gpg-agent, ssh-add & crypto card keys
Jens Peter Secher
jpsecher at gmail.com
Tue Aug 19 12:01:23 CEST 2008
On one system (Debian Lenny), I am using an SSH key on a FSFE
Fellowship crypto card to make SSH logins to a remote host, mostly by
using Karsten Gerloff's instructions [1], and this functionality is
indeed "extremely cool".
I have now tried to do the same on another system (also Debian Lenny),
and everything works fine except that ssh-add is seeing the SSH key on
the crypto card. In other words, I can see what's on the crypto card
$ gpg --card-status
Application ID ...: D2760001240101010001000003330000
Version ..........: 1.1
[...]
Authentication key: 4507 9CAC A220 8806 97C4 8F5F 6723 EF78 69F7 F9A5
created ....: 2008-04-05 18:34:49
General key info..: pub 1024R/68FBACED 2008-04-05 Jens Peter Secher
<jpsecher at gmail.com>
sec# 1024D/6818E016 created: 2008-04-05 expires: never
ssb> 1024R/69F7F9A5 created: 2008-04-05 expires: never
card-no: 0001 00000333
[...]
I can encrypt and decrypt:
$ gpg -e foo.txt
$ gpg -d foo.txt.gpg
which makes pinentry-gtk-2 ask me my passphrase.
gpg-agent is started with '--enable-ssh-support', and the environment
seems right:
$ set | egrep 'AGENT|SSH'
GPG_AGENT_INFO=/tmp/gpg-7ciDXH/S.gpg-agent:3429:1
SSH_AGENT_PID=3429
SSH_AUTH_SOCK=/tmp/gpg-zsc6dQ/S.gpg-agent.ssh
But 'ssh-add -l' shows no keys.
ssh-add has an option '-s reader', but I cannot figure out what
'reader' should be, and tracing trough the source code does not make
me any wiser.
Do anyone have any suggestions on how to proceed?
--
Jens Peter Secher.
_DD6A 05B0 174E BFB2 D4D9 B52E 0EE5 978A FE63 E8A1 jpsecher gmail com_.
A. Because it breaks the logical sequence of discussion.
Q. Why is top posting bad?
[1] http://www.fsfe.org/en/card/howto/subkey_howto and
http://www.fsfe.org/fellows/greve/freedom_bits/authenticating_ssh_logins_with_the_fellowship_crypto_card
More information about the Gnupg-users
mailing list