Description of problem: When running the ssg-add command in rawhide I see the following error: Enter passphrase for /home/drepper/.ssh/id_dsa: Identity added: /home/drepper/.ssh/id_dsa (/home/drepper/.ssh/id_dsa) SSH_AGENT_FAILURE SSH_AGENT_FAILURE Could not add identity: /home/drepper/.ssh/identity The permissions on the files are fine: -rw------- 1 drepper drepper 736 2001-02-01 18:13 id_dsa -rw-rw-r-- 1 drepper drepper 610 2001-02-01 18:13 id_dsa.pub -rw------- 1 drepper drepper 535 2000-10-21 12:17 identity -rw-rw-r-- 1 drepper drepper 339 2000-10-21 12:17 identity.pub The only noteworthy thing is that the .ssh directory is on a memory card which is formatted as ext2 and encrypted through dm. This never made a difference before, though, and the id_dsa access worked. Version-Release number of selected component (if applicable): openssh-clients-4.7p1-9.fc9.x86_64 How reproducible: always Steps to Reproduce: 1.run ssh-add 2. 3. Actual results: above messages Expected results: no message except positive feedback about added identities Additional info:
Do you have SELinux on and enforcing? Could you try temporarily switching it to permissive? If that helps, do you see any AVCs? If it is not a SELinux denial, when did it start to fail? Previous rawhide openssh releases worked fine? Also you could try to run the ssh-agent in debug mode (-d) and see whether it gives some messages.
(In reply to comment #1) > Do you have SELinux on and enforcing? Could you try temporarily switching it to > permissive? If that helps, do you see any AVCs? SELinux is not a factor, I'd have seen the AVC. > If it is not a SELinux denial, when did it start to fail? Previous rawhide > openssh releases worked fine? It started when I updated the machine from F8 to rawhide during this week. > Also you could try to run the ssh-agent in debug mode (-d) and see whether it > gives some messages. -d is no debug mode it removes identities. What I did is run ssh-add under strace. The results are the same. What is strange is that no file operation fails. I.e., it is an internal error. I know with 100% certainty the ssh-add didn't fail with the F8 code. Whether or not the RSA based key worked I don't know. I don't know whether it is used. Anyway here is the relevant part of the strace output. I cut out the private key data. write(2, "Identity added: /home/drepper/.ssh/id_dsa (/home/drepper/.ssh/id_dsa)\n", 70) = 70 stat("/home/drepper/.ssh/identity", {st_mode=S_IFREG|0600, st_size=535, ...}) = 0 open("/home/drepper/.ssh/identity", O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0600, st_size=535, ...}) = 0 getuid() = 500 close(4) = 0 open("/home/drepper/.ssh/identity", O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0600, st_size=535, ...}) = 0 getuid() = 500 fstat(4, {st_mode=S_IFREG|0600, st_size=535, ...}) = 0 read(4, "SSH PRIVATE KEY FILE FORMAT 1.1\n\"..., 535) = 535 lseek(4, 0, SEEK_SET) = 0 fstat(4, {st_mode=S_IFREG|0600, st_size=535, ...}) = 0 read(4, "SSH PRIVATE KEY FILE FORMAT 1.1\n"..., 535) = 535 close(4) = 0 open("/home/drepper/.ssh/identity", O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0600, st_size=535, ...}) = 0 getuid() = 500 fstat(4, {st_mode=S_IFREG|0600, st_size=535, ...}) = 0 read(4, "SSH PRIVATE KEY FILE FORMAT 1.1\n"..., 535) = 535 lseek(4, 0, SEEK_SET) = 0 fstat(4, {st_mode=S_IFREG|0600, st_size=535, ...}) = 0 read(4, "SSH PRIVATE KEY FILE FORMAT 1.1\n"..., 535) = 535 close(4) = 0 write(3, "\0\0\1\352", 4) = 4 write(3, "\7\0\0\4"..., 490) = 490 read(3, "\0\0\0\1", 4) = 4 read(3, "\5", 1) = 1 write(2, "SSH_AGENT_FAILURE\r\n", 19) = 19 write(3, "\0\0\1\352", 4) = 4 write(3, "\7\0\0\4"..., 490) = 490 read(3, "\0\0\0\1", 4) = 4 read(3, "\5", 1) = 1 write(2, "SSH_AGENT_FAILURE\r\n", 19) = 19 write(2, "Could not add identity: /home/drepper/.ssh/identity\n", 52) = 52 close(3) = 0 File descriptor 3 is a socket.
(In reply to comment #2) > (In reply to comment #1) > > Do you have SELinux on and enforcing? Could you try temporarily switching it to > > permissive? If that helps, do you see any AVCs? > > SELinux is not a factor, I'd have seen the AVC. They might be dontaudited AVCs but from the strace it is clear that the key is readable so SELinux is really not the source of the problem. > > Also you could try to run the ssh-agent in debug mode (-d) and see whether it > > gives some messages. > > -d is no debug mode it removes identities. I mean ssh-agent -d not ssh-add -d.
Strange. When I kill the ssh-agent started for the session and then start one explicitly on a command line (with or without -d), following ssh-add calls work. And yes, I've set the environment variable correctly. What else do you want me to do?
(In reply to comment #4) > What else do you want me to do? Is the problem still reproduceable when the ssh-agent is now started from the login session? If yes perhaps stracing it could give some hints... I have seen some reports where the ssh-agent started to become unresponsive and it worked again after being restarted unfortunately I have never seen this failure myself although I use ssh-agent regularly.
Changing version to '9' as part of upcoming Fedora 9 GA. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Apparently it was some intermittent problem and without reproducer I am not able to investigate it further.