Possible bug when using smartcards and gpg-agent2.0 as the ssh-agent

Víctor Cuadrado Juan me at viccuad.me
Wed Aug 12 20:55:10 CEST 2015


I'm using gpg-agent 2.0.28 (Debian Stretch) as the ssh agent, with
I have disabled the Gnome Keyring, and I'm only using gpg-agent. I have
a properly configured Yubikey Neo with an auth subkey, and the Yubikey
is correctly configured and in use. I have a clean ~/.gnupg/sshcontrol
file, and no ~/.ssh directory at all.

At first instance everything works fine, 'ssh-add -l' and 'ssh-add -L'
show my key when I have my Yubikey connected: (I'm redacting the key and
the card number)

$ ssh-add -l
2048 **:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**
cardno:00060******* (RSA)

Yet when I try to use it to connect to the server by ssh I get a GUI
popup that says:

"take out the current card and insert the one with the serial number:
(In my case, in spanish, "Retire tarjeta actual e inserte la que
tiene número de serie: ")

The serial number on ssh-add -L is the same "card-no" that appears next
to the auth subkey in gpg --card-status, which is 12 chars long.

The gpg-agent pop-up serial numbers seems to correspond to the
"Application ID" displayed in gpg --card-status, which is 32 chars long.

This seems like a bug. Am I missing something? Should I post this on

Thanks in advance,


E-Mail: <me at viccuad.me>, OpenPGP-Key-ID: 0xA2591E231E251F36
Key fingerprint: E3C5 114C 0C5B 4C49 BA03  0991 A259 1E23 1E25 1F36
My signed E-Mails are trustworthy.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150812/62e1c76a/attachment.sig>

More information about the Gnupg-users mailing list