gpg-agent ssh key order in version 2.3.7

Yorick van Pelt yorickvanpelt at
Fri Jan 20 15:07:37 CET 2023


I have a question regarding the gpg-agent changes in 2.3.7.

I have the following setup:
- gpg-agent configured as ssh-agent, with
- 1 auth subkey, protected by a passphrase
- 1 auth subkey stored on a yubikey.

Prior to upgrading to gnupg 2.3.7, gpg would prompt me for the yubikey
pincode and use it if it was inserted, and for the passphrase otherwise.

Starting with 2.3.8, it always asks for the passphrase. Hitting 'cancel'
makes it try the yubikey, but this happens again on the next invocation.

Looking at the code changes, it looks like the ordering from the sshcontrol
file is no longer used. I see that I can use "Prompt: no" to ignore the
yubikey if it is not inserted, but can't figure out how to make it try the
yubikey before the password-protected key.

How can I best restore the old behavior?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Gnupg-users mailing list