scdaemon lockup with Yubikey NEO

the2nd at otpme.org the2nd at otpme.org
Wed Dec 2 15:35:32 CET 2015 


On 2015-12-02 14:26, NIIBE Yutaka wrote:
> On 2015-12-02 at 12:36 +0100, the2nd at otpme.org wrote:
>> here is the output for a failed session and a working one (with
>> openssh
>> 6.7p1).
>> Both times i started two ssh sessions, keeping the first one open.
> 
> Thank you very much.

No problem. I'm glad to help out and probably get a fix for this 
annoying issue. :)

> 
> 
>> Failed
>> gpg-agent.log - http://paste.ubuntu.com/13620856/
> 
> There are three connections from SSH:
> 
>   (1) handler 0x557c807ec310 for fd 8
>   (2) handler 0x557c807eebb0 for fd 10
>   (3) handler 0x557c807eeb80 for fd 10 (fd 10 re-used)
> 
>               token removed
> 	      |
>               v
>    (1) ------------------>
>         (2)-->
> 	       (3)------>
>                   ******---- conflicting use
> 
>> scd.log - http://paste.ubuntu.com/13620863/
> 
> There are two connections from gpg-agent:
> 
>   (a) chan_7 from (1)
>   (b) chan_9 from (3)
> 
>               token removed
> 	      |
>               v
>      (a) ------------------>
> 	        (b)------>
>                    ******---- conflicting use
> 
> 
> The connection from SSH remains in gpg-agent by some reason.  This is
> the reason why the connection from gpg-agent remains in Scdaemon,
> which results conflicting use.
> 
> Anyway, when Scdaemon detects card/token removal, it could finish
> existing connection(s).  I'll consider fixing this.

Sounds good. Should i open a bug report for this?

> 
> I don't know the exact reason why connection from SSH remains, though.
> 
>> I am unsure if it is yubikey specific but as it is working with older
>> openssh versions i guess its some bug thats related to any openssh
>> changes.
> 
> From the logs, I don't think it's yubikey specific.
> 
>> If you say that this is not a gnupg issue i'll ask the yubico folks.
>> But it would be really great to get any hint what could be the
>> problem
>> from someone who is familiar with the technical details. :)
> 
> This is GnuPG issue, specifically, Scdaemon issue.


Is there any workaround we can apply to fix this issue? Currently i am 
using a self compiled ssh client binary of openssh 6.7p1 as workaround.

Thanks a lot for your help.

Regards
the2nd

More information about the Gnupg-users mailing list