use gpg-agent for ssh login

[Dmitrii Tcvetkov]

> Hi,
> 
> I'm trying to configure gpg-agent and SSH with a GnuPG Key Card
> Version 3.3, but ssh only drops the message: "the agent has no
> identities." in response to "ssh-add -L".
> 
> My system:
> Linux (K)ubuntu 16.04
> 
> My software versions:
> gpg 1.4.20
> gpg-agent 2.1.11
> libgcrypt 1.6.5
> 
> My configuration:
> Starting the agent:
> killall scdaemon
> killall gpg-agent
> eval $( gpg-agent --daemon --enable-ssh-support )
> Setting the environment variables:
> SSH_AGENT_PID=2588
> GPG_AGENT_INFO=$HOME/.gnupg/S.gpg-agent:2588:1
> SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh
> GPG_TTY=/dev/pts/1 (corresponding to used terminal)
> 
> note that 2588 is the PID of the gpg-agent here.
> scdaemon is running (started by gpg-agent)
> pcscd is NOT running.
> 
> .gnupg/gpg.conf:
> use-agent
> 
> .gnupg/gpg-agent.conf:
> enable-ssh-support
> default-cache-ttl 21600
> default-cache-ttl-ssh 21600
> pinentry-program /usr/bin/pinentry-gtk-2
> 
> After carefully reviewing my configuration and restarting my agent I
> still get a message "The agent has no identities." in response to
> "ssh-add -L". However, the status of the smart-card looks fine and
> all the keys are present on the card. Why does ssh not see the keys?
> Does anyone have a suggestion for changes? Are there specific issues
> with the card version 3.3?

gpg-agent will list identity only if key has Authenticate capability
and it's keygrip is listed in ${HOME}/.gnupg/sshcontrol

To get key's keygrip you can use "gpg -K --with-keygrip". You want to
list keygrip of the specific subkey with the Authenticate capability,
not it's primary key.