I'm running Fedora 22. I'm trying to setup GnuPG to have my SSH connections authenticated using my PGP authentication subkey that is located on my Yubikey Neo.
I have a systemd unit starting the gpg-agent as following:
/usr/bin/gpg-agent --homedir=%h/.gnupg --daemon --use-standard-socket
And I have enabled SSH support in the configuration:
enable-ssh-support
pinentry-program /usr/bin/pinentry-gtk
Other parts of the setup include adding the keygrip of my key to the ~/.gnupg/sshcontrol file, adding my public key to the remote host and declaring the environment variables.
Globally looking at the various logs the setup seems to work, I can see that SSH finds the key but is actually failing to sign with it. If I look at the logs from gpg-agent, I can see that it is failing to launch the pinentry program and therefore, not requesting for the PIN code:
2015-07-22 23:23:28 gpg-agent[6758] DBG: error calling pinentry: Ioctl() inappropriate for a device <Pinentry>
2015-07-22 23:23:28 gpg-agent[6758] DBG: chan_8 -> BYE
2015-07-22 23:23:28 gpg-agent[6758] DBG: chan_7 -> CAN
2015-07-22 23:23:28 gpg-agent[6758] DBG: chan_7 <- ERR 100663573 The IPC call was canceled <SCD>
2015-07-22 23:23:28 gpg-agent[6758] smartcard signing failed: Ioctl() inappropriate for a device
2015-07-22 23:23:28 gpg-agent[6758] ssh sign request failed: Ioctl() inappropriate for a device <Pinentry>
What we see here is that when used in combination with SSH, some ioctl call is failing when calling pinentry. However if I run the following:
$ echo "Test" | gpg2 -s
The PIN window is popping up and it's all working fine.
Can you help me understand what's going on with this setup and SSH?
