gpg-agent does not authenticate ssh connections

Thu Feb 19 21:40:09 CET 2015

> Gpg-agent uses the smartcard key which is identified by the $AUTHKEYID
> attribute:
> 
>   $ gpg-connect-agent 'scd getattr $AUTHKEYID' /bye
>   S $AUTHKEYID OPENPGP.3
>   OK
I get the same output for my card.

> Thus only the keys listed in ~/.gnupg/sshcontrol will be used.
The keygrip from the card is listed in sshcontrol.

> of course you need to make sure that the key is capable of signing.
I created the key with authentication flag set. It has no other flags set.

Just a general note, I did not do anything special. I just used "keytocard" to 
move the key over. But unfortunately it does not work out ouf the box 
afterwards.

gpg --card-status
Application ID ...: 
Version ..........: 2.0
Manufacturer .....: ZeitControl
Serial number ....: 
Name of cardholder: Rainer Keller
Language prefs ...: de
Sex ..............: male
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: 2048R 2048R 4096R
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: XXX
      created ....: XXX
General key info..: pub  4096R/A7 2014 Rainer Keller <mail at rainerkeller.de>
sec#  4096R/D8  created: 2005  expires: never     
ssb   2048R/4C  created: 2008  expires: 2010
ssb   2048R/CC  created: 2008  expires: 2010
ssb   2048R/26  created: 2010  expires: 2012
ssb   2048R/B0  created: 2010  expires: 2012
ssb   2048R/A5  created: 2012  expires: 2014
ssb   2048R/09  created: 2012  expires: 2014
ssb   4096R/A9  created: 2014  expires: 2016 usage: S
ssb   4096R/6F  created: 2014  expires: 2016 usage: E
ssb>  4096R/A7  created: 2014  expires: 2016 usage: A
                      card-no: XXX

Regards
Rainer