gpg-agent + smartcards + OS X 10.10 = lots of problems
Thomas Harning Jr.
harningt at gmail.com
Tue Dec 16 03:07:01 CET 2014
OSX 10.10 has many known issues regarding PC/SC compatibility. See Ludovic
Rousseau's blog which illustrates some issues:
On Mon, Dec 15, 2014, 8:45 PM Florin Andrei <florin at andrei.myip.org> wrote:
> I'm generating and storing ssh keys on smartcards, and I use gpg-agent
> in ssh-agent emulation mode for authentication. This is what I have in
> pinentry-program [various pinentry apps]
> default-cache-ttl 600
> max-cache-ttl 7200
> Then in ~/.bash_profile I have this:
> source ~/.gpg-agent-info
> This is the smartcard type I use - the YubiKey NEO:
> I use gpg and gpg-agent version 2.0.26 from Homebrew. I have also tried
> GPGTools, but the results are the same.
> After launching the agent with "gpg-agent --daemon", the ssh client will
> authenticate using the key stored on the smartcard, everything works
> just great. At least that was the case on OS X 10.9.
> After upgrading to 10.10, I've had lots of issues. Authentication seems
> to work for a while after I boot up and log into my account, but then
> after 1 hour, maybe 2, it stops working. Sometimes ssh sessions get
> stuck somewhere in authentication; other times authentication just fails.
> If I kill gpg-agent and restart it, and unplug / replug the smartcard,
> everything works again - for a while. Then later again authentication
> starts having problems, and I have to do the kill / relaunch / unplug /
> replug song and dance all over again.
> I've heard there were some changes in the smartcard framework in 10.10,
> but I'm not sure how relevant that is to this issue.
> Any idea what I can do to get the smartcards working again? (other than
> downgrade to OS X 10.9)
> Florin Andrei
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users