Open Pgp Smartcard ssh authentication Woes :(

Edward Robinson eddrobinson at gmail.com
Tue Apr 29 20:18:06 CEST 2008


Hello All,

I am having both success and failure with regard to getting ssh
authentication to work with my openpgp smartcard.  On my Ubuntu Gutsy
(Gnome) Box things are great, `ssh-add -l' reports the key correctly and
I can successfully authenticate myself when ssh'ing to another box.

However, on my laptop, which is running Debain Lenny (Gnome), I can't
get it to work.  ssh-add -l returns the annoying `The agent has no
identities'.  I have done no end of fiddling to get this working.  Here
is a list of things that I think may be relevant and that I have
installed at the moment:

Ubuntu Box (Working)

gnupg: 1.4.6-2ubuntu4
gnupg2: Not Installed
gnupg-agent: 2.0.4-1ubuntu3
pcscd: 1.4.3-1
gpgsm: 2.0.4
seahorse: 2.20.1-0ubuntu1
pinentry-gtk-2: 0.7.3-1ubuntu2

gpg.conf contains `use-agent'

gpg-agent.conf:
------
pinentry-program /usr/bin/pinentry-gtk-2
default-cache-ttl 1800
enable-ssh-support
------

Further, the loading line in my /etc/X11/Xsessions.d/90-gpg-agent looks
like:
------
if ! $GPGAGENT 2>/dev/null; then
       $GPGAGENT --daemon --sh --enable-ssh-support>"$PID_FILE"
       . "$PID_FILE"
   fi
------


Debain Lenny Laptop (NOT Working)

gnupg: 1.4.6-2.1
gnupg2: 2.0.9-1
gnupg-agent: 2.0.9-1
pcscd: 1.4.3-1
gpgsm: 2.0.9-1
seahorse: 2.22.0-1
pinentry-gtk-2: 0.7.5-1

gpg.conf contains `use-agent'

gpg-agent.conf:
------
pinentry-program /usr/bin/pinentry-gtk-2
default-cache-ttl 1800
enable-ssh-support
------

Further, the loading line in my /etc/X11/Xsessions.d/90-gpg-agent looks
like:
------
if ! $GPGAGENT 2>/dev/null; then
       STARTUP="$GPGAGENT --daemon --sh --enable-ssh-support
--write-env-file=$PID_FILE $STARTUP"
fi
------

I have tried using it without gnupg2 on lenny (so it was same packages
as ubuntu box) but doesn't make a difference...

The card works on the laptop in all other respects (signing, encrypting)
but wont work with the ssh authentication.  Anyone have any thoughts?  I
guess it's down to the different package versions??

Also, can someone explain to me exactly what I need for this to work, I
am confused if I actually need gpgsm installed for example.

many thanks,

Edd



More information about the Gnupg-users mailing list