On Tue, 2 Jun 2020 at 21:26, Martin Sebor <mse...@gmail.com> wrote: > > On 6/1/20 1:12 PM, Jonathan Wakely via Overseers wrote: > > On Mon, 1 Jun 2020 at 19:11, Frank Ch. Eigler via Gcc <gcc@gcc.gnu.org> > > wrote: > >> > >> Hi - > >> > >>> git pull from the GCC and Glibc repos is failing for me with the error > >>> below. It worked fine last week and I haven't made any changes to my > >>> ssh keys. > >> > >> And are you logging in from the same workstation with access to the same > >> set of ssh private keys? > >> > >>> Is this a transient glitch or has something changed recently that I > >>> need to make some adjustments for? > >> > >> I know of nothing relevant that has changed on the sourceware side. > >> > >>> sign_and_send_pubkey: signing failed: agent refused operation > >>> mse...@gcc.gnu.org: Permission denied (publickey). > >>> fatal: Could not read from remote repository. > >> > >> The usual advice is to run % ssh -vv gcc.gnu.org alive > >> and report the ssh level error. > >> > >> "agent refused operation" sounds like a problem on the client end. > > > > Yes, it is. "agent" refers to the ssh-agent program. > > > > Martin, what does 'ssh-add -l' show? > > > > Is there only one ssh-agent process shown by 'ps -ef | fgrep > > [s]sh-agent'? Does its PID match $SSH_AGENT_PID? > > > > Another possible cause is that the file permissions are not strict > > enough on the private key, or on the ~/.ssh directory that contains > > it. Key files should be 600 and ~/.ssh should be 700. > > We solved the problem over IRC last night so just to close the loop > on it here: it turned out to be caused by Gnome keyring setting > SSH_AUTH_SOCK=/run/user/1000/keyring/ssh. With the environment > variable undefined I get prompted for the password as expected.
But that just means you're not using an agent, right? Do you really want to enter a passphrase every time you connect to gcc.gnu.org? Solving it by the GNOME keyring would match Jim's suggestion that the GNOME keyring won't use your key. You could generate a new 4K key that GNOME keyring will accept, upload the public key to gcc.gnu.org, and use that instead. Then you could use the keyring as your agent.
