I am trying to forward gpg-agent from Windows (local) to Linux (remote) in order to use Yubikey in full capacity on the remote. That means I am able to encrypt, decrypt, sign with gpg key stored on the token, use ssh key stored on the token for authentication in remote's environment.
On Windows I am using win32-openssh 8.0 and gpg 2.2.22, with two additional tools (described below). On Linux I am using openssh 8.3p1 and gpg 2.2.21. [0] allows key-based SSH authentication to be used (it connects gpg-agent and pageant), when SSH key is stored on Yubikey. It makes pinentry to ask for Yubikey PIN. SSH_AUTH_SOCK is set to "\\.\pipe\ssh-pageant" before launching the program. It is launched as so: PS C:\Users\avemilia> wsl-ssh-pageant-amd64.exe --winssh ssh-pageant 2020/09/03 00:06:39 Listening on named pipe: \\.\pipe\ssh-pageant and produces no errors. See [1][2] as tracking issues for this feature in gpg and win32-openssh. [3] is a bridge between Unix sockets and TCP sockets, used both as a workaround for win32-openssh and gpg. Win32-openssh is unable to parse Windows paths in config and gpg is unable to communicate with Unix sockets. See [4] as tracking issue for this feature in win32-openssh, and perhaps [1] for gpg. Two instances are launched as so: PS C:\Users\avemilia> gpg-bridge.exe 127.0.0.1:<EXTRA_PORT> C:\Users\avemilia\AppData\Roaming\gnupg\S.gpg-agent.extra PS C:\Users\avemilia> gpg-bridge.exe 127.0.0.1:<SSH_PORT> C:\Users\avemilia\AppData\Roaming\gnupg\S.gpg-agent.ssh and produce no errors. Both ports are in high numbers, working as intended. This is the session I attempt, following instructions from [5]: PS C:\Users\avemilia> ssh pc <BANNER> Last login: Thu Sep 3 00:01:38 2020 from <LOCAL_IP> gpg-connect-agent: connection to agent is in restricted mode ❯ gpg --card-status gpg: error getting version from 'scdaemon': Forbidden gpg: selecting card failed: Forbidden gpg: OpenPGP card not available: Forbidden ❯ Connection to <REMOTE_IP> closed. /etc/ssh/sshd_config on remote: AllowUsers <USER> Port <EXTRA_PORT> ListenAddress <REMOTE_INTRANET_IP> AddressFamily inet Compression yes KexAlgorithms curve25519-sha...@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 Ciphers chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes128-...@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-...@openssh.com,hmac-sha2-256-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-...@openssh.com LogLevel VERBOSE Subsystem sftp /usr/lib/ssh/sftp-server -f AUTHPRIV -l INFO PermitRootLogin no PubkeyAuthentication yes PasswordAuthentication no KbdInteractiveAuthentication no AuthenticationMethods publickey UsePAM yes AuthorizedKeysFile .ssh/authorized_keys PrintMotd no # pam does that Banner /etc/issue StreamLocalBindUnlink yes .ssh/config on local: User <USER> Host pc Hostname <REMOTE_IP> Port <REMOTE_PORT> RemoteForward /run/user/1000/gnupg/S.gpg-agent 127.0.0.1:<EXTRA_PORT> RemoteForward /run/user/1000/gnupg/S.gpg-agent.ssh 127.0.0.1:<SSH_PORT> [5] does not mention ssh-agent forwarding, but googling about the "forbidden" problem yielded [6] which says: "If only forwarding the “extra” socket, you’ll receive these errors", which are the errors I receive. Thus I added ssh socket, but it didn't work out. This is the current state of the problem and I am stuck :( This is how I [re]start gpg on remote before SSH session and stop after to collect logs: ❯ systemctl --user stop gpg-agent-browser.socket gpg-agent-extra.socket gpg-agent-ssh.socket gpg-agent.socket gpg-agent.service