Re: No SSH public key authentication using smartcard
On 25.11.23 13:24, Thomas Schneider via Gnupg-users wrote: > Hello Stephan, > > thanks for your reply. > > When you say I should modify ~/.ssh/config, where is this file? > On jumphost? > > Actually I have a working setup on Windows 10, but here I use another > terminal emulator: MobaXterm. > And in the settings of MobaXterm I enabled SSH forwarding. > > As of now I don't want to continue using MobaXterm on Windows 11, but > using Windows Terminal. Hey Stephan, I can not answer where to find that file on windows, but the first hit with google: https://stackoverflow.com/a/56536275 You can also set these options directly on the command line: ``` ssh -o IdentityAgent='%d/.gnupg/S.gpg-agent.ssh' -o ProxyJump=jumpserver.example.net targethost.example.org ``` I'm not sure if you really have to set the IdentityAgent if your GPG and SSH Agent Socket is setup correctly... Do you see something with `ssh-add -L`? If yes, then you should not have a need to set IdentityAgent for a Host. (Only if you have multiple Agents or you have to specify it only for certain hosts etc etc but if its your only Agent and you have no special requirements, then just leave it out IF `ssh-add -L` shows you the key from your card.) Good luck, Bernd ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problems with [Q]GpgME and Qt6
On Samstag, 25. November 2023 04:15:28 CET Ron Murray via Gnupg-users wrote: > Here, for example, is the code I use to retrieve my secret key list: > QGpgME::KeyListJob *job = QGpgME::openpgp()->keyListJob(false, false, > false); > // Prepare result vector > std::vector keys; > // Execute it synchronously > GpgME::KeyListResult result = job->exec(QStringList() << > QStringLiteral(""), // No pattern: get all > true, keys); // Only secret keys > delete job; > Now, this is straight out of the "t-keylist.cpp" test file that comes with > the GpgME source. It works perfectly well under Qt5. but under Qt6, it > segfaults at the "job->exec" line. > Anyone have a clue why it crashes under Qt6? I cannot reproduce this on openSUSE Tumbleweed with Qt 6.6.0. I changed the `job->exec` call in t-keylist.cpp as above. This makes the test fail (because the assertion is no longer true), but it doesn't crash. It would help if you'd give us a backtrace of the segfault. Regards, Ingo signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: No SSH public key authentication using smartcard
Hello Stephan, thanks for your reply. When you say I should modify ~/.ssh/config, where is this file? On jumphost? Actually I have a working setup on Windows 10, but here I use another terminal emulator: MobaXterm. And in the settings of MobaXterm I enabled SSH forwarding. As of now I don't want to continue using MobaXterm on Windows 11, but using Windows Terminal. THX Am 25.11.23 um 12:30 schrieb Stephan Verbücheln via Gnupg-users: Coincidentally, I have a similar setup. Fortunately, you do *not* need Agent Forwarding for authentication via jump hosts. The entry for your host (in “~/.ssh/config”) for this host should look something like this: Host myalias HostName myserver.com ProxyJump jumpserver.net IdentityAgent %d/.gnupg/S.gpg-agent.ssh There may be some Windows-specific pitfalls. Perhaps you have to be careful with the line breaks (Unix versus Windows convention) in the configuration files. Regards Stephan ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: No SSH public key authentication using smartcard
Hello Stephan, thanks for your reply. When you say I should modify ~/.ssh/config, where is this file? On jumphost? Actually I have a working setup on Windows 10, but here I use another terminal emulator: MobaXterm. And in the settings of MobaXterm I enabled SSH forwarding. As of now I don't want to continue using MobaXterm on Windows 11, but using Windows Terminal. THX Am 25.11.23 um 12:30 schrieb Stephan Verbücheln via Gnupg-users: Coincidentally, I have a similar setup. Fortunately, you do *not* need Agent Forwarding for authentication via jump hosts. The entry for your host (in “~/.ssh/config”) for this host should look something like this: Host myalias HostName myserver.com ProxyJump jumpserver.net IdentityAgent %d/.gnupg/S.gpg-agent.ssh There may be some Windows-specific pitfalls. Perhaps you have to be careful with the line breaks (Unix versus Windows convention) in the configuration files. Regards Stephan ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: No SSH public key authentication using smartcard
Coincidentally, I have a similar setup. Fortunately, you do *not* need Agent Forwarding for authentication via jump hosts. The entry for your host (in “~/.ssh/config”) for this host should look something like this: Host myalias HostName myserver.com ProxyJump jumpserver.net IdentityAgent %d/.gnupg/S.gpg-agent.ssh There may be some Windows-specific pitfalls. Perhaps you have to be careful with the line breaks (Unix versus Windows convention) in the configuration files. Regards Stephan signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
No SSH public key authentication using smartcard
Hello, I'm trying to configure a solution for this use case: SSH SSH Client > Jumphost > Server (Windows 11) (Linux) (Linux) I connect a Nitrokey security-token (that is comparable to Yubikey) with OpenPGP keys to my client. And I want to use this Nitrokey for SSH login to remote servers. For this I installed GPG4Win on my client and configured file gpg-agent.conf: enable-ssh-support To Enable support for PuTTY enable-putty-support To Enable support for the native Microsoft OpenSSH binaries (requires gpg 2.4.0 / Gpg4win 4.1.0 or higher) enable-win32-openssh-support use-standard-socket default-cache-ttl 600 max-cache-ttl 7200 Then I (re-) start the gpg-agent and try to SSH into the Jumphost using command ssh in Windows PowerShell. Here I get a popup window where I must enter the PIN previously set on Nitrokey. After this I'm connected to the jumphost (Linux). Now I want to connect to the server using command ssh , however I need to enter a password. This means public key authentication fails. And I think this fails because SSH agent forwarding is not working. Can you please advise how to SSH agent forwarding in my setup correctly? THX Thomas ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users