Hello, I have used GNUpg2 v 2.2.19 [1] to create an authentication RSA subkey for use with SSH. At one point, I got past pinentry's blocking of the use of the private key and successfully logged in via SSH to the server from the one session. In order to test my notes (as I usually do) I erased everything and started over with a newly created client-side account and updated authorized_keys on the server. Some step is missing and I cannot figure out how to get pinentry involved to make the key available for the SSH client to use again.
What else is needed to get pinentry invoked so that the SSH client can connect using the GnuPG RSA key? At this point the public key is visible in the SSH agent: $ ssh-add -l 3072 SHA256:j0V4cVzC...NKQPA (none) (RSA) and the public key has been saved in the default file: $ssh-add -L > ~/.ssh/id_rsa and the SSH client seems to offer the public key to the server, $ time ssh -v server.example.org ... debug1: Next authentication method: publickey debug1: Offering public key: (none) RSA SHA256:j0V4cVzC...NKQPA agent debug1: Server accepts key: (none) RSA SHA256:j0V4cVzC...NKQPA agent sign_and_send_pubkey: signing failed for RSA "/home/lars/.ssh/id_rsa" from agent: agent refused operation ... debug1: Trying private key: /home/lars/.ssh/id_xmss debug1: No more authentication methods to try. debug1: Next authentication method: keyboard-interactive Connection closed by server.example.org port 22 ssh -v server.example.org 0.00s user 0.00s system 0% cpu 2:05.81 total The contents of gpg-agent.conf and gpg.conf are as follows: $ cat ~/.gnupg/gpg-agent.conf pinentry-program /usr/bin/pinentry-curses enable-ssh-support allow-loopback-pinentry $ cat ~/.gnupg/gpg.conf use-agent pinentry-mode loopback I have set $GPG_TTY and $SSH_AUTH_SOCK $ export GPG_TTY=$(tty) $ gpg-connect-agent updatestartuptty /bye >/dev/null $ export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) $ gpg-agent status /bye gpg-agent[48580]: gpg-agent running and available What else should I add, change, or read to get past the barrier of pinentry? /Lars [1] $ apt-cache policy gnupg2 | head -n 2 gnupg2: Installed: 2.2.19-3ubuntu2.1 $ gpg2 --version | head -n 2 gpg (GnuPG) 2.2.19 libgcrypt 1.8.5 $ lsb_release -rd Description: Linux Mint 20.2 Release: 20.2 $ uname -prs Linux 5.4.0-91-generic x86_64 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users