dirmngr.socket dirmngr.service ❯ systemctl --user start gpg-agent-browser.socket gpg-agent-extra.socket gpg-agent-ssh.socket gpg-agent.socket gpg-agent.service dirmngr.socket dirmngr.service ❯ systemctl --user stop gpg-agent-browser.socket gpg-agent-extra.socket gpg-agent-ssh.socket gpg-agent.socket gpg-agent.service dirmngr.socket dirmngr.service This is how I [re]start gpg on local before SSH session and stop after to collect logs: PS C:\Users\avemilia> gpgconf --kill all PS C:\Users\avemilia> gpgconf --launch all PS C:\Users\avemilia> gpgconf --kill all Below are logs and configs of gpg on local and remote in respect to these manipulations. gpg-agent.log on remote: 2020-09-03 00:08:34 gpg-agent[785552] gpg-agent (GnuPG) 2.2.21 starting in supervised mode. 2020-09-03 00:08:34 gpg-agent[785552] using fd 3 for browser socket (/run/user/1000/gnupg/S.gpg-agent.browser) 2020-09-03 00:08:34 gpg-agent[785552] using fd 4 for extra socket (/run/user/1000/gnupg/S.gpg-agent.extra) 2020-09-03 00:08:34 gpg-agent[785552] using fd 5 for ssh socket (/run/user/1000/gnupg/S.gpg-agent.ssh) 2020-09-03 00:08:34 gpg-agent[785552] using fd 6 for std socket (/run/user/1000/gnupg/S.gpg-agent) 2020-09-03 00:08:34 gpg-agent[785552] listening on: std=6 extra=4 browser=3 ssh=5 2020-09-03 00:09:08 gpg-agent[785552] socket file has been removed - shutting down 2020-09-03 00:09:08 gpg-agent[785552] gpg-agent (GnuPG) 2.2.21 stopped 2020-09-03 00:15:58 gpg-agent[786612] listening on socket '/run/user/1000/gnupg/S.gpg-agent' 2020-09-03 00:15:58 gpg-agent[786612] listening on socket '/run/user/1000/gnupg/S.gpg-agent.extra' 2020-09-03 00:15:58 gpg-agent[786612] listening on socket '/run/user/1000/gnupg/S.gpg-agent.browser' 2020-09-03 00:15:58 gpg-agent[786612] listening on socket '/run/user/1000/gnupg/S.gpg-agent.ssh' 2020-09-03 00:15:58 gpg-agent[786613] gpg-agent (GnuPG) 2.2.21 started 2020-09-03 00:15:58 gpg-agent[786613] DBG: chan_10 -> OK Pleased to meet you, process 786610 2020-09-03 00:15:58 gpg-agent[786613] DBG: chan_10 <- RESET 2020-09-03 00:15:58 gpg-agent[786613] DBG: chan_10 -> OK 2020-09-03 00:15:58 gpg-agent[786613] DBG: chan_10 <- OPTION ttyname=/dev/pts/13 2020-09-03 00:15:58 gpg-agent[786613] DBG: chan_10 -> OK 2020-09-03 00:15:58 gpg-agent[786613] DBG: chan_10 <- OPTION ttytype=xterm-kitty 2020-09-03 00:15:58 gpg-agent[786613] DBG: chan_10 -> OK 2020-09-03 00:15:58 gpg-agent[786613] DBG: chan_10 <- OPTION display=:0 2020-09-03 00:15:58 gpg-agent[786613] DBG: chan_10 -> OK 2020-09-03 00:15:58 gpg-agent[786613] DBG: chan_10 <- OPTION xauthority=/home/ave/.Xauthority 2020-09-03 00:15:58 gpg-agent[786613] DBG: chan_10 -> OK 2020-09-03 00:15:58 gpg-agent[786613] DBG: chan_10 <- OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus 2020-09-03 00:15:58 gpg-agent[786613] DBG: chan_10 -> OK 2020-09-03 00:15:58 gpg-agent[786613] DBG: chan_10 <- OPTION lc-ctype=en_US.UTF-8 2020-09-03 00:15:58 gpg-agent[786613] DBG: chan_10 -> OK 2020-09-03 00:15:58 gpg-agent[786613] DBG: chan_10 <- OPTION lc-messages=en_US.UTF-8 2020-09-03 00:15:58 gpg-agent[786613] DBG: chan_10 -> OK 2020-09-03 00:15:58 gpg-agent[786613] DBG: chan_10 <- updatestartuptty 2020-09-03 00:15:58 gpg-agent[786613] DBG: chan_10 -> OK 2020-09-03 00:15:58 gpg-agent[786613] DBG: chan_10 <- [eof] 2020-09-03 00:16:00 gpg-agent[786613] DBG: chan_10 -> OK Pleased to meet you, process 786711 2020-09-03 00:16:00 gpg-agent[786613] DBG: chan_10 <- RESET 2020-09-03 00:16:00 gpg-agent[786613] DBG: chan_10 -> OK 2020-09-03 00:16:00 