I have a Yubikey 4 and I want to use my GPG keys stored on this to authenticate to SSH servers.
I want to use GitHub for a start. I have already added my GPG authentication key to GitHub.
My problem is that when I ssh, my agent doesn't use this key. I've checked by trying to connect to my VPS with ssh -v
but it skips my GPG key. My Yubikey is plugged in and gpg2 --card-status
shows all the details. I am able to sign and decrypt fine as well as use the other features of the Yubikey.
The ssh ouput
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/wilhelm/.ssh/id_rsa
debug1: Trying private key: /home/wilhelm/.ssh/id_dsa
debug1: Trying private key: /home/wilhelm/.ssh/id_ecdsa
debug1: Trying private key: /home/wilhelm/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
I have disabled gnome password manager.
I've looked at Connecting SSH and Git to gpg-agent and followed the suggestion, but it doesn't seem to be working.
╰─ ssh-add -l
Could not open a connection to your authentication agent.
╰─ ps aux | grep gpg-agent
wilhelm 26079 0.0 0.0 20268 980 ? Ss 20:57 0:00 gpg-agent --daemon --enable-ssh-support --sh
wilhelm 31559 0.0 0.0 12724 2184 pts/1 S+ 22:49 0:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn gpg-agent
Best Answer
ssh
can't open connection to yourgpg-agent
if you will not give it the way to do so.When you start your
gpg-agent
with--enable-ssh-support
option, it prints out environmental variables that needs to be available in the shell where from you will be using yourssh
. There are few possibilities how to get them:Stop your
gpg-agent
and start it once more in like this in the shell where from you are using yourssh
(this should be the easiest way to test it):Find the location of authentication socket and set up the environment variable
SSH_AUTH_SOCK
by handLater on, when you will know that it works, you should set up the agent start according to the manual page for
gpg-agent(1)
, so probably in~/.xsession
to let it start automatically.