ve noticed several other problem reports that seem similar,
>>> hopefully they’re all related and there’s a simple fix.
>>>
>>> The problem:
>>>
>>> After an indeterminate amount of time (sometimes minutes, sometimes
>>> hours), any GPG operation that uses my Yubikey NEO device hangs.
>>> The two most common operations are SSH authentication and git
>>> signing. The following sequence gets things going again:
>>>
>>> $ killall -SIGKILL scdaemon
>>>
>>> $ gpg2 —card-status
>>>
>>> System particulars:
>>>
>>> * Host OS is OS-X Yosemite, although it is also present on
>>> Mavericks (haven’t tried El Capitan yet)
>>>
>>> * GPG 2.1.5
>>>
>>> * Using the Yubikey’s authentication subkey to login to remote
>>> Linux hosts
>>>
>>> * Using the Yubikey’s signing subkey for git signing operations,
>>> both local and remote
>>>
>>> * Using gpg-agent for forwarding both GPG and SSH (great features,
>>> BTW!)
>>>
>>> GPG configuration file:
>>>
>>> $ cat ~/.gnupg/gpg-agent.conf
>>>
>>> default-cache-ttl 1
>>>
>>> ignore-cache-for-signing
>>>
>>> no-allow-external-cache
>>>
>>> max-cache-ttl 1
>>>
>>> extra-socket ${HOME}/.gnupg/S.gpg-extra-agent
>>>
>>> debug-all
>>>
>>> log-file ${HOME}/.gnupg/mygpglogfile.log
>>>
>>> enable-ssh-support
>>>
>>> I’ll be happy to help debug this, but need some guidance.
>>>
>>> thanks,
>>>
>>> Ben
>>> _______________________________________________
>>> Gnupg-users mailing list
>>> Gnupg-users at gnupg.org
>>> http://lists.gnupg.org/mailman/listinfo/gnupg-users [1]
>>
>> --
>>
>> Lance R. Vick
>> __________________________________________________
>> Cell - 407.283.7596
>> Gtalk - lance at lrvick.net
>> Website - http://lrvick.net [2]
>> PGP Key - http://lrvick.net/0x36C8AAA9.asc [3]
>> keyserver - subkeys.pgp.net [4]
>> __________________________________________________
>>
>> Links:
>> ------
>> [1] http://lists.gnupg.org/mailman/listinfo/gnupg-users
>> [2] http://lrvick.net
>> [3] http://lrvick.net/0x36C8AAA9.asc
>> [4] http://subkeys.pgp.net
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
More information about the Gnupg-users
mailing list