Package: gnupg-agent Version: 2.1.18-8~deb9u2 Followup-For: Bug #846175 Dear Maintainer,
after the upgrade to Stretch we're hitting this bug, too. We have an SSH key that's shared between a group of users and used by automated processes, too (so it cannot be password-protected). The OpenSSH client refuses to use a private key that's group-readable (bmo#2713 [1]) so as a work-around we've been feeding ssh-add the key from stdin and using it via the agent rather than directly from the file. Adding the key to the agent still works, but the key cannot actually be used by SSH since the upgrade to Stretch: === Begin shell session === sascha@twin:~/www$ ./rsync-to-outpost+tuple.sh sign_and_send_pubkey: signing failed: agent refused operation Permission denied (publickey). rsync: connection unexpectedly closed (0 bytes received so far) [sender] rsync error: unexplained error (code 255) at io.c(235) [sender=3.1.2] sign_and_send_pubkey: signing failed: agent refused operation Permission denied (publickey). rsync: connection unexpectedly closed (0 bytes received so far) [sender] rsync error: error in rsync protocol data stream (code 12) at io.c(235) [sender=3.1.2] === End shell session === === Begin syslog === Jul 7 10:48:55 twin gpg-agent[9439]: Failed to lookup password for key s/D8B841113308EB78E0E12F4C41A144783CCEC9D0 with secret service: Cannot autolaunch D-Bus without X11 $DISPLAY Jul 7 10:48:55 twin pinentry[1189]: it took 8 tries to grab the keyboard Jul 7 10:49:01 twin gpg-agent[9439]: failed to unprotect the secret key: No passphrase given Jul 7 10:49:01 twin gpg-agent[9439]: failed to read the secret key Jul 7 10:49:01 twin gpg-agent[9439]: ssh sign request failed: No passphrase given <GPG Agent> Jul 7 10:49:01 twin gpg-agent[9439]: Failed to lookup password for key s/D8B841113308EB78E0E12F4C41A144783CCEC9D0 with secret service: Cannot autolaunch D-Bus without X11 $DISPLAY Jul 7 10:49:01 twin pinentry[1195]: it took 8 tries to grab the keyboard Jul 7 10:49:03 twin gpg-agent[9439]: failed to unprotect the secret key: No passphrase given Jul 7 10:49:03 twin gpg-agent[9439]: failed to read the secret key Jul 7 10:49:03 twin gpg-agent[9439]: ssh sign request failed: No passphrase given <GPG Agent> === End syslog === Sascha [1] https://bugzilla.mindrot.org/show_bug.cgi?id=2713 -- System Information: Debian Release: 9.4 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates'), (100, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en:en_US:C:de_DE:de (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages gnupg-agent depends on: ii libassuan0 2.4.3-2 ii libc6 2.24-11+deb9u3 ii libgcrypt20 1.7.6-2+deb9u3 ii libgpg-error0 1.26-2 ii libnpth0 1.3-1 ii libreadline7 7.0-3 ii pinentry-curses [pinentry] 1.0.0-2 ii pinentry-gtk2 [pinentry] 1.0.0-2 Versions of packages gnupg-agent recommends: ii gnupg 2.1.18-8~deb9u2 ii gpgsm 2.1.18-8~deb9u2 Versions of packages gnupg-agent suggests: pn dbus-user-session <none> ii libpam-systemd 232-25+deb9u2 pn pinentry-gnome3 <none> ii scdaemon 2.1.18-8~deb9u2 -- no debconf information
