Opened 12 years ago

Closed 7 years ago

Last modified 22 months ago

#19481 closed defect (wontfix)

openssh: integration with OS X keychain broken

Reported by: lhunath@… Owned by: jyrkiwahlstedt
Priority: Normal Milestone:
Component: ports Version: 1.7.1
Keywords: Cc: Markus.Ueberall@…, theboergers@…, rmsfisher@…, s@…, nonstop.server@…, khepler, maehne (Torsten Maehne)
Port: openssh

Description (last modified by raimue (Rainer Müller))

It appears that one of the more recent updates of openssh has broken its integration with the OS X keychain. My SSH keys that are in the OS X keychain are no longer added to the ssh-agent.

Running eval "$(/usr/bin/ssh-agent)" and then ssh-add -l *does* show my keys as added to the agent, so the OS X provided openssh has no issues talking to my keychain.

That makes macports' openssh rather useless for me.

This issue is reminiscent of another open ticket on sysutils/screen which also causes problems with interaction between CLI applications and the OS X keychain (and other OS X utilities such as pbcopy/pbpaste): #18235

Change History (13)

comment:1 Changed 12 years ago by raimue (Rainer Müller)

Description: modified (diff)
Keywords: openssh removed
Owner: changed from macports-tickets@… to jwa@…
Port: openssh added
Summary: openssl: integration with OS X keychain brokenopenssh: integration with OS X keychain broken

I assume you mean openssh instead of openssl?

comment:2 Changed 12 years ago by Markus.Ueberall@…

Cc: Markus.Ueberall@… added

Cc Me!

comment:3 Changed 11 years ago by theboergers@…

Would love to have this one fixed. Apple tends to be lax on security updates for unix-tools so I prefer to use MacPorts versions when possible.

Anyway, Apple's ssh is disabled in the system preferences. I have the MacPorts version of ssh running (openssh @5.3p1_0+darwin) and have enabled the launch daemon for it.

To better describe what's going on, here's copy from my Terminal session:

[~]$ What is your bidding my master?: which ssh
/opt/local/bin/ssh

[~]$ What is your bidding my master?: which ssh-agent
/opt/local/bin/ssh-agent

[~]$ What is your bidding my master?: which ssh-add
/opt/local/bin/ssh-add

[~]$ What is your bidding my master?: ssh-add -l
2048 40:b7:3f:1b:c9:26:18:2a:1e:2c:9a:07:da:62:b6:8e /Users/chris/.ssh/id_rsa (RSA)

[~]$ What is your bidding my master?: ssh -v localhost
OpenSSH_5.3p1, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /opt/local/etc/ssh/ssh_config
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file /Users/chris/.ssh/identity type -1
debug1: identity file /Users/chris/.ssh/id_rsa type 1
debug1: identity file /Users/chris/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /Users/chris/.ssh/known_hosts:4[[BR]] debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/chris/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /Users/chris/.ssh/identity
debug1: Trying private key: /Users/chris/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
chris@localhost's password:
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.

Is there a workaround in the meantime?

comment:4 Changed 11 years ago by theboergers@…

Cc: theboergers@… added

Cc Me!

comment:5 Changed 11 years ago by rmsfisher@…

Cc: rmsfisher@… added

Cc Me!

comment:6 Changed 11 years ago by s@…

Cc: s@… added

Cc Me!

comment:7 Changed 9 years ago by lassi.tuura@…

I've attached patches to ticket #27250 which appear to restore the keychain integration in my testing. It's based on the differences of Apple's opensource version of openssh and original openssh.

comment:8 Changed 9 years ago by maehne (Torsten Maehne)

Cc: Torsten.Maehne@… added

Cc Me!

comment:9 Changed 9 years ago by nonstop.server@…

Cc: nonstop.server@… added

Cc Me!

comment:10 Changed 7 years ago by khepler

Cc: khepler@… added

Cc Me!

comment:11 Changed 7 years ago by neverpanic (Clemens Lang)

Keywords: ssh-agent ssh removed
Resolution: wontfix
Status: newclosed

This seems to have been fixed along the way. Or not, but this ticket is reaaaaally old, and I guess if this problem still exists you should probably open a new one.

comment:12 Changed 22 months ago by maehne (Torsten Maehne)

Cc: maehne removed

comment:13 Changed 22 months ago by maehne (Torsten Maehne)

Cc: maehne added
Note: See TracTickets for help on using tickets.