Skip to main content

Yet another `sign_and_send_pubkey: signing failed: agent refused operation` [Resolved]

Here’s a Yet Another Question about the clash between ssh and gnome-keyring-daemon, since after spending hours and hours on the Internet I finally gave up.

Environment

  • OS: openSUSE 15.0
  • DE: XFCE
  • gnome-keyring-daemon version: 3.20.1
  • seahorse version: 3.20.0
  • git version: 2.16.4
  • ssh version: OpenSSH_7.6p1, OpenSSL 1.1.0i-fips 14 Aug 2018

Situation

Trying to git pull a repo leads to a message

sign_and_send_pubkey: signing failed: agent refused operation

, even though for years I was getting a neat GUI prompt which remembered the typed password throughout the current session. (AFAIU, this prompt was shown by Seahorse?).

After doing a killall gnome-keyring-daemon, successive attempts to do a git pull lead to a terminal prompt

Enter passphrase for key '/home/user/.ssh/id_rsa':

which does not store the password anywhere (AFAIU, this means that ssh-agent is not working?).

The same effect can be achieved by adding SSH_AUTH_SOCK=0 in front of git pull.

What I want

  • Doing a git pull caches my SSH password over the course of my current login session (like it was before). Neat GUI prompt is optional.
  • Ed25519 keys are supported. (Apparently GNOME Keyring has (had?) some problems with them).

What I tried

  • Disabling “SSH Key Agent” in XFCE settings ? Startup Applications
  • Copying /etc/xdg/autostart/gnome-keyring-ssh.desktop to ~/.config/autostart and then appending the line Hidden=true to the copied file

Neither of the above prevented gnome-keyring-daemon from starting up on boot, since I still can see it in ps.

  • Creating ~/.pam_environment then adding GSM_SKIP_SSH_AGENT_WORKAROUND DEFAULT=1 there
  • Reverting back to RSA
  • Playing with ssh-add
  • Installing git-credential-libsecret then doing git config --global credential.helper /usr/lib/git/git-credential-libsecret
  • Toying with the thought of obliterating the gnome-keyring package altogether, which was abandoned because apparently several important packages depend on it

Question Credit: ScumCoder
Question Reference
Asked March 23, 2019
Posted Under: Unix Linux
3 views
1 Answers

I think I finally found a nearly perfect solution: FunToo Keychain. It's a deliciously simple console application which you just add to your ~/.bashrc, and then every time you open a terminal it automatically unlocks your SSH keys.

Basically the only difference between it and the gnome-keyring+Seahorse combo I was using is that it asks for your password as soon as you open a terminal for the first time during a session (as opposed to the first time you try to use your SSH key), which can be annoying if you rarely use SSH. It's not my case though, so I'm content.


credit: ScumCoder
Answered March 23, 2019
Your Answer