gpg-agent[786613] DBG: chan_10 <- OPTION ttyname=/dev/pts/13 2020-09-03 00:16:00 gpg-agent[786613] DBG: chan_10 -> OK 2020-09-03 00:16:00 gpg-agent[786613] DBG: chan_10 <- OPTION ttytype=xterm-kitty 2020-09-03 00:16:00 gpg-agent[786613] DBG: chan_10 -> OK 2020-09-03 00:16:00 gpg-agent[786613] DBG: chan_10 <- OPTION display=:0 2020-09-03 00:16:00 gpg-agent[786613] DBG: chan_10 -> OK 2020-09-03 00:16:00 gpg-agent[786613] DBG: chan_10 <- OPTION xauthority=/home/ave/.Xauthority 2020-09-03 00:16:00 gpg-agent[786613] DBG: chan_10 -> OK 2020-09-03 00:16:00 gpg-agent[786613] DBG: chan_10 <- OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus 2020-09-03 00:16:00 gpg-agent[786613] DBG: chan_10 -> OK 2020-09-03 00:16:00 gpg-agent[786613] DBG: chan_10 <- OPTION lc-ctype=en_US.UTF-8 2020-09-03 00:16:00 gpg-agent[786613] DBG: chan_10 -> OK 2020-09-03 00:16:00 gpg-agent[786613] DBG: chan_10 <- OPTION lc-messages=en_US.UTF-8 2020-09-03 00:16:00 gpg-agent[786613] DBG: chan_10 -> OK 2020-09-03 00:16:00 gpg-agent[786613] DBG: chan_10 <- updatestartuptty 2020-09-03 00:16:00 gpg-agent[786613] DBG: chan_10 -> OK 2020-09-03 00:16:00 gpg-agent[786613] DBG: chan_10 <- [eof] (I have accidentally opened a new shell, so you will see [an irrelevant] updatestartuptty in the end) gpg-agent.conf on remote: enable-ssh-support default-cache-ttl 60 max-cache-ttl 120 verbose debug-level advanced log-file /home/ave/.gnupg/gpg-agent.log scdaemon.log on remote: absent scdaemon.conf on remote: pcsc-driver /usr/lib/libpcsclite.so card-timeout 5 disable-ccid verbose debug-level advanced log-file /home/ave/.gnupg/scdaemon.log gpg.conf on remote: personal-cipher-preferences AES256 AES192 AES personal-digest-preferences SHA512 SHA384 SHA256 personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed cert-digest-algo SHA512 s2k-digest-algo SHA512 s2k-cipher-algo AES256 charset utf-8 fixed-list-mode no-comments no-emit-version no-greeting keyid-format 0xlong list-options show-uid-validity verify-options show-uid-validity with-fingerprint require-cross-certification no-symkey-cache use-agent throw-keyids .zshrc on remote: export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh" export GPG_TTY=$(tty) gpgconf --create-socketdir gpg-connect-agent updatestartuptty /bye >/dev/null gpg-agent.log on local: 2020-09-03 00:05:30 gpg-agent[12992] listening on socket 'C:\Users\avemilia\AppData\Roaming\gnupg\S.gpg-agent' 2020-09-03 00:05:30 gpg-agent[12992] listening on socket 'C:\Users\avemilia\AppData\Roaming\gnupg\S.gpg-agent.extra' 2020-09-03 00:05:30 gpg-agent[12992] listening on socket 'C:\Users\avemilia\AppData\Roaming\gnupg\S.gpg-agent.browser' 2020-09-03 00:05:30 gpg-agent[12992] listening on socket 'C:\Users\avemilia\AppData\Roaming\gnupg\S.gpg-agent.ssh' 2020-09-03 00:05:30 gpg-agent[12992] gpg-agent (GnuPG) 2.2.22 started 2020-09-03 00:05:30 gpg-agent[12992] putty message loop thread started 2020-09-03 00:05:30 gpg-agent[12992] DBG: chan_0x00000294 -> OK Pleased to meet you 2020-09-03 00:05:30 gpg-agent[12992] DBG: chan_0x00000294 <- RESET 2020-09-03 00:05:30 gpg-agent[12992] DBG: chan_0x00000294 -> OK 2020-09-03 00:05:30 gpg-agent[12992] DBG: chan_0x00000294 <- [eof] 2020-09-03 00:05:35 gpg-agent[12992] DBG: chan_0x00000274 -> OK Pleased to meet you 2020-09-03 00:05:35 gpg-agent[12992] DBG: chan_0x00000274 <- RESET 2020-09-03 00:05:35 gpg-agent[12992] DBG: chan_0x00000274 -> OK 2020-09-03 00:05:35 gpg-agent[12992] DBG: chan_0x00000274 <- [eof] 2020-09-03 00:06:34 gpg-agent[12992] DBG: chan_0x000002b4 -> OK