1
0
I have a Yubikey4 loaded with my gpg-key, acting as a smartcard. I can do gpg2 card-status
and it gives me the whole shebang showing all my subkeys and everything is fine.
I then wanted to use gpg-agent to ssh into remote hosts using my gpg key. I added the following to my ~/.gnupg/gpg-agent.conf
enable-ssh-support
pinentry-program /usr/bin/pinentry-curses
default-cache-ttl 60
I also set the SSH_AUTH_SOCK
in my .bashrc as this:
export SSH_AUTH_SOCK=~/.gnupg/S.gpg-agent.ssh
If I then reboot my machine, the key is added and visible with ssh-add -l
4096 SHA256....... cardno: ..... (RSA)
But any attempts to ssh to a remote server just hangs, ssh -vvv
tells me the machine tries to sign and send the key, but the agent refuses operation.
If I then execute a script I made using various sources it all works.
killall gpg
export SSH_AUTH_SOCK=~/.gnupg/S.gpg-agent.ssh; gpg-agent --daemon --keet-tty --use-standard-socket --pinentry-program=/usr/bin/pinentry-curses
I tried implementing this using bashrc, executing it with my deskopt-manager and a user systemd task to no avail.
Can anybody help me figure out how to start this automatically on login, without the need to execute "my script"?
The one little thing I could think of is make sure that all your gpg related agents are all the same version. I notice you're running
gpg2
as the command, and with killall gpg resolving the issue, my naive assumption is that either scdaemon or gpg-agent is an old version. – plttn – 2018-03-13T19:25:16.957