Posts Tagged ‘ssh daemon’

sign_and_send_pubkey: signing failed for RSA from agent: agent refused operation

Tuesday, June 1st, 2021

This is a problem which bugs the Internet. Many solutions were suggested. All of them work sometimes (like making sure that the permissions on the private/public SSH key files are correct).

One solution which never gets mentioned is about DNS. When attempting login to a remote server, the server attempts to resolve the connecting address (yours) using the DNS server defined to the server. This is the default for SSHD, and I seldom see any reason to change it. However, if the DNS servers are inaccessible, then the login takes very long (actually – waiting for the DNS query attempt to timeout). If this thing happens when using SSH-agent (I use KeePass2 with KeeAgent, as a very secure means of protecting my private keys. I suggest you check it out), the timeout might be just long enough to timeout on the agent’s side, and thus, produce the dreaded ‘sign_and_send_pubkey: signing failed for RSA from agent: agent refused operation’ error message.

The easy two possible solutions (pick one)L

  • Disable SSH DNS query (Remove the comment before ‘UseDNS no’ directive in /etc/ssh/sshd_config)
  • Disable DNS servers – comment out the defined servers in /etc/resolv.conf

This solves the timeout, and with it – this message, and your connection problems.

Solaris SSH weird behaviour

Thursday, July 3rd, 2008

Sun likes IPv6. They like it so badly that they strive to use it in all cases.

Solaris 9 and 10 SSH daemon is bounded to IPv6, which leads to a problem when trying to forward X. Editing the config file /etc/ssh/sshd_conf and assigning the SSH daemon to IPv4 address (bind to address is not enough. You need to make sure that the sshd process is started with the “-4” flag. In Solaris 10, it means editing /lib/svc/method/sshd and appending “-4” to the sshd start command.

I wonder what will happen after an upgrade or a patch…