scdaemon lockup with Yubikey NEO
NIIBE Yutaka
gniibe at fsij.org
Wed Dec 2 14:26:29 CET 2015
On 2015-12-02 at 12:36 +0100, the2nd at otpme.org wrote:
> here is the output for a failed session and a working one (with
> openssh
> 6.7p1).
> Both times i started two ssh sessions, keeping the first one open.
Thank you very much.
> Failed
> gpg-agent.log - http://paste.ubuntu.com/13620856/
There are three connections from SSH:
(1) handler 0x557c807ec310 for fd 8
(2) handler 0x557c807eebb0 for fd 10
(3) handler 0x557c807eeb80 for fd 10 (fd 10 re-used)
token removed
|
v
(1) ------------------>
(2)-->
(3)------>
******---- conflicting use
> scd.log - http://paste.ubuntu.com/13620863/
There are two connections from gpg-agent:
(a) chan_7 from (1)
(b) chan_9 from (3)
token removed
|
v
(a) ------------------>
(b)------>
******---- conflicting use
The connection from SSH remains in gpg-agent by some reason. This is
the reason why the connection from gpg-agent remains in Scdaemon,
which results conflicting use.
Anyway, when Scdaemon detects card/token removal, it could finish
existing connection(s). I'll consider fixing this.
I don't know the exact reason why connection from SSH remains, though.
> I am unsure if it is yubikey specific but as it is working with older
> openssh versions i guess its some bug thats related to any openssh
> changes.
>From the logs, I don't think it's yubikey specific.
> If you say that this is not a gnupg issue i'll ask the yubico folks.
> But it would be really great to get any hint what could be the
> problem
> from someone who is familiar with the technical details. :)
This is GnuPG issue, specifically, Scdaemon issue.
--
More information about the Gnupg-users
mailing list