Win 11 + Smarcard: SSH public key authentication fails
Werner Koch
wk at gnupg.org
Tue Jan 16 18:50:23 CET 2024
On Mon, 15 Jan 2024 20:03, Thomas Schneider said:
> And ssh-pageant is not available for Win 11, but pageant is included
> in PuTTY.
I didn't implemented or tested the newer --enable-w32-openssh-support so
I don't have first have experience. However, Windows comes with an sssh
server and an client, which are slighly modified OpenSSH versions. Thus
you should be able to simply run
c:\ ssh -v snowden at hawaii.nsa.gov
The ssh diagnostics enabled with -v should show you what's going on and
whether ssh tries to use an ssh-agent implementation.
You need to start gpg-agent first, of course:
gpgconf --launch gpg-agent
or run any gpg command or kleopatra, etc.)
> Could you please share some details of your working setup (scripts
> connecting from Win 10/11 to other servers using SSH).
Okay, let's try it: I just installed a gpg4win 4.3.0-beta and tried it
on my testbox (Windows 10.0 build 19045) using my regular token:
debug1: Next authentication method: publickey
debug1: Offering public key: cardno:FFFE_xxxxxxx ED25519 SHA256:tXYM7ne2kI+ZUw7jGii9LBhoz8uB0ucKv28OSSW6a/g agent
debug1: Server accepts key: cardno:FFFE_xxxxxxx ED25519 SHA256:tXYM7ne2kI+ZUw7jGii9LBhoz8uB0ucKv28OSSW6a/g agent
debug1: Authentication succeeded (publickey).
Authenticated to ftp.gnupg.org ([217.69.76.55]:22).
But that should also work with your gpg4win version.
>> the native client you need to add *enable-w32-openssh-support* to your
Oops, the option is actually *enable-win32-openssh-support*. I try to
get it into the Kleopatra config dialog with gnupg 2.4.4 - right now
kleopatra can only enable the Unix style ssh support.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20240116/130b291b/attachment.sig>
More information about the Gnupg-users
mailing list