Pleased to meet you 2020-09-03 00:06:34 gpg-agent[12992] DBG: chan_0x000002b4 <- GETINFO pid 2020-09-03 00:06:34 gpg-agent[12992] DBG: chan_0x000002b4 -> D 12992 2020-09-03 00:06:34 gpg-agent[12992] DBG: chan_0x000002b4 -> OK 2020-09-03 00:06:34 gpg-agent[12992] DBG: chan_0x000002b4 <- BYE 2020-09-03 00:06:34 gpg-agent[12992] DBG: chan_0x000002b4 -> OK closing connection 2020-09-03 00:07:01 gpg-agent[12992] DBG: chan_0x000002b8 -> OK Pleased to meet you 2020-09-03 00:07:01 gpg-agent[12992] DBG: chan_0x000002b8 <- RESET 2020-09-03 00:07:01 gpg-agent[12992] DBG: chan_0x000002b8 -> OK 2020-09-03 00:07:01 gpg-agent[12992] DBG: chan_0x000002b8 <- [eof] 2020-09-03 00:07:09 gpg-agent[12992] DBG: chan_0x00000298 -> OK Pleased to meet you 2020-09-03 00:07:09 gpg-agent[12992] DBG: chan_0x00000298 <- RESET 2020-09-03 00:07:09 gpg-agent[12992] DBG: chan_0x00000298 -> OK 2020-09-03 00:07:09 gpg-agent[12992] DBG: chan_0x00000298 <- [eof] 2020-09-03 00:07:34 gpg-agent[12992] DBG: chan_0x000002c4 -> OK Pleased to meet you 2020-09-03 00:07:34 gpg-agent[12992] DBG: chan_0x000002c4 <- GETINFO pid 2020-09-03 00:07:34 gpg-agent[12992] DBG: chan_0x000002c4 -> D 12992 2020-09-03 00:07:34 gpg-agent[12992] DBG: chan_0x000002c4 -> OK 2020-09-03 00:07:34 gpg-agent[12992] DBG: chan_0x000002c4 <- BYE 2020-09-03 00:07:34 gpg-agent[12992] DBG: chan_0x000002c4 -> OK closing connection 2020-09-03 00:08:35 gpg-agent[12992] DBG: chan_0x0000029c -> OK Pleased to meet you 2020-09-03 00:08:35 gpg-agent[12992] DBG: chan_0x0000029c <- GETINFO pid 2020-09-03 00:08:35 gpg-agent[12992] DBG: chan_0x0000029c -> D 12992 2020-09-03 00:08:35 gpg-agent[12992] DBG: chan_0x0000029c -> OK 2020-09-03 00:08:35 gpg-agent[12992] DBG: chan_0x0000029c <- BYE 2020-09-03 00:08:35 gpg-agent[12992] DBG: chan_0x0000029c -> OK closing connection 2020-09-03 00:08:42 gpg-agent[12992] DBG: chan_0x000002b8 -> OK Pleased to meet you 2020-09-03 00:08:42 gpg-agent[12992] DBG: chan_0x000002b8 <- RESET 2020-09-03 00:08:42 gpg-agent[12992] DBG: chan_0x000002b8 -> OK 2020-09-03 00:08:42 gpg-agent[12992] DBG: chan_0x000002b8 <- NOP 2020-09-03 00:08:42 gpg-agent[12992] DBG: chan_0x000002b8 -> OK 2020-09-03 00:08:42 gpg-agent[12992] DBG: chan_0x000002b8 <- [eof] 2020-09-03 00:08:56 gpg-agent[12992] DBG: ssh map file 'WSLPageantRequest' 2020-09-03 00:08:56 gpg-agent[12992] DBG: ssh map handle 0x00000274 2020-09-03 00:08:56 gpg-agent[12992] DBG: my sid: '<SID>' 2020-09-03 00:08:56 gpg-agent[12992] DBG: ssh map file sid: '<SID>' 2020-09-03 00:08:56 gpg-agent[12992] DBG: ssh IPC buffer at 0x00670000 2020-09-03 00:08:56 gpg-agent[12992] ssh request handler for request_identities (11) started 2020-09-03 00:08:56 gpg-agent[12992] no running SCdaemon - starting it 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 <- OK GNU Privacy Guard's Smartcard server ready 2020-09-03 00:08:56 gpg-agent[12992] DBG: first connection to SCdaemon established 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 -> GETINFO socket_name 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 <- D C:\Users\avemilia\AppData\Roaming\gnupg\S.scdaemon 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 <- OK 2020-09-03 00:08:56 gpg-agent[12992] DBG: additional connections at 'C:\Users\avemilia\AppData\Roaming\gnupg\S.scdaemon' 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 -> OPTION event-signal=0x00000290 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 <- OK 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 -> SERIALNO 2020-09-03 00:08:56 gpg-agent[12992] SIGUSR2 