GnuPG Card with ssh authentication problems
kgo at grant-olson.net
Sun Feb 27 05:45:43 CET 2011
On 02/26/2011 10:06 PM, Brady Young wrote:
> In any case, I undertsand the next step is to get the ssh-ified version
> of the key, adding to to ~/.ssh/authorized_keys on the remote host:
> $ gpgkey2ssh 3B70AC3E > file_to_upload
> (file_to_upload is scp'd over to remote host in correct location..)
> (I sohuld also note gpgkey2ssh is in dire need of documentation and
> proper error handling.)
"ssh-add -L" does this a little better. But yes, the more obscure
features in gpg get, the more obscure the documentation is. ;-)
> sshing into my host at this point, ssh fails to recognize I have a key
> at all (although does attempt to send the empty ~/.ssh/id_dsa and id_rsa),
> and falls back to a password login.
> My GnuPG card has been working fine with signing and encryption subkeys,
> so I'm not suspecting a card communication error here..
You can check to see if gpg-agent knows about the key by checking the
contents of ~/.gnupg/private-keys-v1.d/. If there's nothing there, the
key didn't make it into gpg-agent:
grant at johnyaya:~$ ls /home/grant/.gnupg/private-keys-v1.d/
Another thing that might help...
If gpg-agent is working properly, it'll also import your old keys like
~/.ssh/id_rsa, asking you for an old password, and then asking for a new
password to save, and generating a file under ~/.gnupg/private-keys-v1.d/.
So you could try creating normal ssh keys, adding those to your
authorized keys file normally, ssh'ing normally, without gpg-agent. If
all that works, enable gpg-agent again and see if pinentry takes over
when you ssh to the box, and tries to import ~/,ssh/id_rsa.
That will at least let you know if it's gpg-agent or the card that's
giving you problems.
"Look around! Can you construct some sort of rudimentary lathe?"
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 565 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users