GNU bug report logs - #75392
“Failed to read private key” error with libssh 0.11.1

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 75392 in the body.
You can then email your comments to 75392 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: bug-guix <at> gnu.org
Subject: “Failed to read private key” error with libssh 0.11.1
Date: Mon, 06 Jan 2025 00:21:28 +0100

Starting from libssh 0.11.1 (upgraded in
6a045df575667460e90a9fc84d7d91d28950f252), I can no longer log in via
Guile-SSH:

--8<---------------cut here---------------start------------->8---
$ guix repl
GNU Guile 3.0.9
Copyright (C) 1995-2023 Free Software Foundation, Inc.

Guile comes with ABSOLUTELY NO WARRANTY; for details type `,show w'.
This program is free software, and you are welcome to redistribute it
under certain conditions; type `,show c' for details.

Enter `,help' for help.
scheme@(guix-user)> ,use(guix ssh)
scheme@(guix-user)> (open-ssh-session "localhost")
ice-9/boot-9.scm:1685:16: In procedure raise-exception:
ERROR:
  1. &message: "SSH authentication failed for 'ludo <at> localhost': Failed to read private key: /home/ludo/.ssh/id_rsa\n"

Entering a new prompt.  Type `,bt' for a backtrace or `,q' to continue.
scheme@(guix-user) [1]> ,q
scheme@(guix-user)> ,q
$ guix describe
Generation 331  Jan 05 2025 22:28:17    (current)
  shepherd 6d52686
    repository URL: https://git.savannah.gnu.org/git/shepherd.git
    branch: main
    commit: 6d526862375a426c13a52c7343c0ee9215367a00
  guile f6359a4
    repository URL: https://git.savannah.gnu.org/git/guile.git
    branch: main
    commit: f6359a4715d023761454f1bf945633ce4cca98fc
  guix 613c8b8
    repository URL: https://git.savannah.gnu.org/git/guix.git
    commit: 613c8b81702f08ee36f20d15ee8f8c42a37acfef
--8<---------------cut here---------------end--------------->8---

It would seem that somehow libssh dismisses whatever gpg-agent tells it
and then goes on to read key files directly.

Ludo’.

Message #10 received at 75392 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: 75392 <at> debbugs.gnu.org
Subject: Re: bug#75392: “Failed to read private
 key” error with libssh 0.11.1
Date: Tue, 07 Jan 2025 10:07:04 +0100

Hello,

> It would seem that somehow libssh dismisses whatever gpg-agent tells it
> and then goes on to read key files directly.

Turns out the problem was sorta between keyboard and chair, but not
just!

Namely:

  1. libssh 0.11.x no longer recognizes DSA keys (which is reasonable),
     and it would choke when encountering one: “Unknown key type
     found!”, from ‘ssh_pki_import_pubkey_blob’.

  2. I had stale DSA keys under ~/.ssh, so I removed them.

  3. Problem: silly gpg-agent (which I use with ‘--enable-ssh-support’)
     would keep serving those DSA keys that I had removed!  Turns out it
     caches private keys under ~/.gnupg/private-keys-v1.d so I also had
     to remove them as well.

After that, everything went well.  Pfew.

Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.