agent refused operation when using GnuPG key for ssh

Pankaj Jangid pankaj at codeisgreat.org
Mon Sep 28 20:24:58 CEST 2020


I am trying to configure gpg key for ssh authentication. I have added a
new key specifically for authentication (usage). And then exported the
public key using --export-ssh-key and saved on the remote server
authorized_keys.

~/.gnupg/gpg-agent.conf
~/.gnupg/sshcontrol

The above files are configured accordingly. And in my ~/.zshrc, I have,

--8<---------------cut here---------------start------------->8---
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
gpgconf --launch gpg-agent
--8<---------------cut here---------------end--------------->8---

But when I connect using ssh, it tries to login using the GnuPG key. But
gets - agent refused operation - error. Below is the log.

--8<---------------cut here---------------start------------->8---
debug1: Offering public key: (none) RSA SHA256:JDqSzpk8xTHxmB9ba98TuTwaiObrzU5/bFrHQwrvRdY agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: (none) RSA SHA256:JDqSzpk8xTHxmB9ba98TuTwaiObrzU5/bFrHQwrvRdY agent
debug3: sign_and_send_pubkey: RSA SHA256:JDqSzpk8xTHxmB9ba98TuTwaiObrzU5/bFrHQwrvRdY
debug3: sign_and_send_pubkey: signing using rsa-sha2-512
sign_and_send_pubkey: signing failed: agent refused operation
debug1: Offering public key: /Users/pankaj/.ssh/id_rsa RSA SHA256:fwEoS8jdY2L/ETw75CuRQLL05IMBRTFK8kHk89s0+M8
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: /Users/pankaj/.ssh/id_rsa RSA SHA256:fwEoS8jdY2L/ETw75CuRQLL05IMBRTFK8kHk89s0+M8
debug3: sign_and_send_pubkey: RSA SHA256:fwEoS8jdY2L/ETw75CuRQLL05IMBRTFK8kHk89s0+M8
debug3: sign_and_send_pubkey: signing using rsa-sha2-512
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
--8<---------------cut here---------------end--------------->8---

How to diagnose this further?

-- 
Pankaj Jangid

GnuPG Fingerprint => 0B62 7424 3B26 A911 052A  DDE6 7C95 6E6F F858 7689



More information about the Gnupg-users mailing list