gpg-agent unable to see yubikey until manually re-running `gpg --card-status`

Lance R. Vick lance at lrvick.net
Thu Jun 18 23:57:36 CEST 2015


Another example I just had happen:

1. start gpg-agent
2. populate SSH_AUTH_SOCK
3. ssh successfully
4. remove yubikey
5. insert yubikey
6. attempt to ssh -> "Permission Denied (Publickey)"
7. `gpg --card status` -> "no card present"
8. `gpg --card status` -> "no card present"
9. `gpg --card status` -> "no card present"
11. (...etc. it refused to come back this time)
12. killall gpg-agent
13. `gpg --card status` (again) -> Got usual card output
14. ssh successfully again

On Thu, Jun 18, 2015 at 10:56 AM, Lance R. Vick <lance at lrvick.net> wrote:

> I only ever tried this on 2.0.0 as far as older versions go, and that was
> similarly broken. I didn't bother documenting as I saw there were some
> smartcard updates in 2.1.4 so I upgraded.
>
> Just now had another variation (on 2.1.4):
>
> 1. start gpg-agent
> 2. populate SSH_AUTH_SOCK
> 3. ssh successfully
> 4. remove yubikey
> 5. insert yubikey
> 6. attempt to ssh -> "Permission Denied (Publickey)"
> 7. `gpg --card status` -> "no card present"
> 8. `gpg --card status` (again) -> Got usual card output
> 9. ssh successfully again
>
>
> On Thu, Jun 18, 2015 at 1:32 AM, Werner Koch <wk at gnupg.org> wrote:
>
>> On Wed, 17 Jun 2015 18:17, simon at josefsson.org said:
>>
>> > I've seen the error many times, also when I used a g10code smartcard,
>> > but lately things have been smooth.  I think there have been a couple of
>>
>> Old versions of GnuPG assumed that there is a card reader which can tell
>> you whether a card has been removed or inserted.  However USB tokens are
>> different in that you insert/remove the entire reader.  gniibe fixed
>> these problems some time ago.
>>
>>
>> Salam-Shalom,
>>
>>    Werner
>>
>> --
>> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
>>
>>
>> _______________________________________________
>> Gnupg-users mailing list
>> Gnupg-users at gnupg.org
>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>>
>
>
>
> --
> Lance R. Vick
> __________________________________________________
> Cell      -  407.283.7596
> Gtalk     -  lance at lrvick.net
> Website   -  http://lrvick.net
> PGP Key   -  http://lrvick.net/0x36C8AAA9.asc
> keyserver -  subkeys.pgp.net
> __________________________________________________
>



-- 
Lance R. Vick
__________________________________________________
Cell      -  407.283.7596
Gtalk     -  lance at lrvick.net
Website   -  http://lrvick.net
PGP Key   -  http://lrvick.net/0x36C8AAA9.asc
keyserver -  subkeys.pgp.net
__________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20150618/41955db0/attachment-0001.html>


More information about the Gnupg-users mailing list