Bug 1274245

Summary: gnupg 2.1.9-1 breaks SSH authentication with gpg-agent
Product: [Fedora] Fedora Reporter: Christian Heimes <cheimes>
Component: gnupg2Assignee: Tomas Mraz <tmraz>
Status: CLOSED EOL QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 22CC: bcl, jamielinux, tmraz, xena
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-07-19 19:58:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Christian Heimes 2015-10-22 11:00:07 UTC 
Description of problem:

Today I upgraded GnuPG 2 to 2.1.9-1.f22. Since the update and a reboot I can no longer use gpg-agent for SSH autentication. Neither my OpenPGP smartcard (YubiKey NEO) nor my file-based keys are working. ssh-add -L also no longer shows any keys, too. A downgrade to 2.1.2 and restart of gpg-agent solved the issue.


Version-Release number of selected component (if applicable):

broken: gnupg2-2.1.9-1.fc22.x86_64
works: gnupg2-2.1.2-2.fc22.x86_64

How reproducible:


Steps to Reproduce:
1. Follow any tutorial like https://inuits.eu/blog/ssh-authentication-your-pgp-key to create an authentication key and use it for SSH
2. run ssh-add -L

Actual results:

$ ssh-add -L
error fetching identities for protocol 1: agent refused operation
error fetching identities for protocol 2: invalid format
The agent has no identities.


Expected results:

$ ssh-add -L
error fetching identities for protocol 1: agent refused operation
ssh-rsa AAAAB3NzaC1... cardno:000603XXXXXX

Additional info:
Comment 1 Christine Dodrill 2015-11-10 19:16:27 UTC 
I just ran into this today with a slightly different output:

➜  ssh-add -l
error fetching identities for protocol 1: agent refused operation
2048 SHA256:PZw/8LniQjqouqoVwPZtlyD7MMwS2xV34MO3DC/tMPk /home/xena/.ssh/id_rsa (RSA)
2048 SHA256:rzU+vEdaHt7giRtkrziQwBwxY/Z+TX/a1ck8cJWcEfk rsa w/o comment (RSA)

I did not get the "invalid format" entry for SSH keys, but like you I don't have the PGP smartcard showing up as an SSH key.
Comment 2 Christine Dodrill 2015-11-10 19:30:31 UTC 
Downgrading gnupg to the older version (gnupg2-2.1.2-2.fc22.x86_64) fixes this.
Comment 3 Fedora End Of Life 2016-07-19 19:58:08 UTC 
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.