6

I have a Yubikey 4 and I want to use my GPG keys stored on this to authenticate to SSH servers.
I want to use GitHub for a start. I have already added my GPG authentication key to GitHub.

My problem is that when I ssh, my agent doesn't use this key. I've checked by trying to connect to my VPS with ssh -v but it skips my GPG key. My Yubikey is plugged in and gpg2 --card-status shows all the details. I am able to sign and decrypt fine as well as use the other features of the Yubikey.

The ssh ouput

debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/wilhelm/.ssh/id_rsa
debug1: Trying private key: /home/wilhelm/.ssh/id_dsa
debug1: Trying private key: /home/wilhelm/.ssh/id_ecdsa
debug1: Trying private key: /home/wilhelm/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).

I have disabled gnome password manager.

I've looked at Connecting SSH and Git to gpg-agent and followed the suggestion, but it doesn't seem to be working.

╰─ ssh-add -l
Could not open a connection to your authentication agent.

╰─ ps aux | grep gpg-agent
wilhelm  26079  0.0  0.0  20268   980 ?        Ss   20:57   0:00 gpg-agent --daemon --enable-ssh-support --sh
wilhelm  31559  0.0  0.0  12724  2184 pts/1    S+   22:49   0:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn gpg-agent
Community
  • 1
Wilhelm Erasmus
  • 307
  • 3
  • 12

1 Answers1

5

ssh can't open connection to your gpg-agent if you will not give it the way to do so.

When you start your gpg-agent with --enable-ssh-support option, it prints out environmental variables that needs to be available in the shell where from you will be using your ssh. There are few possibilities how to get them:

  • Stop your gpg-agent and start it once more in like this in the shell where from you are using your ssh (this should be the easiest way to test it):

    eval $(gpg-agent --daemon --enable-ssh-support --sh)

  • Find the location of authentication socket and set up the environment variable SSH_AUTH_SOCK by hand

Later on, when you will know that it works, you should set up the agent start according to the manual page for gpg-agent(1), so probably in ~/.xsession to let it start automatically.

Wilhelm Erasmus
  • 307
  • 3
  • 12
Jakuje
  • 20,974
  • 7
  • 51
  • 70
  • Thanks man, It works perfectly :). Followed so many tutorials but none of them suggested this explicitly. – Wilhelm Erasmus Dec 17 '15 at 21:06
  • I'm just going to try restart and then I'll mark it as the answer – Wilhelm Erasmus Dec 17 '15 at 21:08
  • It worked fine with just the first bullet. After restart, it doesn't work(added to .xsession. So I just added the commands from the first bullet to my rc – Wilhelm Erasmus Dec 17 '15 at 21:15
  • And is `gpg-agent` running? What exactly does not work? We went through quite many steps of troubleshooting, you can do now on your own. – Jakuje Dec 17 '15 at 21:19
  • `pkill -9 gpg-agent eval $(gpg-agent --daemon --enable-ssh-support --sh)` in my rc makes ssh work – Wilhelm Erasmus Dec 17 '15 at 21:21
  • so you might have the `gpg-agent` starting already somewhere else or `gnome-keyring` or `seahorse` can behave in the way of `ssh-agents`, but I have no idea where they start from. But great to hear it works for you. – Jakuje Dec 17 '15 at 21:23
  • Perhaps. At least it works now xD. When it breaks I can start over with a source-based distro and get all the other stuff out of the way – Wilhelm Erasmus Dec 17 '15 at 21:27