[MacPorts] #19481: openssl: integration with OS X keychain broken
#19481: openssl: integration with OS X keychain broken -----------------------------------+---------------------------------------- Reporter: lhunath@… | Owner: macports-tickets@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 1.7.1 Keywords: openssh ssh-agent ssh | Port: -----------------------------------+---------------------------------------- It appears that one of the more recent updates of openssl has broken its integration with the OS X keychain. My SSH keys that are in the OS X keychain are no longer added to the ssh-agent. Running `eval "$(/usr/bin/ssh-agent)"` and then `ssh-add -l` *does* show my keys as added to the agent, so the OS X provided openssl has no issues talking to my keychain. That makes macports' openssl rather useless for me. This issue is reminiscent of another open ticket on sysutils/screen which also causes problems with interaction between CLI applications and the OS X keychain (and other OS X utilities such as pbcopy/pbpaste): #18235 -- Ticket URL: <http://trac.macports.org/ticket/19481> MacPorts <http://www.macports.org/> Ports system for Mac OS
#19481: openssh: integration with OS X keychain broken -------------------------------+-------------------------------------------- Reporter: lhunath@… | Owner: jwa@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 1.7.1 Keywords: ssh-agent ssh | Port: openssh -------------------------------+-------------------------------------------- Changes (by raimue@…): * keywords: openssh ssh-agent ssh => ssh-agent ssh * owner: macports-tickets@… => jwa@… * port: => openssh Old description:
It appears that one of the more recent updates of openssl has broken its integration with the OS X keychain. My SSH keys that are in the OS X keychain are no longer added to the ssh-agent.
Running `eval "$(/usr/bin/ssh-agent)"` and then `ssh-add -l` *does* show my keys as added to the agent, so the OS X provided openssl has no issues talking to my keychain.
That makes macports' openssl rather useless for me.
This issue is reminiscent of another open ticket on sysutils/screen which also causes problems with interaction between CLI applications and the OS X keychain (and other OS X utilities such as pbcopy/pbpaste): #18235
New description: It appears that one of the more recent updates of openssh has broken its integration with the OS X keychain. My SSH keys that are in the OS X keychain are no longer added to the ssh-agent. Running `eval "$(/usr/bin/ssh-agent)"` and then `ssh-add -l` *does* show my keys as added to the agent, so the OS X provided openssh has no issues talking to my keychain. That makes macports' openssh rather useless for me. This issue is reminiscent of another open ticket on sysutils/screen which also causes problems with interaction between CLI applications and the OS X keychain (and other OS X utilities such as pbcopy/pbpaste): #18235 -- Comment: I assume you mean openssh instead of openssl? -- Ticket URL: <http://trac.macports.org/ticket/19481#comment:1> MacPorts <http://www.macports.org/> Ports system for Mac OS
#19481: openssh: integration with OS X keychain broken -------------------------------+-------------------------------------------- Reporter: lhunath@… | Owner: jwa@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 1.7.1 Keywords: ssh-agent ssh | Port: openssh -------------------------------+-------------------------------------------- Comment(by theboergers@…): Would love to have this one fixed. Apple tends to be lax on security updates for unix-tools so I prefer to use MacPorts versions when possible. Anyway, Apple's ssh is disabled in the system preferences. I have the MacPorts version of ssh running (openssh @5.3p1_0+darwin) and have enabled the launch daemon for it. To better describe what's going on, here's copy from my Terminal session: [~]$ What is your bidding my master?: which ssh[[BR]] /opt/local/bin/ssh [~]$ What is your bidding my master?: which ssh-agent[[BR]] /opt/local/bin/ssh-agent [~]$ What is your bidding my master?: which ssh-add[[BR]] /opt/local/bin/ssh-add [~]$ What is your bidding my master?: ssh-add -l[[BR]] 2048 40:b7:3f:1b:c9:26:18:2a:1e:2c:9a:07:da:62:b6:8e /Users/chris/.ssh/id_rsa (RSA) [~]$ What is your bidding my master?: ssh -v localhost[[BR]] OpenSSH_5.3p1, OpenSSL 0.9.8k 25 Mar 2009[[BR]] debug1: Reading configuration data /opt/local/etc/ssh/ssh_config[[BR]] debug1: Connecting to localhost [::1] port 22.