received - updating card event counter 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 <- S SERIALNO <SERIALNO> 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 <- OK 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 -> GETINFO card_list 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 <- S SERIALNO <SERIALNO> 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 <- OK 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 -> SERIALNO --demand=<SERIALNO> 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 <- S SERIALNO <SERIALNO> 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 <- OK 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 -> GETATTR $AUTHKEYID 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 <- S $AUTHKEYID OPENPGP.3 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 <- OK 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 -> GETATTR SERIALNO 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 <- S SERIALNO <SERIALNO> 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 <- OK 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 -> READKEY OPENPGP.3 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_000002B8 <- [ 44 20 28 <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> ...(<XXX> byte(s) skipped) ] 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 <- OK 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 -> GETATTR $DISPSERIALNO 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 <- S $DISPSERIALNO <DISPSERIALNO> 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 <- OK 2020-09-03 00:08:56 gpg-agent[12992] ssh request handler for request_identities (11) ready 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 -> RESTART 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 <- OK 2020-09-03 00:08:56 gpg-agent[12992] DBG: ssh map file 'WSLPageantRequest' 2020-09-03 00:08:56 gpg-agent[12992] DBG: ssh map handle 0x00000274 2020-09-03 00:08:56 gpg-agent[12992] DBG: my sid: '<SID>' 2020-09-03 00:08:56 gpg-agent[12992] DBG: ssh map file sid: '<SID>' 2020-09-03 00:08:56 gpg-agent[12992] DBG: ssh IPC buffer at 0x00670000 2020-09-03 00:08:56 gpg-agent[12992] ssh request handler for sign_request (13) started 2020-09-03 00:08:56 gpg-agent[12992] new connection to SCdaemon established (reusing) 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 -> SERIALNO --demand=<SERIALNO> 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 <- S SERIALNO <SERIALNO> 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 <- OK 2020-09-03 00:08:56 gpg-agent[12992] DBG: detected card with S/N <SERIALNO> 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 -> SETDATA <XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX> 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 <- OK 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_0x000002b8 -> PKAUTH OPENPGP.3 2020-09-03 00:08:56 gpg-agent[12992] DBG: chan_000002B8 <- [ 49 4e 51 <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> ...(<XX> byte(s) skipped) ] 2020-09-03 00:08:56 gpg-agent[12992] starting a new PIN Entry 2020-09-03 00:08:56 gpg-agent[12992] DBG: connection to PIN entry established 2020-09-03 00:09:05 gpg-agent[12992] DBG: chan_000002B8 -> [ 44 20 7e <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> ...(<XX> byte(s) skipped) ] 2020-09-03 00:09:05 gpg-agent[12992] DBG: chan_0x000002b8 -> END 2020-09-03 00:09:08 gpg-agent[12992] DBG: chan_000002B8 <- [ 44 20 39 <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> ...