gpg-agent does not authenticate ssh connections

Rainer Keller mail at
Sun Feb 8 18:41:15 CET 2015


I am trying to use gnupg smart card for ssh connections.

According to the error message gpg-agent is unable to sign using the card:

> ssh user at server
> Agent admitted failure to sign using the key.
> Permission denied (publickey,keyboard-interactive).

In .gnupg/sshcontrol I have added the correct keygrip and "ssh-add -l" shows 
the right key:

> 4096 XX:XX:XX cardno:XXXX (RSA)

The pinentry dialog also appears.
I started the gpg-agent with logging enabled which shows some errors when 
trying to use ssh:

> gpg-agent ~/.gnupg/sshcontrol:1: key 'XXXX' skipped: No such file or 
> gpg-agent DBG: detected card with S/N XXXX
> gpg-agent smartcard signing failed: Bad PIN

It sounds like the PIN entered was wrong, but I am sure it is correct.
The PIN retry counters are still at 3.

Application ID ...: XXX
Version ..........: 2.0
Manufacturer .....: ZeitControl
Serial number ....: XXX
Name of cardholder: Rainer Keller
Language prefs ...: de
Sex ..............: male
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: 2048R 2048R 4096R
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: XXXX
      created ....: XXX

Any idea why gpg-agent assumes the PIN is wrong?


More information about the Gnupg-users mailing list