scdaemon lockup with Yubikey NEO

NIIBE Yutaka gniibe at
Wed Dec 2 14:26:29 CET 2015

On 2015-12-02 at 12:36 +0100, the2nd at wrote:
> here is the output for a failed session and a working one (with
> openssh 
> 6.7p1).
> Both times i started two ssh sessions, keeping the first one open.

Thank you very much.

> Failed
> gpg-agent.log -

There are three connections from SSH:

  (1) handler 0x557c807ec310 for fd 8
  (2) handler 0x557c807eebb0 for fd 10
  (3) handler 0x557c807eeb80 for fd 10 (fd 10 re-used)

              token removed
   (1) ------------------>
                  ******---- conflicting use

> scd.log -

There are two connections from gpg-agent:

  (a) chan_7 from (1)
  (b) chan_9 from (3)

              token removed
     (a) ------------------>
                   ******---- conflicting use

The connection from SSH remains in gpg-agent by some reason.  This is
the reason why the connection from gpg-agent remains in Scdaemon,
which results conflicting use.

Anyway, when Scdaemon detects card/token removal, it could finish
existing connection(s).  I'll consider fixing this.

I don't know the exact reason why connection from SSH remains, though.

> I am unsure if it is yubikey specific but as it is working with older
> openssh versions i guess its some bug thats related to any openssh 
> changes.

>From the logs, I don't think it's yubikey specific.

> If you say that this is not a gnupg issue i'll ask the yubico folks.
> But it would be really great to get any hint what could be the
> problem 
> from someone who is familiar with the technical details. :)

This is GnuPG issue, specifically, Scdaemon issue.

More information about the Gnupg-users mailing list