Win 11 + Smarcard: SSH public key authentication fails

t.schneider at disroot.org t.schneider at disroot.org
Wed Jan 17 08:22:49 CET 2024 

Hello,

accidently I identified the root cause for this issue.

I executed this SSH command:

ssh <remoteserver>

I didn't use ssh <user>@<remoteserver> on purpose because I'm used to 
use the same user on remoteserver as on client.

After executing SSH command

ssh <user>@<remoteserver>

gpg-agent works as expected and I can login with public key.

One may consider this as a bug, however I'm happy that I found a 
solution for my issue.

Now I can proceed to next issue: SSH forward

Thanks for your great support!

Thomas

Am 2024-01-16 18:50, schrieb Werner Koch:

> On Mon, 15 Jan 2024 20:03, Thomas Schneider said:
> 
>> And ssh-pageant is not available for Win 11, but pageant is included
>> in PuTTY.
> 
> I didn't implemented or tested the newer --enable-w32-openssh-support 
> so
> I don't have first have experience.  However, Windows comes with an 
> sssh
> server and an client, which are slighly modified OpenSSH versions.  
> Thus
> you should be able to simply run
> 
> c:\ ssh -v snowden at hawaii.nsa.gov
> 
> The ssh diagnostics enabled with -v should show you what's going on and
> whether ssh tries to use an ssh-agent implementation.
> 
> You need to start gpg-agent first, of course:
> 
> gpgconf --launch gpg-agent
> 
> or run any gpg command or kleopatra, etc.)
> 
>> Could you please share some details of your working setup (scripts
>> connecting from Win 10/11 to other servers using SSH).
> 
> Okay, let's try it: I just installed a gpg4win 4.3.0-beta and tried it
> on my testbox (Windows 10.0 build 19045) using my regular token:
> 
> debug1: Next authentication method: publickey
> debug1: Offering public key: cardno:FFFE_xxxxxxx ED25519 
> SHA256:tXYM7ne2kI+ZUw7jGii9LBhoz8uB0ucKv28OSSW6a/g agent
> debug1: Server accepts key: cardno:FFFE_xxxxxxx ED25519 
> SHA256:tXYM7ne2kI+ZUw7jGii9LBhoz8uB0ucKv28OSSW6a/g agent
> debug1: Authentication succeeded (publickey).
> Authenticated to ftp.gnupg.org ([217.69.76.55]:22).
> 
> But that should also work with your gpg4win version.
> 
> the native client you need to add *enable-w32-openssh-support* to your

Oops, the option is actually *enable-win32-openssh-support*.  I try to
get it into the Kleopatra config dialog with gnupg 2.4.4 - right now
kleopatra can only enable the Unix style ssh support.

Shalom-Salam,

    Werner
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20240117/42d49b9d/attachment-0001.html>

More information about the Gnupg-users mailing list