Hi, I've been successfully using OpenPGP smartcard for signing my Debian uploads for a while now. Today I wanted to set it up also for SSH public key authentication.
I'm using: gnupg-2.0.17 libassuan-2.0.1 libgcrypt-1.4.6 libksba-1.1.0 pinentry-0.8.1 pinentry-qt-0.5.0 All installed into /usr/local. Signing files using gpg2 works excellent. But when I try: $ /usr/local/bin/gpg-agent -vv --daemon --enable-ssh-support --scdaemon-program /usr/local/bin/scdaemon gpg-agent[6534]: listening on socket `/tmp/gpg-sUL53i/S.gpg-agent' gpg-agent[6534]: listening on socket `/tmp/gpg-x8sB4W/S.gpg-agent.ssh' GPG_AGENT_INFO=/tmp/gpg-sUL53i/S.gpg-agent:6535:1; export GPG_AGENT_INFO; SSH_AUTH_SOCK=/tmp/gpg-x8sB4W/S.gpg-agent.ssh; export SSH_AUTH_SOCK; SSH_AGENT_PID=6535; export SSH_AGENT_PID; gpg-agent[6535]: gpg-agent (GnuPG) 2.0.17 started $ GPG_AGENT_INFO=/tmp/gpg-sUL53i/S.gpg-agent:6535:1; export GPG_AGENT_INFO; $ SSH_AUTH_SOCK=/tmp/gpg-x8sB4W/S.gpg-agent.ssh; export SSH_AUTH_SOCK; $ SSH_AGENT_PID=6535; export SSH_AGENT_PID; $ ssh shell.dug.net.pl gpg-agent[6535]: ssh handler 0x96e9348 for fd 7 started gpg-agent[6535]: received ssh request of length 1 gpg-agent[6535]: ssh request handler for request_identities (11) started gpg-agent[6535]: no running SCdaemon - starting it gpg-agent[6535]: DBG: first connection to SCdaemon established gpg-agent[6535]: ssh request handler for request_identities (11) ready gpg-agent[6535]: sending ssh response of length 183 gpg-agent[6535]: received ssh request of length 409 gpg-agent[6535]: ssh request handler for sign_request (13) started gpg-agent[6535]: DBG: detected card with S/N D27600012401020000050000009E0000 gpg-agent[6535]: starting a new PIN Entry gpg-agent[6535]: smartcard signing failed: Bad PIN gpg-agent[6535]: ssh request handler for sign_request (13) ready gpg-agent[6535]: sending ssh response of length 1 Agent admitted failure to sign using the key. Password: I get a pinentry-qt4 propmpt (just as for regular signing). But, as you can see, gpg-agent says the PIN's been invalid. At first I tried GnuPG shipped with Debian (gpg 2.0.14, libgcrypt 1.4.6). No luck, so I compiled newest GnuPG and dependencies (see beginning of this mail), but still doesn't work. I'm not sure if key's preferences are important, but I changed them from the default values to: gpg> showpref [ unknown] (1). Patryk Cisek <pat...@prezu.one.pl> Cipher: AES256, AES192, AES, CAST5, 3DES Digest: SHA512, SHA384, SHA256, SHA224, SHA1 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, Keyserver no-modify [ unknown] (2) Prezu <p...@interia.pl> Cipher: AES256, AES192, AES, CAST5, 3DES Digest: SHA512, SHA384, SHA256, SHA224, SHA1 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, Keyserver no-modify [ unknown] (3) Patryk Cisek <pat...@debian.org> Cipher: AES256, AES192, AES, CAST5, 3DES Digest: SHA1, SHA256, RIPEMD160 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, Keyserver no-modify [ unknown] (4) Patryk Cisek <pat...@dug.net.pl> Cipher: AES256, AES192, AES, CAST5, 3DES Digest: SHA512, SHA384, SHA256, SHA224, SHA1 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, Keyserver no-modify [ revoked] (5) Patryk Cisek <patr...@plusnet.pl> Cipher: 3DES Digest: SHA1 Compression: ZIP, Uncompressed Features: Keyserver no-modify [ unknown] (6) Patryk Cisek <patryk.ci...@gmail.com> Cipher: AES256, AES192, AES, CAST5, 3DES Digest: SHA1, SHA256, RIPEMD160 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, Keyserver no-modify [ unknown] (7) Patryk Cisek <102...@student.pwr.wroc.pl> Cipher: AES256, AES192, AES, CAST5, 3DES Digest: SHA512, SHA384, SHA256, SHA224, SHA1 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, Keyserver no-modify _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users