SSH hangs when using GPG2 + Yubikey on OS-X
NIIBE Yutaka
gniibe at fsij.org
Wed Jul 20 04:57:06 CEST 2016
On 07/19/2016 05:54 PM, NIIBE Yutaka wrote:
> On 07/19/2016 02:22 PM, Ben Warren wrote:
>> We don’t see this issue when using a file-based key for SSH,
>> although in that case we’re using ssh-agent, not gpg-agent. I’ll
>> try using a file-based GPG key, which will be closer to the failing
>> configuration.
>
> Are you using some other tools for Yubikey?
>
> People sometimes do or write a script with
>
> gpg-connect-agent "SCD RESET" /bye
>
> (to reset PIN auth state) but this only works well if we have a single
> connection from gpg-agent to scdaemon. Having ssh-sessions (with
> forwarding), we have multiple connections from gpg-agent to scdaemon.
> This could be a cause of troubles.
I think that the problem occurs when we do "SCD RESET" above or
removal/insertion of token during the use of SSH.
It seems for me that OpenSSH client (7.2p2, in my case) keeps the
connection to ssh-agent even if it doesn't use forwarding. So, it is
likely that we encounter this problem.
Today, I fixed this issue by:
commit 1598a4476466822e7e9c757ac471089d3db4b545
Please try it out.
--
More information about the Gnupg-users
mailing list