gpg-agent SSH agent returned incorrect signature type

Sebastian Wiesinger sebastian at karotte.org
Tue Nov 5 17:49:53 CET 2019


Hi,

I'm using gpg-agent with the key stored on a Yubikey for ssh pubkey
authentication. Since upgrading server systems to Debian 10 I get the following
error when logging in:

agent key RSA SHA256:[keyhash] returned incorrect signature type

Login succeeds but the error is displayed on every new connection.

There is not much information about this, except that it seems the error is
caused by the agent signing the key with a different hash algorithm:

debug1: Server accepts key: cardno:000233441461 RSA SHA256:[keyhash] agent
debug3: sign_and_send_pubkey: RSA SHA256:[keyhash]
debug3: sign_and_send_pubkey: signing using rsa-sha2-512
agent key RSA SHA256:[keyhash] returned incorrect signature type
debug3: sign_and_send_pubkey: signing using ssh-rsa


My question is, is this a problem with gpg-agent or is the Yubikey just not
able to sign the key with the requested sha2-512 algo?

Regards

Sebastian

-- 
GPG Key: 0x58A2D94A93A0B9CE (F4F6 B1A3 866B 26E9 450A  9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
            -- Terry Pratchett, The Fifth Elephant



More information about the Gnupg-users mailing list