On 6/2/20 2:43 PM, Jonathan Wakely wrote:
On Tue, 2 Jun 2020 at 21:26, Martin Sebor <mse...@gmail.com> wrote:
On 6/1/20 1:12 PM, Jonathan Wakely via Overseers wrote:
On Mon, 1 Jun 2020 at 19:11, Frank Ch. Eigler via Gcc <gcc@gcc.gnu.org> wrote:
Hi -
git pull from the GCC and Glibc repos is failing for me with the error
below. It worked fine last week and I haven't made any changes to my
ssh keys.
And are you logging in from the same workstation with access to the same
set of ssh private keys?
Is this a transient glitch or has something changed recently that I
need to make some adjustments for?
I know of nothing relevant that has changed on the sourceware side.
sign_and_send_pubkey: signing failed: agent refused operation
mse...@gcc.gnu.org: Permission denied (publickey).
fatal: Could not read from remote repository.
The usual advice is to run % ssh -vv gcc.gnu.org alive
and report the ssh level error.
"agent refused operation" sounds like a problem on the client end.
Yes, it is. "agent" refers to the ssh-agent program.
Martin, what does 'ssh-add -l' show?
Is there only one ssh-agent process shown by 'ps -ef | fgrep
[s]sh-agent'? Does its PID match $SSH_AGENT_PID?
Another possible cause is that the file permissions are not strict
enough on the private key, or on the ~/.ssh directory that contains
it. Key files should be 600 and ~/.ssh should be 700.
We solved the problem over IRC last night so just to close the loop
on it here: it turned out to be caused by Gnome keyring setting
SSH_AUTH_SOCK=/run/user/1000/keyring/ssh. With the environment
variable undefined I get prompted for the password as expected.
But that just means you're not using an agent, right?
It just means I know what's causing the problem. Until just
now I haven't thought about how to deal with it in a smarter
way than by remembering to run ssh-add either first, or when
I see the error.
Do you really want to enter a passphrase every time you connect to gcc.gnu.org?
Ideally, I'd prefer never to have to enter it but until that
happy day comes I'll settle for just typing it in once a day.
Solving it by the GNOME keyring would match Jim's suggestion that the
GNOME keyring won't use your key.
You could generate a new 4K key that GNOME keyring will accept, upload
the public key to gcc.gnu.org, and use that instead. Then you could
use the keyring as your agent.
I just saw Jim's email. I'll see if going to 4k keys works.
Thanks
Martin
