I just want to point out that one may want to add the keygrip to the
sshcontrol file along with the "confirm" option to get asked by pinentry
each time ssh requests gpg-agent to sign an ssh challenge (e.g. a ssh
login). This is at least a useful option if you login to a remote host
with agent forwarding enabled. I know that there are more secure
alternatives to agent forwarding but i guess it is still used because of
its simplicity. I also use it from time to time *shame*
But thats the only reason in know why one would add it to sshcontrol.
Regards
the2nd
On 2016-01-16 00:47, Glenn Rempe wrote:
Thanks Peter, I was not aware of that (and it certainly explains the
double entry in ssh-add -l.
btw, Werner was not writing that response to me. It was just pointed
out to me, so yes it was
probably not smart card specific I would guess. I'll update the blog
post to reflect that we
probably do not need to modify sshcontrol for use with Yubikey.
Back to the main issue I am having. I followed the instructions to
output a verbose scdaemon log
which I was exercising this issue. Here is a gist with the commands
I was running and the resulting
logfile.
https://gist.github.com/grempe/e143796b8f399f5fa391 [5]
Perhaps NIIBE Yutaka or someone else more knowledgable than I can
take a look and
get us closer to resolution. :-)
Thanks for everyone who is helping.
On Fri, Jan 15, 2016 at 3:08 PM Peter Lebbing
<pe...@digitalbrains.com> wrote:
On 15/01/16 21:17, Glenn Rempe wrote:
I added it at the suggestion of Werner in this post:
https://lists.gnupg.org/pipermail/gnupg-users/2012-July/045059.html
[1]
And these blog posts:
http://incenp.org/notes/2015/gnupg-for-ssh-authentication.html
[2]
http://budts.be/weblog/2012/08/ssh-authentication-with-your-pgp-key
[3]
Is this suggestion outdated?
No, but I'm fairly sure Werner did not realise you were using a
smartcard when
he wrote that. Obviously, I can't look into the man's mind, but
that's my guess.
For regular, on-disk keys, it is necessary to add the keygrip to
sshcontrol. For
smartcards, it's automatically added when the smartcard is
inserted. I guess it
fits with automatically added secret key stubs when the smartcard
is inserted
(to use a smartcard on a fresh PC, import your own public key,
insert your
smartcard, and you're done).
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
<http://digitalbrains.com/2012/openpgp-key-peter [4]>
Links:
------
[1] https://lists.gnupg.org/pipermail/gnupg-users/2012-July/045059.html
[2] http://incenp.org/notes/2015/gnupg-for-ssh-authentication.html
[3] http://budts.be/weblog/2012/08/ssh-authentication-with-your-pgp-key
[4] http://digitalbrains.com/2012/openpgp-key-peter
[5] https://gist.github.com/grempe/e143796b8f399f5fa391
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
