GPG-Agent not recognising SSH keys
peter at digitalbrains.com
Thu Jan 14 15:58:15 CET 2016
> Your guide highlighted a silly error where I had accidentally chopped
> some of the trailing characters of the appropriate keygrip in
> sshcontrol (Doh!). BTW I am using GnuPG 2.1.9
That's hard to spot... "Is this jumble of characters the same as the
one I just saw?"
> I can now successfully get the response to ssh-add -L as expected.
> Anything there I am perhaps missing?
Is the server and the user account configured to accept authorized
keys? Are the permissions on ~/.ssh acceptable?
Do you have administrative access to a server in question? The
configuration for sshd can configure different authentication
possibilities to be offered, even per-user (or per-IP range).
But perhaps more likely is that ~/.ssh doesn't have the correct
permissions. If you have access to sshd's log: it will likely complain
verbally in the log about permission errors, even though you as a client
don't see it.
From the sshd manpage:
> Lists the public keys (DSA, ECDSA, ED25519, RSA) that can be used
> for logging in as this user. The format of this file is
> described above. The content of the file is not highly sensi‐
> tive, but the recommended permissions are read/write for the
> user, and not accessible by others.
> If this file, the ~/.ssh directory, or the user's home directory
> are writable by other users, then the file could be modified or
> replaced by unauthorized users. In this case, sshd will not
> allow it to be used unless the StrictModes option has been set to
A good permission for ~/.ssh is 700. authorized_keys can be 755 or
less. From the way the manpage is phrased, one would think one's home
directory can't be 775, even though that actually might make sense in
some setups. But if you don't want to be able to appoint people with
write permission, keep it on 755 or less. I think 755 is quite common;
750, 710 and 700 make sense as well.
 Less permissions, not numerically less. Don't go saying "677 is
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
More information about the Gnupg-users