gpg-agent chooses wrong identity when picking SSH key
Faru Guredo
faruguredo at gmail.com
Sat Feb 15 15:19:21 CET 2014
After I have done small investigation, I've found that it's only the second
try when gpg-agent uses wrong identity. The first is done with correct
identity, but ssh server failed to authenticate the key because of this
error:
error: RSA_public_decrypt failed:
error:0407006A:lib(4):func(112):reason(106)
debug1: ssh_rsa_verify: signature incorrect
Both keys are RSA with the same length (4096).
debug1: Server accepts key: pkalg ssh-rsa blen 535.
But ssh server refuses to validate the first and approves only the latter
one (there is a gitolite installation) which causes the push to be done
with the wrong key, and hence, the wrong username.
2014-02-14 10:23 GMT+04:00 Faru Guredo <faruguredo at gmail.com>:
> Hello.
>
> I am migrating from ssh-agent to gpg-agent and have successfully loaded my
> SSH keys into the new agent,
>
> $ ssh-add -l
> 4096 5c:f3:b8:34:56:31:08:88:7b:4d:a3:ce:d8:9b:62:d7
> /home/faru/.ssh/first-company (RSA)
> 4096 d9:14:07:00:15:c4:7b:70:c4:94:73:6c:bb:5d:25:42
> /home/faru/.ssh/second-company (RSA)
> 4096 df:19:f5:24:c7:2f:09:c3:ef:15:03:9f:aa:46:4c:06
> /home/faru/.ssh/third-company (RSA)
> 4096 05:28:b8:2b:dc:65:55:d3:62:8b:37:e7:b5:a6:df:a4
> /home/faru/.ssh/fourth-company (RSA)
>
> And in ~/.ssh/config I have lines, telling that ~/.ssh/third-company
> should be used when connecting to third-company.com
>
> Host third-company
> HostName third-company.com
> User git
> IdentityFile ~/.ssh/third-company
>
> Though, when I push commits there, git on the server says 'Access denied
> for first-company'. So I figured out that gpg-agent uses first available
> key instead of looking at the host and settings in ~/.ssh/config
> Host is defined in .git/config as
>
> [remote "origin"]
> url = ssh://git@third-company/reponame.git
>
> How could I fix that?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140215/e0b6744b/attachment-0001.html>
More information about the Gnupg-users
mailing list