Not sure where to post this. After some recent updates, I get a pop-up that wants me to ok a Certificate Authority. It looks like no site I have ever heard of, except one has the word “Google” in it. I click no and another dialog pops up. Then another and another and another , endlessly, until I click “cancel.”
I don’t know what these are, where they come from or what they are for. I see no activity that prompts one of these dialogs to pop up. Is it a scam/virus or something else that I need?
It is unclear what you’re doing when you see this - can you post a screengrab or provide some context? Are you in a browser, at the desktop, or doing something else?
Does this occur on the same machine (laptop) related to the other post you have, about BIOS problems??
I will try a screen grab when I see it again. It is not related to the BIOS repair problem I posted. This happens on my Dell pc. The BIOS issue is on an HP laptop.
These Cert Auth boxes pop up unexpectedly. Sometimes I’m online; sometimes not. The listed sources are sometimes in places like Belarus or Bulgaria. Sometime they have no identifiable location. I don’t know why, or if, I need a certification authorization.
This appeared while I had Chrome browser open. Every tab was for a familiar site that I have gone to for years. While attempting a screen grab, this replaced another request which I did not capture. It says “Google” so I think it is trustworthy but I have no idea why or why I need it. Also, if “C=US” means Country US, the previous box may have been from Canada.
The window title suggests to me that this is not a Chrome message. If it pops up again, can you try to resize it so the entire pop-up title is visible?
That may give us a clue about the source. Part of me is seeing the “[31274]” part of the title as possibly a process ID - when the message is up, it might be interesting to see the output of
ps ax | grep <id>
Replacing with the number in the window title to see if the process with that ID is the same as the rest of the window title.
This popup comes from gpg agent which calls pinentry program to display confirmation. Ad far as I can tell this question is asked in only one case - some program explicitly requested to trust some key (or more precisely key fingerprint). I am not sure what window title means, but it certainly would be helpful to know what process 31724 refers to.
Before I got to these posts, it popped up again. This time it was from Budapest Hungary. There is no expand button on the window. At least, not on prior ones. I wanted to expand the window to see more info, too.
I closed the window before I saw the request for the id. Used the number that you saw in the earlier box, in case the last instance used the same process.
ps ax | grep 31274
17728 pts/1 S+ 0:00 grep --color=auto 31274
The next time it pops up, I will look to expand its window and run this command with the new number.
Thanks for your help.
Was the number in the new box the same as the number in the original? The idea is that the box starts with:
[31724]@localhost.localdomain
If the number was something other than 31724, use that number in the ps command to see if that command corresponds to what’s being seen.
It’s likely it changes every time.
Is there a command that lets you go back in the timeline of activities? Pardon my confused thinking , but isn’t there a log or something that shows what was going on?
Another tack: can I run a console with all the activities scrolling by? I could then scroll back to post the requested info.
Just got a series of pop-ups. I use Spectacle for screen capture. It has a hard time grabbing the dialog box. I could not get any saved. But, I see they were repeats of ones offered previously. The title was the same as seen before. There is no button to enlarge the box and I cannot grab any other the sides to expand the size of the box to expand the title. Here is the latest ps ax:
localhost:/home/prexy # ps ax | grep 2147
2147 ? SL 0:00 gpgsm --logger-fd 81 --server
2991 pts/1 S+ 0:00 grep --color=auto 2147
On the dialog box, the line above that ends with server appears to be the whole title.
Not that I’m aware of. That would, to my thinking, be fairly resource-intensive.
Just the next time it happens, grab the number from the pop-up. It does track that it could be gpg, so the question becomes what is calling that process. Chrome doesn’t use gpg, so it’s something unrelated to your browser.
Once you’ve confirmed the number is the process ID, the output from:
pstree -ps -H <id> <id>
Would be useful. Replace both instances of <id> with the number from the pop-up when it shows up again. That will show us that process, all of its parents, and all of its children.
Also include the output from the ps command. It should show a command-line that looks like what you see in the window’s title bar.
That confirms that it’s gpg. If you’re running GNOME, you can use the printscreen button to capture the screen - no need to use Spectacle to capture the screen.
But I think that’s enough information to go from.
So, further to my last reply, in this example, you’d run:
pstree -ps -H 2147 2147
And include that output here when it pops up again. That should tell us what’s calling gpgsm. Again, though, the PID will change each time it runs because it’s a new process.
gpgsm is a tool similar to gpg, but working with X.509 certificates. It may be used e.g. with S/MIME signed/encrypted mails. It had been more useful if you also checked parent process and the whole process tree upwards - this way it may show what program invoked gpgsm.
While I was reading this post, the request popped up again. Here is the result:
pstree -ps -H 6702 6702
systemd(1)───systemd(1656)───gpgsm(6702)
I’m beginning to think this is the only website that causes this dialog box to pop up. Is that possible? Have I triggered some setting here that I can reverse?
Two questions remain in my mind. A) is this a legitimate request or some sort of malware? B) Do I need this or can I shut it off somehow?
Finally, what is the parent process ? 1656? When I ran the command using 1656, I got hundreds of lines of response. Listing various programs that are running, such as akonadi and chrome.
systemd is the parent process.
There does not appear to be any connection to your web browser here. The browser itself handles all certificate management for browsing the web - it doesn’t use gpg (which is more about signing things - it’s used in package management, for example).
Let’s modify the pstree command so it’s:
pstree -paH <id> <id>
That should give us more info, hopefully, on the systemd command and give us more of an idea what service it’s tied to, if any.
Thinking a little more, it’s possible that the process with PID 1656 is still running - so you might be able to just do:
ps ax | grep 1656
And see what that output is.
ETA: What desktop environment are you using, and what other Internet-connected applications are running?
It is started as systemd service. Show full output of
systemd-cgls
I’ve been waiting for a fresh instance of this popping up. It hasn’t. But here is the result:
ps ax | grep 1656
1656 ? Ss 0:01 /usr/lib/systemd/systemd --user --deserialize=12
29952 pts/1 S+ 0:00 grep --color=auto 1656
I’ve been waiting for a fresh instance of the pop up. Until it comes, here is the present response:
Sorry, after I posted, I realized I had nowhere near the whole output. It was 241 lines. I know we can’t post that much here.
Also, while I was typing this, a fresh instance popped up and, before I could read it, it disappeared. So I could not see the process number. While typing this post one of my keystrokes may have caused me to accept the authorization, which was not my intention. Maybe I will not see it again