“Failed to read private key” error with libssh 0.11.1

  • Done
  • quality assurance status badge
Details
One participant
  • Ludovic Courtès
Owner
unassigned
Submitted by
Ludovic Courtès
Severity
important

Debbugs page

L
L
Ludovic Courtès wrote 5 days ago
“Failed to read private key ” error with libssh 0.11.1
(address . bug-guix@gnu.org)
87bjwkonif.fsf@inria.fr
Starting from libssh 0.11.1 (upgraded in
6a045df575667460e90a9fc84d7d91d28950f252), I can no longer log in via
Guile-SSH:

Toggle snippet (33 lines)
$ guix repl
GNU Guile 3.0.9
Copyright (C) 1995-2023 Free Software Foundation, Inc.

Guile comes with ABSOLUTELY NO WARRANTY; for details type `,show w'.
This program is free software, and you are welcome to redistribute it
under certain conditions; type `,show c' for details.

Enter `,help' for help.
scheme@(guix-user)> ,use(guix ssh)
scheme@(guix-user)> (open-ssh-session "localhost")
ice-9/boot-9.scm:1685:16: In procedure raise-exception:
ERROR:
1. &message: "SSH authentication failed for 'ludo@localhost': Failed to read private key: /home/ludo/.ssh/id_rsa\n"

Entering a new prompt. Type `,bt' for a backtrace or `,q' to continue.
scheme@(guix-user) [1]> ,q
scheme@(guix-user)> ,q
$ guix describe
Generation 331 Jan 05 2025 22:28:17 (current)
shepherd 6d52686
repository URL: https://git.savannah.gnu.org/git/shepherd.git
branch: main
commit: 6d526862375a426c13a52c7343c0ee9215367a00
guile f6359a4
repository URL: https://git.savannah.gnu.org/git/guile.git
branch: main
commit: f6359a4715d023761454f1bf945633ce4cca98fc
guix 613c8b8
repository URL: https://git.savannah.gnu.org/git/guix.git
commit: 613c8b81702f08ee36f20d15ee8f8c42a37acfef

It would seem that somehow libssh dismisses whatever gpg-agent tells it
and then goes on to read key files directly.

Ludo’.
L
L
Ludovic Courtès wrote 4 days ago
control message for bug #75392
(address . control@debbugs.gnu.org)
87v7us9qsw.fsf@gnu.org
severity 75392 important
quit
L
L
Ludovic Courtès wrote 3 days ago
Re: bug#75392: “Failed to read private key” error with libssh 0.11.1
(address . 75392@debbugs.gnu.org)
87jzb73scn.fsf@gnu.org
Hello,

Toggle quote (3 lines)
> It would seem that somehow libssh dismisses whatever gpg-agent tells it
> and then goes on to read key files directly.

Turns out the problem was sorta between keyboard and chair, but not
just!

Namely:

1. libssh 0.11.x no longer recognizes DSA keys (which is reasonable),
and it would choke when encountering one: “Unknown key type
found!”, from ‘ssh_pki_import_pubkey_blob’.

2. I had stale DSA keys under ~/.ssh, so I removed them.

3. Problem: silly gpg-agent (which I use with ‘--enable-ssh-support’)
would keep serving those DSA keys that I had removed! Turns out it
caches private keys under ~/.gnupg/private-keys-v1.d so I also had
to remove them as well.

After that, everything went well. Pfew.

Ludo’.
L
L
Ludovic Courtès wrote 3 days ago
control message for bug #75392
(address . control@debbugs.gnu.org)
87ikqr3sbp.fsf@gnu.org
close 75392
quit
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 75392@patchwise.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 75392
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch