SSH and gpg2: pinentry errors hidden from view, agent refused operation

Lars Noodén lars.nooden at
Thu Dec 30 16:50:07 CET 2021

On 12/30/21 17:44, Ingo Klöcker wrote:
> On Donnerstag, 30. Dezember 2021 15:38:47 CET Lars Noodén via Gnupg-users
> wrote:
>> What else is needed to get pinentry invoked so that the SSH client can
>> connect using the GnuPG RSA key?
>> At this point the public key is visible in the SSH agent:
>>    $ ssh-add -l
>>    3072 SHA256:j0V4cVzC...NKQPA (none) (RSA)
>> and the public key has been saved in the default file:
>>    $ssh-add -L > ~/.ssh/id_rsa
> The file ~/.ssh/id_rsa usually contains the secret key. The corresponding
> public key is usually in the file called ~/.ssh/ I'm not sure
> whether this confuses ssh. Maybe it tries to interpret your public key as
> secret key.
> Regards,
> Ingo

Sorry.  That was a rekeying error, meant to avoid copy-paste errors :/
I have double checked and the public key is indeed in ~/.ssh/id_rsa as
it should be.  Also, ~/.gnupg/sshcontrol is populated with the keygrip
which matches the authentication subkey.


More information about the Gnupg-users mailing list