[Bug 899647] New: xdm starts both ssh-agent and gpg-agent, disabling smartcard-based ssh logins
http://bugzilla.opensuse.org/show_bug.cgi?id=899647 Bug ID: 899647 Summary: xdm starts both ssh-agent and gpg-agent, disabling smartcard-based ssh logins Classification: openSUSE Product: openSUSE 13.1 Version: Final Hardware: 64bit OS: openSUSE 13.1 Status: NEW Severity: Normal Priority: P5 - None Component: X.Org Assignee: bnc-team-xorg-bugs@forge.provo.novell.com Reporter: myemailu@gmail.com QA Contact: xorg-maintainer-bugs@forge.provo.novell.com Found By: --- Blocker: --- Smartcard-based (OpenPGP-card) based ssh-logins require a running gpg-agent. When both usessh=yes and usegpg=yes are set in /etc/X11/xdm/sys.xsession both agents (ssh-agent and gpg-agent) are started and compete with each other, thereby disabling the smartcard-based login. Suggested fix: when usegpg is set to "yes", the logic shouls be: - try to start gpg-agent - if gpg-agent is running, ignore usessh, finish - if usessh is set then try to start ssh-agent - finish -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=899647
Stefan Dirsch
http://bugzilla.opensuse.org/show_bug.cgi?id=899647
Markus Sauler
http://bugzilla.opensuse.org/show_bug.cgi?id=899647
--- Comment #6 from Markus Sauler
Created attachment 609016 [details] /etc/X11/xdm/sys.xsession
The new one ... it also introduce a better name space for the agent info file as testing on several systems with some virtual systems included the agent info file should be named in a unique way.
Yes, this fixes the bug. I'm not sure whether your comment about gpg-agent in the script is still valid. My setup: I have two account on a remote system, user1@remote and user2@remote user1 is configured to log-on via a openpgp smartcard, user2 is configured to accept "normal" public-key-ssh login. with only gpg-agent running, I can a) log in as user 1: ssh user1@login, the system will ask me for my openpgp-card-pin b) log in as user 2: ssh user2@remote, the system will ask for the password of my ssh key c) copy files via scp to user1 or user2 without ever having to issue gpg-connect-agent /bye -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=899647
--- Comment #7 from Markus Sauler
participants (1)
-
bugzilla_noreply@novell.com