I'm running Fedora 22. I'm trying to setup GnuPG to have my SSH connections authenticated using my PGP authentication subkey that is located on my Yubikey Neo.
I have a systemd unit starting the gpg-agent as following:
/usr/bin/gpg-agent --homedir=%h/.gnupg --daemon --use-standard-socket
And I have enabled SSH support in the configuration:
enable-ssh-support
pinentry-program /usr/bin/pinentry-gtk
Other parts of the setup include adding the keygrip of my key to the ~/.gnupg/sshcontrol file, adding my public key to the remote host and declaring the environment variables.
Globally looking at the various logs the setup seems to work, I can see that SSH finds the key but is actually failing to sign with it. If I look at the logs from gpg-agent, I can see that it is failing to launch the pinentry program and therefore, not requesting for the PIN code:
2015-07-22 23:23:28 gpg-agent[6758] DBG: error calling pinentry: Ioctl() inappropriate for a device <Pinentry>
2015-07-22 23:23:28 gpg-agent[6758] DBG: chan_8 -> BYE
2015-07-22 23:23:28 gpg-agent[6758] DBG: chan_7 -> CAN
2015-07-22 23:23:28 gpg-agent[6758] DBG: chan_7 <- ERR 100663573 The IPC call was canceled <SCD>
2015-07-22 23:23:28 gpg-agent[6758] smartcard signing failed: Ioctl() inappropriate for a device
2015-07-22 23:23:28 gpg-agent[6758] ssh sign request failed: Ioctl() inappropriate for a device <Pinentry>
What we see here is that when used in combination with SSH, some ioctl call is failing when calling pinentry. However if I run the following:
$ echo "Test" | gpg2 -s
The PIN window is popping up and it's all working fine.
Can you help me understand what's going on with this setup and SSH?
Best Answer
Well, this worked for me:
add this to your
.bashrcor just kick it before using gpg.