Ssh – gpg-agent instead of ssh-agent

gpggpg-agentssh

I have a Yubikey 4 and I want to use my GPG keys stored on this to authenticate to SSH servers.
I want to use GitHub for a start. I have already added my GPG authentication key to GitHub.

My problem is that when I ssh, my agent doesn't use this key. I've checked by trying to connect to my VPS with ssh -v but it skips my GPG key. My Yubikey is plugged in and gpg2 --card-status shows all the details. I am able to sign and decrypt fine as well as use the other features of the Yubikey.

The ssh ouput

debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/wilhelm/.ssh/id_rsa
debug1: Trying private key: /home/wilhelm/.ssh/id_dsa
debug1: Trying private key: /home/wilhelm/.ssh/id_ecdsa
debug1: Trying private key: /home/wilhelm/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).

I have disabled gnome password manager.

I've looked at Connecting SSH and Git to gpg-agent and followed the suggestion, but it doesn't seem to be working.

╰─ ssh-add -l
Could not open a connection to your authentication agent.

╰─ ps aux | grep gpg-agent
wilhelm  26079  0.0  0.0  20268   980 ?        Ss   20:57   0:00 gpg-agent --daemon --enable-ssh-support --sh
wilhelm  31559  0.0  0.0  12724  2184 pts/1    S+   22:49   0:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn gpg-agent

Best Answer

ssh can't open connection to your gpg-agent if you will not give it the way to do so.

When you start your gpg-agent with --enable-ssh-support option, it prints out environmental variables that needs to be available in the shell where from you will be using your ssh. There are few possibilities how to get them:

  • Stop your gpg-agent and start it once more in like this in the shell where from you are using your ssh (this should be the easiest way to test it):

    eval $(gpg-agent --daemon --enable-ssh-support --sh)

  • Find the location of authentication socket and set up the environment variable SSH_AUTH_SOCK by hand

Later on, when you will know that it works, you should set up the agent start according to the manual page for gpg-agent(1), so probably in ~/.xsession to let it start automatically.

Related Question