gpg-agent + smartcards + OS X 10.10 = lots of problems

Florin Andrei florin at
Tue Dec 16 02:43:27 CET 2014

I'm generating and storing ssh keys on smartcards, and I use gpg-agent 
in ssh-agent emulation mode for authentication. This is what I have in 

pinentry-program [various pinentry apps]
default-cache-ttl 600
max-cache-ttl 7200

Then in ~/.bash_profile I have this:

source ~/.gpg-agent-info

This is the smartcard type I use - the YubiKey NEO:

I use gpg and gpg-agent version 2.0.26 from Homebrew. I have also tried 
GPGTools, but the results are the same.

After launching the agent with "gpg-agent --daemon", the ssh client will 
authenticate using the key stored on the smartcard, everything works 
just great. At least that was the case on OS X 10.9.

After upgrading to 10.10, I've had lots of issues. Authentication seems 
to work for a while after I boot up and log into my account, but then 
after 1 hour, maybe 2, it stops working. Sometimes ssh sessions get 
stuck somewhere in authentication; other times authentication just fails.

If I kill gpg-agent and restart it, and unplug / replug the smartcard, 
everything works again - for a while. Then later again authentication 
starts having problems, and I have to do the kill / relaunch / unplug / 
replug song and dance all over again.

I've heard there were some changes in the smartcard framework in 10.10, 
but I'm not sure how relevant that is to this issue.

Any idea what I can do to get the smartcards working again? (other than 
downgrade to OS X 10.9)

Florin Andrei

More information about the Gnupg-users mailing list