sshcontrol, confirm flag and smartcards
ml at filippo.io
Fri Oct 7 17:48:19 CEST 2016
I'm using a smartcard to hold my SSH key. Everything is functional out
of the box. From the man page:
> Note that keys available
> through a OpenPGP smartcard in the active smartcard reader are
> implicitly added to this list; i.e. there is no need to list them.
However, I want to enable the "confirm" flag. So I added a line with the
keygrip to sshcontrol.
Now I see two keys over the ssh-agent with identical fingerprints (so I
didn't get the keygrip wrong):
2048 SHA256:[REDACTED] cardno:[REDACTED] (RSA)
2048 SHA256:[REDACTED] (none) (RSA)
Which gets annoying because all operations are attempted twice (for
example if authentication fails), and I suspect it also allows a
I suspect gnupg should deduplicate them automatically.
I'm on gpg (GnuPG) 2.1.15 on OS X.
[Please keep me CC'd]
More information about the Gnupg-devel