search

keepassxreboot / keepassxc

KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
https://keepassxc.org/
Other
21.45k stars 1.48k forks source link

Intermittent failure of ssh agent #10322

Open pjgoodall opened 9 months ago

pjgoodall commented 9 months ago

Overview

NOTE: # If I leave the KeePassXC UI open, and use ssh agent implicitly and heavily for some hours, the ssh agent feature behaves as if the UI has locked. The only way to get it to recover is to restart the UI.

Frequency is one or two times per day.

Recovery is always immediate on restarting KeePassXC.

Steps to Reproduce

  1. Ubuntu 22.04.4
  2. KeePassXC 2.7.6
  3. I am using vagrant to manage virtualbox vms for manually testing ansible playbooks against debian guests. I have been doing this for a few years. In the past few months I have had these apparent lockups of the ssh agent.
  4. Lots of restarting vms, snapshotting and running playbooks - but at a manual pace. All using public keys for access. Only the vagrant ssh infrastructure does not use ssh agent.

Expected Behavior

NOTE: # I expect the ssh agent feature of KeePassXC to continue running flawlessly - as usual.

Actual Behavior

NOTE: # as in the overview above

Context

KeePassXC - Version 2.7.6 Revision: dd21def

Qt 5.15.3 Debugging mode is disabled.

Operating system: Ubuntu 22.04.4 LTS CPU architecture: x86_64 Kernel: linux 6.5.0-18-generic

Enabled extensions:

Cryptographic libraries:

Operating System: Linux - Ubuntu 22.04.4 LTS Desktop Env: Gnome 42.9 Windowing System: X11

droidmonkey commented 9 months ago

Can you provide more information on what you mean by "locked up"? SSH Agent integration in KeePassXC is a hands-off service, once you add the keys to the actual ssh agent process, KeePassXC really doesn't do anything. There are certainly options to remove the keys on database lock and timeout, and options that are passed to ssh agent to require user confirmation. However, those are not actively communicating with the ssh agent process outside of add/remove commands.

pjgoodall commented 9 months ago

When my workstation goes into suspend, and I log back in. KeePassXC ssh agent does not work until I log back in to the database, using the KeePassXC GUI.

By ‘like’ I don’t mean I can’t really infer any direct correlation with the error state, other than ssh agent does not work. Logging out and logging in doesn’t seem to fix the problem. Only a restart of the app does.

droidmonkey commented 9 months ago

When my workstation goes into suspend, and I log back in. KeePassXC ssh agent does not work until I log back in to the database, using the KeePassXC GUI.

That makes perfect sense if you have "add keys on unlock" and "remove keys on lock" enabled. Not knowing your settings makes this hard to understand.

other than ssh agent does not work. Logging out and logging in doesn’t seem to fix the problem. Only a restart of the app does.

This seems to conflict with your statement above, I am confused. We need to be specific, does ssh-agent not work, or is KeePassXC unable to add keys to ssh-agent? KeePassXC does not run an ssh agent, we just provide keys to one that is already running on your system.

pjgoodall commented 9 months ago

So hard to explain in text - a conversation would be much easier.

On Fri, 23 Feb 2024 at 15:28, Jonathan White @.***> wrote:

When my workstation goes into suspend, and I log back in. KeePassXC ssh agent does not work until I log back in to the database, using the KeePassXC GUI.

This is expected behaviour.

That makes perfect sense if you have "add keys on unlock" and "remove keys on lock" enabled. Not knowing your settings makes this hard to understand.

other than ssh agent does not work. Logging out and logging in doesn’t seem to fix the problem. Only a restart of the app does.

This seems to conflict with your statement above, I am confused. We need to be specific, does ssh-agent not work, or is KeePassXC unable to add keys to ssh-agent? KeePassXC does not run an ssh agent, we just provide keys to one that is already running on your system.

Please ignore my saying the problem is ‘like being locked out after suspend’

The real problem is that ssh agent intermittently stops working until I restart the app. Logging in to the database has has no effect on this problem. This happens one or two times a day. Until recently this never happened.

Thanks…

— Reply to this email directly, view it on GitHub https://github.com/keepassxreboot/keepassxc/issues/10322#issuecomment-1960717185, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAFPYWUW4Z4Q4PISN73YLH3YVALHTAVCNFSM6AAAAABDWACYCWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNRQG4YTOMJYGU . You are receiving this because you authored the thread.Message ID: @.***>

droidmonkey commented 9 months ago

I recommend recording a video of the problem. Otherwise, there is really nothing we can do with the information provided.

pjgoodall commented 9 months ago

Perhaps better than that - can you suggest a logging setup that might capture the event.

There is also this testing bug https://github.com/keepassxreboot/keepassxc/issues/10320

On Sat, 24 Feb 2024 at 00:18, Jonathan White @.***> wrote:

I recommend recording a video of the problem. Otherwise, there is really nothing we can do with the information provided.

— Reply to this email directly, view it on GitHub https://github.com/keepassxreboot/keepassxc/issues/10322#issuecomment-1961314387, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAFPYWXZIVUIMHBB5YTR4N3YVCJKLAVCNFSM6AAAAABDWACYCWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNRRGMYTIMZYG4 . You are receiving this because you authored the thread.Message ID: @.***>

droidmonkey commented 9 months ago

Recommend looking at generic ssh-agent troubleshooting materials. Like I said, we don't do anything after the keys are loaded besides remove them if conditions are met and enabled.

pjgoodall commented 9 months ago

Ok - understood. Thanks.

On Mon, 26 Feb 2024 at 06:42, Jonathan White @.***> wrote:

Recommend looking at generic ssh-ageny troubleshooting materials. Like I said, we don't do anything after the keys are loaded.

— Reply to this email directly, view it on GitHub https://github.com/keepassxreboot/keepassxc/issues/10322#issuecomment-1963040665, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAFPYWWQ26EI35EPNCCXIMLYVOH2BAVCNFSM6AAAAABDWACYCWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNRTGA2DANRWGU . You are receiving this because you authored the thread.Message ID: @.***>