gpg-agent SSH agent returned incorrect signature type

Werner Koch wk at
Tue Nov 5 20:53:41 CET 2019

On Tue,  5 Nov 2019 17:49, Sebastian Wiesinger said:

> debug3: sign_and_send_pubkey: signing using rsa-sha2-512

AFAICS that method is not supported.  We support "ssh-rsa" and
"ssh-rsa-cert-v01 at" but not this method.  However, I do not
have the debug out of gpg-agent so I can't tell for sure.  Please put

--8<---------------cut here---------------start------------->8---
log-file /somewhere/gpg-agent.log
--8<---------------cut here---------------end--------------->8---

into ~/.gnupg/gpg-agent.conf and "gpgconf --kill gpg-agent".  In case
this reveals nothing it may be nessary to add a line "debug crypto" but
that would reveal key material if not only used with the Yubikey.

Anyway, I would suggest to use an EC algorithm; they are much faster.
The Yubikey only supports the NIST curves and thus ecdsa-sha2-nistp256
or ecdsa-sha2-nistp521 would be approriate.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list