Re: Win 11 + Smarcard: SSH public key authentication fails

Wed, 17 Jan 2024 00:08:41 -0800 

Hello,

accidently I identified the root cause for this issue.

I executed this SSH command:

ssh <remoteserver>
I didn't use ssh <user>@<remoteserver> on purpose because I'm used to use the same user on remoteserver as on client. 

After executing SSH command

ssh <user>@<remoteserver>

gpg-agent works as expected and I can login with public key.
One may consider this as a bug, however I'm happy that I found a solution for my issue. 

Now I can proceed to next issue: SSH forward

Thanks for your great support!

Thomas

Am 2024-01-16 18:50, schrieb Werner Koch:


On Mon, 15 Jan 2024 20:03, Thomas Schneider said:


And ssh-pageant is not available for Win 11, but pageant is included
in PuTTY.
I didn't implemented or tested the newer --enable-w32-openssh-support so I don't have first have experience. However, Windows comes with an sssh server and an client, which are slighly modified OpenSSH versions. Thus 
you should be able to simply run

c:\ ssh -v snow...@hawaii.nsa.gov

The ssh diagnostics enabled with -v should show you what's going on and
whether ssh tries to use an ssh-agent implementation.

You need to start gpg-agent first, of course:

gpgconf --launch gpg-agent

or run any gpg command or kleopatra, etc.)


Could you please share some details of your working setup (scripts
connecting from Win 10/11 to other servers using SSH).


Okay, let's try it: I just installed a gpg4win 4.3.0-beta and tried it
on my testbox (Windows 10.0 build 19045) using my regular token:

debug1: Next authentication method: publickey
debug1: Offering public key: cardno:FFFE_xxxxxxx ED25519 SHA256:tXYM7ne2kI+ZUw7jGii9LBhoz8uB0ucKv28OSSW6a/g agent debug1: Server accepts key: cardno:FFFE_xxxxxxx ED25519 SHA256:tXYM7ne2kI+ZUw7jGii9LBhoz8uB0ucKv28OSSW6a/g agent 
debug1: Authentication succeeded (publickey).
Authenticated to ftp.gnupg.org ([217.69.76.55]:22).

But that should also work with your gpg4win version.

the native client you need to add *enable-w32-openssh-support* to your


Oops, the option is actually *enable-win32-openssh-support*.  I try to
get it into the Kleopatra config dialog with gnupg 2.4.4 - right now
kleopatra can only enable the Unix style ssh support.

Shalom-Salam,

   Werner
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to