scdaemon lockup with Yubikey NEO
the2nd at otpme.org
the2nd at otpme.org
Mon Nov 23 16:53:48 CET 2015
Hi,
i've done some more testing and found out that the problem starts to
exist with openssh version 6.8p1. With 6.7p1 everything works perfect. I
downloaded the openssh tarballs one by one, compiled with
./configure;make and just copied the "ssh" binary.
I was able to reproduce the problem with the following steps:
1. Start gpg-agent: eval $(gpg-agent --daemon --enable-ssh-support
--log-file ~/.gnupg/gpg-agent.log)
2. Login to any host with your SSH key and keep the session open: ssh -l
root localhost
3. Plug your yubikey out/in
4. Try to login with your SSH key to any other host
With openssh 6.8p1 this fails reproducable. With version 6.7p1 or
earlier it works.
As a workaround i replaced my ssh client binary with the old version.
It would be great to get a real fix for this. But i am unsure where the
realm problem lies, gpg or openssh.
Maybe we should ask this on the openssh list?
regards
the2nd
On 2015-11-22 03:06, Lance R. Vick wrote:
> This happens to me constantly as well. I my case I frequently need to
> kill and restart gpg-agent to get things working again on both Arch
> Linux and Gentoo.
>
> On Sat, Nov 21, 2015 at 4:41 AM, the2nd <the2nd at otpme.org> wrote:
>
>> Hi Ben,
>>
>> We have a similar Problem since we've upgraded from Ubuntu 15.04 to
>> 15.10. When starting gpg-agent with --log-file the log show the
>> following:
>>
>> 2015-05-30 13:49:36 gpg-agent[3600] error accessing card:
>> Conflicting use
>> 2015-05-30 13:49:36 gpg-agent[3600] smartcard signing failed:
>> Conflicting use
>> 2015-05-30 13:49:38 gpg-agent[3600] error getting
>> default authentication keyID of card: Conflicting use
>>
>> I've asked the list serval times about this issue but got now answer
>> yet. So i dont have a solution but it may be interesting if your
>> problem is the same...
>>
>> Regards
>> The2nd
>>
>> -------- Ursprüngliche Nachricht --------
>> Von: Ben Warren
>> Datum:11.20.2015 16:26 (GMT+01:00)
>> An: gnupg-users at gnupg.org
>> Betreff: scdaemon lockup with Yubikey NEO
>>
>> Hi,
>>
>> I’ve noticed several other problem reports that seem similar,
>> hopefully they’re all related and there’s a simple fix.
>>
>> The problem:
>>
>> After an indeterminate amount of time (sometimes minutes, sometimes
>> hours), any GPG operation that uses my Yubikey NEO device hangs.
>> The two most common operations are SSH authentication and git
>> signing. The following sequence gets things going again:
>>
>> $ killall -SIGKILL scdaemon
>>
>> $ gpg2 —card-status
>>
>> System particulars:
>>
>> * Host OS is OS-X Yosemite, although it is also present on
>> Mavericks (haven’t tried El Capitan yet)
>>
>> * GPG 2.1.5
>>
>> * Using the Yubikey’s authentication subkey to login to remote
>> Linux hosts
>>
>> * Using the Yubikey’s signing subkey for git signing operations,
>> both local and remote
>>
>> * Using gpg-agent for forwarding both GPG and SSH (great features,
>> BTW!)
>>
>> GPG configuration file:
>>
>> $ cat ~/.gnupg/gpg-agent.conf
>>
>> default-cache-ttl 1
>>
>> ignore-cache-for-signing
>>
>> no-allow-external-cache
>>
>> max-cache-ttl 1
>>
>> extra-socket ${HOME}/.gnupg/S.gpg-extra-agent
>>
>> debug-all
>>
>> log-file ${HOME}/.gnupg/mygpglogfile.log
>>
>> enable-ssh-support
>>
>> I’ll be happy to help debug this, but need some guidance.
>>
>> thanks,
>>
>> Ben
>> _______________________________________________
>> Gnupg-users mailing list
>> Gnupg-users at gnupg.org
>> http://lists.gnupg.org/mailman/listinfo/gnupg-users [1]
>
> --
>
> Lance R. Vick
> __________________________________________________
> Cell - 407.283.7596
> Gtalk - lance at lrvick.net
> Website - http://lrvick.net [2]
> PGP Key - http://lrvick.net/0x36C8AAA9.asc [3]
> keyserver - subkeys.pgp.net [4]
> __________________________________________________
>
> Links:
> ------
> [1] http://lists.gnupg.org/mailman/listinfo/gnupg-users
> [2] http://lrvick.net
> [3] http://lrvick.net/0x36C8AAA9.asc
> [4] http://subkeys.pgp.net
More information about the Gnupg-users
mailing list