gpg-agent, ssh-add & crypto card keys
Jens Peter Secher
jpsecher at gmail.com
Tue Aug 19 12:01:23 CEST 2008
On one system (Debian Lenny), I am using an SSH key on a FSFE
Fellowship crypto card to make SSH logins to a remote host, mostly by
using Karsten Gerloff's instructions , and this functionality is
indeed "extremely cool".
I have now tried to do the same on another system (also Debian Lenny),
and everything works fine except that ssh-add is seeing the SSH key on
the crypto card. In other words, I can see what's on the crypto card
$ gpg --card-status
Application ID ...: D2760001240101010001000003330000
Version ..........: 1.1
Authentication key: 4507 9CAC A220 8806 97C4 8F5F 6723 EF78 69F7 F9A5
created ....: 2008-04-05 18:34:49
General key info..: pub 1024R/68FBACED 2008-04-05 Jens Peter Secher
<jpsecher at gmail.com>
sec# 1024D/6818E016 created: 2008-04-05 expires: never
ssb> 1024R/69F7F9A5 created: 2008-04-05 expires: never
card-no: 0001 00000333
I can encrypt and decrypt:
$ gpg -e foo.txt
$ gpg -d foo.txt.gpg
which makes pinentry-gtk-2 ask me my passphrase.
gpg-agent is started with '--enable-ssh-support', and the environment
$ set | egrep 'AGENT|SSH'
But 'ssh-add -l' shows no keys.
ssh-add has an option '-s reader', but I cannot figure out what
'reader' should be, and tracing trough the source code does not make
me any wiser.
Do anyone have any suggestions on how to proceed?
Jens Peter Secher.
_DD6A 05B0 174E BFB2 D4D9 B52E 0EE5 978A FE63 E8A1 jpsecher gmail com_.
A. Because it breaks the logical sequence of discussion.
Q. Why is top posting bad?
 http://www.fsfe.org/en/card/howto/subkey_howto and
More information about the Gnupg-users