scdaemon lockup with Yubikey NEO

the2nd at otpme.org the2nd at otpme.org
Tue Dec 1 00:19:20 CET 2015


Hi again,

i asked for help on the openssh list and was told to ask the devs of 
gpg-agent for help ;)

https://groups.google.com/forum/#!topic/mailing.unix.openssh-dev/qSPsDdj5-0M

So are any devs reading on this list? The problem is reproducible and i 
am willing to help debugging and whatever is needed to fix the issue. :)

regards
the2nd

On 2015-11-23 16:53, the2nd at otpme.org wrote:
> Hi,
> 
> i've done some more testing and found out that the problem starts to
> exist with openssh version 6.8p1. With 6.7p1 everything works perfect.
> I downloaded the openssh tarballs one by one, compiled with
> ./configure;make and just copied the "ssh" binary.
> 
> I was able to reproduce the problem with the following steps:
> 
> 1. Start gpg-agent: eval $(gpg-agent --daemon --enable-ssh-support
> --log-file ~/.gnupg/gpg-agent.log)
> 2. Login to any host with your SSH key and keep the session open: ssh
> -l root localhost
> 3. Plug your yubikey out/in
> 4. Try to login with your SSH key to any other host
> 
> With openssh 6.8p1 this fails reproducable. With version 6.7p1 or
> earlier it works.
> 
> As a workaround i replaced my ssh client binary with the old version.
> 
> It would be great to get a real fix for this. But i am unsure where
> the realm problem lies, gpg or openssh.
> 
> Maybe we should ask this on the openssh list?
> 
> regards
> the2nd
> 
> 
> On 2015-11-22 03:06, Lance R. Vick wrote:
>> This happens to me constantly as well. I my case I frequently need to
>> kill and restart gpg-agent to get things working again on both Arch
>> Linux and Gentoo.
>> 
>> On Sat, Nov 21, 2015 at 4:41 AM, the2nd <the2nd at otpme.org> wrote:
>> 
>>> Hi Ben,
>>> 
>>> We have a similar Problem since we've upgraded from Ubuntu 15.04 to
>>> 15.10.  When starting gpg-agent with --log-file the log show the
>>> following:
>>> 
>>> 2015-05-30 13:49:36 gpg-agent[3600] error accessing card:
>>> Conflicting use
>>> 2015-05-30 13:49:36 gpg-agent[3600] smartcard signing failed: 
>>> Conflicting use 
>>> 2015-05-30 13:49:38 gpg-agent[3600] error getting
>>> default authentication keyID of card: Conflicting use
>>> 
>>> I've asked the list serval times about this issue but got now answer
>>> yet. So i dont have a solution but it may be interesting if your
>>> problem is the same...
>>> 
>>> Regards
>>> The2nd 
>>> 
>>> -------- Ursprüngliche Nachricht --------
>>> Von: Ben Warren
>>> Datum:11.20.2015 16:26 (GMT+01:00)
>>> An: gnupg-users at gnupg.org
>>> Betreff: scdaemon lockup with Yubikey NEO
>>> 
>>> Hi,
>>> 
>>> I’ve noticed several other problem reports that seem similar,
>>> hopefully they’re all related and there’s a simple fix.
>>> 
>>> The problem:
>>> 
>>> After an indeterminate amount of time (sometimes minutes, sometimes
>>> hours), any GPG operation that uses my Yubikey NEO device hangs. 
>>> The two most common operations are SSH authentication and git
>>> signing.  The following sequence gets things going again:
>>> 
>>> $ killall -SIGKILL scdaemon
>>> 
>>> $ gpg2 —card-status
>>> 
>>> System particulars:
>>> 
>>> * Host OS is OS-X Yosemite, although it is also present on
>>> Mavericks (haven’t tried El Capitan yet)
>>> 
>>> * GPG 2.1.5
>>> 
>>> * Using the Yubikey’s authentication subkey to login to remote
>>> Linux hosts
>>> 
>>> * Using the Yubikey’s signing subkey for git signing operations,
>>> both local and remote
>>> 
>>> * Using gpg-agent for forwarding both GPG and SSH (great features,
>>> BTW!)
>>> 
>>> GPG configuration file:
>>> 
>>> $ cat ~/.gnupg/gpg-agent.conf
>>> 
>>> default-cache-ttl 1
>>> 
>>> ignore-cache-for-signing
>>> 
>>> no-allow-external-cache
>>> 
>>> max-cache-ttl 1
>>> 
>>> extra-socket ${HOME}/.gnupg/S.gpg-extra-agent
>>> 
>>> debug-all
>>> 
>>> log-file ${HOME}/.gnupg/mygpglogfile.log
>>> 
>>> enable-ssh-support
>>> 
>>> I’ll be happy to help debug this, but need some guidance.
>>> 
>>> thanks,
>>> 
>>> Ben
>>> _______________________________________________
>>> Gnupg-users mailing list
>>> Gnupg-users at gnupg.org
>>> http://lists.gnupg.org/mailman/listinfo/gnupg-users [1]
>> 
>> --
>> 
>> Lance R. Vick
>> __________________________________________________
>> Cell      -  407.283.7596
>> Gtalk     -  lance at lrvick.net
>> Website   -  http://lrvick.net [2]
>> PGP Key   -  http://lrvick.net/0x36C8AAA9.asc [3]
>> keyserver -  subkeys.pgp.net [4]
>> __________________________________________________
>> 
>> Links:
>> ------
>> [1] http://lists.gnupg.org/mailman/listinfo/gnupg-users
>> [2] http://lrvick.net
>> [3] http://lrvick.net/0x36C8AAA9.asc
>> [4] http://subkeys.pgp.net
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



More information about the Gnupg-users mailing list