ssh-agent: segfaults with gnome-keyring on removing a ssh key. #1632
Comments
|
What type of key do you have, is it RSA and what is the bitness? Are you sure it's Gnome Keyring that KeePassXC is talking to because Could you paste the value of SSH_AUTH_SOCK environment variable from a terminal window you would launch KeePassXC from for testing purposes? You can check all SSH related environment variables with |
|
To be honest no I am not entirely clear with the ssh-agent thing, as I have just started trying to set it up. I have been using a dozen keys with a config file up to now and wanted to convert them all to using keepassxc. Key is 4096 SHA256:(RSA) converted using your command here;
It confused me that the keepassxc support is called ssh-agent support and not ssh-agent 'client' support as it appears to acting as a client rather than actually supplying ssh-agent functionaility? or have I misunderstood?
This is a standard gnome install on arch linux. I have tried disabling gnome-keyring ssh support on my arch laptop and got myself into a mess, so this is a clean install of gnome on my desktop machine. I very much appreciate your work and I know writing docs is tedious, but a minimum requirements for this functionaility would be cool 🥇 Edit: So some more reading on the arch wiki and it appears yes I am running the ssh daemon part of gnome-keyring, as executing the following gives me back a working ssh-agent;
Edit2: Restarting the gnome keyring daemon give me a working ssh-agent again and I can list keys, but when removing an exisiting key it segfaults again. Edit3: When selecting 'remove key' when there are no keys in the agent does not cause a segfault. |
|
Thanks, that looks like GNOME Keyring indeed. I will try to reproduce the issue to see if there's something odd happening with it. There were crashing issues with You are correct that the agent feature is a client feature and not a server feature. It could be thought as "SSH Agent integration" rather than an agent itself. |
|
@mannp Is it possible for you to test building from release/2.3.1 branch? There are RSA related fixed that might help. |
|
@hifi just building the release/2.3.1 branch now, will report back shortly. Edit: Ok it build and made but not sure how to create a standalone binary without make install on my production system, so likely to screw it up from here... Is the RSA related fix you mention not in the master branch yet as I am using the git build on arch from the master branch. |
|
Just type I tested this against GNOME Keyring 3.27.4 on Ubuntu 18.04 and it didn't crash even with KeePassXC 2.3.0. |
|
Mmh ok 2.3.1 branch executes with no errors but the gui doesn't show. Will need to look further, not sure whats happening. Which version did you test, 2.3.0 and latest master git, as that is what I am using. Perhaps an arch linux thing then as its a default install, using GNOME Keyring 3.27.4 |
|
Master branch equals the 2.3.0 release, you'd need to do something along these lines to get the 2.3.1 WIP branch: I will try to install Antegros later this week/weekend to replicate the crash if no one figures what's going on by then. |
|
Thats what I have done and it built fine but the gui doesn't start and no errors appear. I will delete and re-pull later this evening to see if the 2.3.1 branch sorts it out. Edit: Deleted and rebuilt and still no gui. Edit: Restored laptop gnome ssh agent and get the same segfault. |
|
Got some time and installed Antegros with Cinnamon and could not reproduce. I took these steps:
The key was successfully added and removed from GNOME Keyring and no segfault was happening. Checked the socket was set to /run/user/1000/keyring/ssh so it was definitely using the keyring agent. The version I have is 3.27.4+8+gff229abc-1 that was available from the repositories. If you can reproduce this reliably, could you generate a key and configure a database in a way it definitely crashes your GNOME Keyring and share that database? I'm likely doing something wrong as I can't trigger it. |
|
With the release of 2.3.1 I tried it again this morning and keepassxc reports the following error when trying to remove the key.
At this point the segfault occurs. Any add or removal within kpxc results in;
Also, I converted the key and didn't create a new one and have 12 or so keys that likely need converting too. Perhaps the conversion is causing the issue. |
|
FYI if you don't need GNOME Keyring for anything else you can always use ssh-agent directly to sort out this issue for yourself. Also you don't need to convert any keys to use this feature unless they are too old that are completely unsupported. I still don't know how to reproduce this myself so if you could create a test case database that definitely triggers the issue for you that you can share it would help with testing as then I could be sure that there's nothing wrong (or right) with my keys or testing methods. |
|
@mannp @ToKaTpoHb I got this reproduced now with an empty comment. Does this occur if you set an username for the entry so that the comment is not empty when you do That issue has been fixed in #1681 and it was only thought of affecting gpg-agent at the time. Can you guys please confirm if having a non-empty comment fixes GNOME Keyring crashes? Thanks! |
|
@hifi looks like keepassxc (snap) cant get comment from key. I've created key with |
|
@ToKaTpoHb The comment is only stored in the .pub file for RSA keys in the old (and default) format. If you want an embedded comment use As I said before you can set the username for the entry to override an empty comment in 2.3.1 where the fix for empty comments is not yet landed. |
|
@hifi Confirmed. Do you need more information? |
|
@ToKaTpoHb Is that still the snap install? Does the snap have a separate issue of not being able to connect regardless? Does having a comment fix GNOME Keyring from crashing with the PPA version? |
|
@hifi Yes, it is snap install. I have not found any related issues, even with "connect" as keyword. You can checkout it here PPA version (KeePassXC - Version 2.3.1, Revision: 2fcaeea) not crashing right now, but... Just a note: i dont have a segfault in snap, just error message. I can list keys after that. Maybe i can debug that somehow? |
|
@hifi is this still an issue? |
|
As far as I know, one issue was fixed and after GNOME Keyring replaced its internal agent with OpenSSH remaining issues should be OpenSSH related. |
|
Ok I'm labeling this upstream then. |
Expected Behavior
To be able to remove and add ssh keys at will.
Current Behavior
ssh-agent[11068]: segfaults.
Steps to Reproduce (for bugs)
2.When I select 'remove from agent' I get the following dmesg log;
Debug Info
KeePassXC - Version 2.3.0-snapshot
Build Type: Snapshot
Revision: a06e85f
Libraries:
Operating system: Arch Linux
CPU architecture: x86_64
Kernel: linux 4.15.6-1-ARCH
Enabled extensions:
The text was updated successfully, but these errors were encountered: