gpg-agent chooses wrong identity when picking SSH key

Faru Guredo faruguredo at
Sat Feb 15 15:19:21 CET 2014

After I have done small investigation, I've found that it's only the second
try when gpg-agent uses wrong identity. The first is done with correct
identity, but ssh server failed to authenticate the key because of this

error: RSA_public_decrypt failed:
debug1: ssh_rsa_verify: signature incorrect

Both keys are RSA with the same length (4096).

debug1: Server accepts key: pkalg ssh-rsa blen 535.

But ssh server refuses to validate the first and approves only the latter
one (there is a gitolite installation) which causes the push to be done
with the wrong key, and hence, the wrong username.

2014-02-14 10:23 GMT+04:00 Faru Guredo <faruguredo at>:

> Hello.
> I am migrating from ssh-agent to gpg-agent and have successfully loaded my
> SSH keys into the new agent,
> $ ssh-add -l
> 4096 5c:f3:b8:34:56:31:08:88:7b:4d:a3:ce:d8:9b:62:d7
> /home/faru/.ssh/first-company (RSA)
> 4096 d9:14:07:00:15:c4:7b:70:c4:94:73:6c:bb:5d:25:42
> /home/faru/.ssh/second-company (RSA)
> 4096 df:19:f5:24:c7:2f:09:c3:ef:15:03:9f:aa:46:4c:06
> /home/faru/.ssh/third-company (RSA)
> 4096 05:28:b8:2b:dc:65:55:d3:62:8b:37:e7:b5:a6:df:a4
> /home/faru/.ssh/fourth-company (RSA)
> And in ~/.ssh/config I have lines, telling that ~/.ssh/third-company
> should be used when connecting to
> Host third-company
> HostName
> User git
> IdentityFile ~/.ssh/third-company
> Though, when I push commits there, git on the server says 'Access denied
> for first-company'. So I figured out that gpg-agent uses first available
> key instead of looking at the host and settings in ~/.ssh/config
> Host is defined in .git/config as
> [remote "origin"]
>     url = ssh://git@third-company/reponame.git
> How could I fix that?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140215/e0b6744b/attachment-0001.html>

More information about the Gnupg-users mailing list