(<XXX> byte(s) skipped) ] 2020-09-03 00:09:08 gpg-agent[12992] DBG: chan_0x000002b8 <- OK 2020-09-03 00:09:08 gpg-agent[12992] ssh request handler for sign_request (13) ready 2020-09-03 00:09:08 gpg-agent[12992] DBG: chan_0x000002b8 -> RESTART 2020-09-03 00:09:08 gpg-agent[12992] DBG: chan_0x000002b8 <- OK 2020-09-03 00:09:08 gpg-agent[12992] DBG: chan_0x00000294 -> OK Pleased to meet you 2020-09-03 00:09:08 gpg-agent[12992] DBG: chan_0x00000294 <- RESET 2020-09-03 00:09:08 gpg-agent[12992] DBG: chan_0x00000294 -> OK 2020-09-03 00:09:08 gpg-agent[12992] DBG: chan_0x00000294 <- OPTION ttyname=/dev/pts/13 2020-09-03 00:09:08 gpg-agent[12992] DBG: chan_0x00000294 -> ERR 67109115 Forbidden <GPG Agent> 2020-09-03 00:09:08 gpg-agent[12992] DBG: chan_0x00000294 <- GETINFO restricted 2020-09-03 00:09:08 gpg-agent[12992] DBG: chan_0x00000294 -> OK 2020-09-03 00:09:08 gpg-agent[12992] DBG: chan_0x00000294 <- updatestartuptty 2020-09-03 00:09:08 gpg-agent[12992] command 'UPDATESTARTUPTTY' failed: Forbidden 2020-09-03 00:09:08 gpg-agent[12992] DBG: chan_0x00000294 -> ERR 67109115 Forbidden <GPG Agent> 2020-09-03 00:09:08 gpg-agent[12992] DBG: chan_0x00000294 <- [eof] 2020-09-03 00:09:20 gpg-agent[12992] DBG: chan_0x000002fc -> OK Pleased to meet you 2020-09-03 00:09:20 gpg-agent[12992] DBG: chan_0x000002fc <- RESET 2020-09-03 00:09:20 gpg-agent[12992] DBG: chan_0x000002fc -> OK 2020-09-03 00:09:20 gpg-agent[12992] DBG: chan_0x000002fc <- OPTION ttyname=/dev/pts/13 2020-09-03 00:09:20 gpg-agent[12992] DBG: chan_0x000002fc -> ERR 67109115 Forbidden <GPG Agent> 2020-09-03 00:09:20 gpg-agent[12992] DBG: chan_0x000002fc <- GETINFO restricted 2020-09-03 00:09:20 gpg-agent[12992] DBG: chan_0x000002fc -> OK 2020-09-03 00:09:20 gpg-agent[12992] DBG: chan_0x000002fc <- GETINFO version 2020-09-03 00:09:20 gpg-agent[12992] DBG: chan_0x000002fc -> D 2.2.22 2020-09-03 00:09:20 gpg-agent[12992] DBG: chan_0x000002fc -> OK 2020-09-03 00:09:20 gpg-agent[12992] DBG: chan_0x000002fc <- OPTION allow-pinentry-notify 2020-09-03 00:09:20 gpg-agent[12992] DBG: chan_0x000002fc -> ERR 67109115 Forbidden <GPG Agent> 2020-09-03 00:09:20 gpg-agent[12992] DBG: chan_0x000002fc <- OPTION agent-awareness=2.1.0 2020-09-03 00:09:20 gpg-agent[12992] DBG: chan_0x000002fc -> OK 2020-09-03 00:09:20 gpg-agent[12992] DBG: chan_0x000002fc <- SCD GETINFO version 2020-09-03 00:09:20 gpg-agent[12992] command 'SCD' failed: Forbidden 2020-09-03 00:09:20 gpg-agent[12992] DBG: chan_0x000002fc -> ERR 67109115 Forbidden <GPG Agent> 2020-09-03 00:09:20 gpg-agent[12992] DBG: chan_0x000002fc <- [eof] 2020-09-03 00:09:32 gpg-agent[12992] DBG: chan_0x00000274 -> OK Pleased to meet you 2020-09-03 00:09:32 gpg-agent[12992] DBG: chan_0x00000274 <- RESET 2020-09-03 00:09:32 gpg-agent[12992] DBG: chan_0x00000274 -> OK 2020-09-03 00:09:32 gpg-agent[12992] DBG: chan_0x00000274 <- GETINFO scd_running 2020-09-03 00:09:32 gpg-agent[12992] DBG: chan_0x00000274 -> OK 2020-09-03 00:09:32 gpg-agent[12992] DBG: chan_0x00000274 <- scd killscd 2020-09-03 00:09:32 gpg-agent[12992] new connection to SCdaemon established (reusing) 2020-09-03 00:09:32 gpg-agent[12992] DBG: chan_0x000002b8 -> killscd 2020-09-03 00:09:32 gpg-agent[12992] DBG: chan_0x000002b8 <- OK closing connection 2020-09-03 00:09:32 gpg-agent[12992] DBG: chan_0x00000274 -> OK 2020-09-03 00:09:32 gpg-agent[12992] DBG: chan_0x00000274 <- [eof] 2020-09-03 00:09:32 gpg-agent[12992] DBG: chan_0x000002b8 -> RESTART 2020-09-03 00:09:32 gpg-agent[12992] DBG: chan_0x000002b8 <- [eof] 2020-09-03 00:09:32 