[[BR]] debug1: Connection established.[[BR]] debug1: identity file /Users/chris/.ssh/identity type -1[[BR]] debug1: identity file /Users/chris/.ssh/id_rsa type 1[[BR]] debug1: identity file /Users/chris/.ssh/id_dsa type -1[[BR]] debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3[[BR]] debug1: match: OpenSSH_5.3 pat OpenSSH*[[BR]] debug1: Enabling compatibility mode for protocol 2.0[[BR]] debug1: Local version string SSH-2.0-OpenSSH_5.3[[BR]] debug1: SSH2_MSG_KEXINIT sent[[BR]] debug1: SSH2_MSG_KEXINIT received[[BR]] debug1: kex: server->client aes128-ctr hmac-md5 none[[BR]] debug1: kex: client->server aes128-ctr hmac-md5 none[[BR]] debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent[[BR]] debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP[[BR]] debug1: SSH2_MSG_KEX_DH_GEX_INIT sent[[BR]] debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY[[BR]] debug1: Host 'localhost' is known and matches the RSA host key.[[BR]] debug1: Found key in /Users/chris/.ssh/known_hosts:4[[BR]] debug1: ssh_rsa_verify: signature correct[[BR]] debug1: SSH2_MSG_NEWKEYS sent[[BR]] debug1: expecting SSH2_MSG_NEWKEYS[[BR]] debug1: SSH2_MSG_NEWKEYS received[[BR]] debug1: SSH2_MSG_SERVICE_REQUEST sent[[BR]] debug1: SSH2_MSG_SERVICE_ACCEPT received[[BR]] debug1: Authentications that can continue: publickey,password,keyboard- interactive[[BR]] debug1: Next authentication method: publickey[[BR]] debug1: Offering public key: /Users/chris/.ssh/id_rsa[[BR]] debug1: Authentications that can continue: publickey,password,keyboard- interactive[[BR]] debug1: Trying private key: /Users/chris/.ssh/identity[[BR]] debug1: Trying private key: /Users/chris/.ssh/id_dsa[[BR]] debug1: Next authentication method: keyboard-interactive[[BR]] debug1: Authentications that can continue: publickey,password,keyboard- interactive[[BR]] debug1: Next authentication method: password[[BR]] chris@localhost's password:[[BR]] debug1: Authentications that can continue: publickey,password,keyboard- interactive[[BR]] Permission denied, please try again. Is there a workaround in the meantime? -- Ticket URL: <http://trac.macports.org/ticket/19481#comment:3> MacPorts <http://www.macports.org/> Ports system for Mac OS
#19481: openssh: integration with OS X keychain broken -------------------------------+-------------------------------------------- Reporter: lhunath@… | Owner: jwa@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 1.7.1 Keywords: ssh-agent ssh | Port: openssh -------------------------------+-------------------------------------------- Comment(by lassi.tuura@…): I've attached patches to ticket #27250 which appear to restore the keychain integration in my testing. It's based on the differences of Apple's opensource version of openssh and original openssh. -- Ticket URL: <https://trac.macports.org/ticket/19481#comment:7> MacPorts <http://www.macports.org/> Ports system for Mac OS
#19481: openssh: integration with OS X keychain broken ------------------------+-------------------- Reporter: lhunath@… | Owner: jwa@… Type: defect | Status: closed Priority: Normal | Milestone: Component: ports | Version: 1.7.1 Resolution: wontfix | Keywords: Port: openssh | ------------------------+-------------------- Changes (by cal@…): * status: new => closed * keywords: ssh-agent ssh => * resolution: => wontfix Comment: This seems to have been fixed along the way. Or not, but this ticket is reaaaaally old, and I guess if this problem still exists you should probably open a new one. -- Ticket URL: <https://trac.macports.org/ticket/19481#comment:11> MacPorts <http://www.macports.org/> Ports system for OS X
participants (1)
-
MacPorts