gpg-agent[12992] DBG: chan_0x00000328 -> OK Pleased to meet you 2020-09-03 00:09:32 gpg-agent[12992] DBG: chan_0x00000328 <- RESET 2020-09-03 00:09:32 gpg-agent[12992] DBG: chan_0x00000328 -> OK 2020-09-03 00:09:32 gpg-agent[12992] DBG: chan_0x00000328 <- KILLAGENT 2020-09-03 00:09:32 gpg-agent[12992] DBG: chan_0x00000328 -> OK closing connection 2020-09-03 00:09:32 gpg-agent[12992] secmem usage: 0/32768 bytes in 0 blocks gpg-agent.conf on local: enable-ssh-support enable-putty-support default-cache-ttl 60 max-cache-ttl 120 verbose debug-level advanced log-file C:\Users\avemilia\AppData\Roaming\gnupg\gpg-agent.log scdaemon.log on local: 2020-09-03 00:08:56 scdaemon[5332] listening on socket 'C:\Users\avemilia\AppData\Roaming\gnupg\S.scdaemon' 2020-09-03 00:08:56 scdaemon[5332] handler for fd -1 started 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 -> OK GNU Privacy Guard's Smartcard server ready 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 <- GETINFO socket_name 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 -> D C:\Users\avemilia\AppData\Roaming\gnupg\S.scdaemon 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 -> OK 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 <- OPTION event-signal=0x00000290 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 -> OK 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 <- SERIALNO 2020-09-03 00:08:56 scdaemon[5332] detected reader 'Yubico Yubikey 4 OTP+U2F+CCID 0' 2020-09-03 00:08:56 scdaemon[5332] reader slot 0: not connected 2020-09-03 00:08:56 scdaemon[5332] reader slot 0: active protocol: T1 2020-09-03 00:08:56 scdaemon[5332] slot 0: ATR=[...] 2020-09-03 00:08:56 scdaemon[5332] AID: [...] 2020-09-03 00:08:56 scdaemon[5332] Historical Bytes: [...] 2020-09-03 00:08:56 scdaemon[5332] Version-2+ .....: yes 2020-09-03 00:08:56 scdaemon[5332] Extcap-v3 ......: no 2020-09-03 00:08:56 scdaemon[5332] Button .........: yes 2020-09-03 00:08:56 scdaemon[5332] SM-Support .....: no 2020-09-03 00:08:56 scdaemon[5332] Get-Challenge ..: no 2020-09-03 00:08:56 scdaemon[5332] Key-Import .....: yes 2020-09-03 00:08:56 scdaemon[5332] Change-Force-PW1: yes 2020-09-03 00:08:56 scdaemon[5332] Private-DOs ....: yes 2020-09-03 00:08:56 scdaemon[5332] Algo-Attr-Change: yes 2020-09-03 00:08:56 scdaemon[5332] Symmetric Crypto: no 2020-09-03 00:08:56 scdaemon[5332] KDF-Support ....: no 2020-09-03 00:08:56 scdaemon[5332] Max-Cert3-Len ..: 1216 2020-09-03 00:08:56 scdaemon[5332] Cmd-Chaining ...: yes 2020-09-03 00:08:56 scdaemon[5332] Ext-Lc-Le ......: no 2020-09-03 00:08:56 scdaemon[5332] Status-Indicator: 05 2020-09-03 00:08:56 scdaemon[5332] GnuPG-No-Sync ..: no 2020-09-03 00:08:56 scdaemon[5332] GnuPG-Def-PW2 ..: no 2020-09-03 00:08:56 scdaemon[5332] Key-Attr-sign ..: RSA, n=4096, e=17, fmt=std 2020-09-03 00:08:56 scdaemon[5332] Key-Attr-encr ..: RSA, n=4096, e=17, fmt=std 2020-09-03 00:08:56 scdaemon[5332] Key-Attr-auth ..: RSA, n=4096, e=17, fmt=std 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 -> S SERIALNO <SERIALNO> 2020-09-03 00:08:56 scdaemon[5332] triggering event 0x00000290 (0x00000290) for client -1 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 -> OK 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 <- GETINFO card_list 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 -> S SERIALNO <SERIALNO> 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 -> OK 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 <- SERIALNO --demand=<SERIALNO> 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 -> S SERIALNO <SERIALNO> 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 -> OK 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 <- GETATTR $AUTHKEYID 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 -> S $AUTHKEYID OPENPGP.3 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 -> OK 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 <- GETATTR SERIALNO 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 -> S SERIALNO <SERIALNO> 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 -> OK 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 <- READKEY OPENPGP.3 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_00000150 -> [ 44 20 28 <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> ...(<XXX> byte(s) skipped) ] 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 -> OK 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 <- GETATTR $DISPSERIALNO 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 -> S $DISPSERIALNO 000606330752 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 -> OK 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 <- RESTART 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 -> OK 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 <- SERIALNO --demand=<SERIALNO> 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 -> S SERIALNO <SERIALNO> 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 -> OK 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 <- SETDATA XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 -> OK 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_0x00000150 <- PKAUTH OPENPGP.3 2020-09-03 00:08:56 scdaemon[5332] DBG: asking for PIN '||Please unlock the card%0A%0ANumber: XXXX XXXXXXXX%0AHolder: Ave Milia' 2020-09-03 00:08:56 scdaemon[5332] DBG: chan_00000150 -> [ 49 4e 51 <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> ...(<XX> byte(s) skipped) ] 2020-09-03 00:09:05 scdaemon[5332] DBG: chan_00000150 <- [ 44 20 7e <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> ...(<XX> byte(s) skipped) ] 2020-09-03 00:09:05 scdaemon[5332] DBG: chan_0x00000150 <- END 2020-09-03 00:09:08 scdaemon[5332] operation auth result: Success 2020-09-03 00:09:08 scdaemon[5332] DBG: chan_00000150 -> [ 44 20 39 <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> <XX> ...(<XXX> byte(s) skipped) ] 2020-09-03 00:09:08 scdaemon[5332] DBG: chan_0x00000150 -> OK 2020-09-03 00:09:08 scdaemon[5332] DBG: chan_0x00000150 <- RESTART 2020-09-03 00:09:08 scdaemon[5332] DBG: chan_0x00000150 -> OK 2020-09-03 00:09:32 scdaemon[5332] DBG: chan_0x00000150 <- killscd 2020-09-03 00:09:32 scdaemon[5332] DBG: chan_0x00000150 -> OK closing connection scdaemon.conf on local: card-timeout 5 verbose debug-level advanced log-file C:\Users\avemilia\AppData\Roaming\gnupg\scdaemon.log gpg.conf on local: identical to remote If you need any additional logs, e.g. ssh -v, or certain lines unredacted, I can provide them as well. To summarize the problem: I want to forward gpg-agent, got "forbidden" errors, tried additionally forwarding gpg-ssh-agent and the errors are still present. No more ideas how to fix it. [0] <https://github.com/benpye/wsl-ssh-pageant> [1] <https://dev.gnupg.org/T3883> [2] <https://github.com/PowerShell/Win32-OpenSSH/issues/827> [3] <https://github.com/BusyJay/gpg-bridge> [4] <https://github.com/PowerShell/Win32-OpenSSH/issues/1564> [5] <https://wiki.gnupg.org/AgentForwarding> [6] <https://blog.alt255.com/post/gpg_forwarding/> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users