Re: Cannot export SSH public key
On Fri, Jan 5, 2024 at 2:43 PM Werner Koch wrote: > That is right. The ssh-agent protocol has no means to tell the > ssh-agent or gpg-agent some important environment cariabales, like the > current tty or DISPLAY. Interesting, thanks for the look behind the scenes! > I am so used to run the updatestartuptty that I don't even think about > this. It is the first thing I do when I ssh into my laptop. I have to do it twice, though, until it works. In my `~/.bashrc` I have: gpg-connect-agent updatestartuptty /bye Right after logging in (auto login on Ubuntu / WSL 2), I get: gpg-connect-agent: no running gpg-agent - starting '/usr/bin/gpg-agent' gpg-connect-agent: waiting for the agent to come up ... (5s) gpg-connect-agent: connection to agent established That looks good, but somehow it doesn’t work: $ ssh some_server sign_and_send_pubkey: signing failed for RSA "cardno:18 698 015" from agent: agent refused operation sign_and_send_pubkey: signing failed for RSA "(none)" from agent: agent refused operation felix@some_server: Permission denied (publickey). After starting `tmux`, which runs `gpg-connect-agent` again, everything works fine. I get the PIN entry dialog, and I can connect by SSH. This is a non-issue, not really worth debugging. I start `tmux` every time anyhow. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Cannot export SSH public key
On Fri, 5 Jan 2024 10:07, Felix E. Klee said: >> gpg-connect-agent updatestartuptty /bye > > or otherwise, I get no PIN entry dialog / prompt That is right. The ssh-agent protocol has no means to tell the ssh-agent or gpg-agent some important environment cariabales, like the current tty or DISPLAY. I can't remember what ssh-askpass (?) works but for GnUPG, gpg-agent uses the tty/display from where it was launched if it does not know anything else updatestartuptty tells gpg-agent that it should assume that the tty/display whenre gpg-connect-agent was run should be the new default. Fixing this in the ssh-agent protocol would be easy and I actually implemented this but did not found the time to keep on nagging them to include my patch to pass arbitrary envvars over the ssh-agent protocol. The gnupg part has long been implemented: https://dev.gnupg.org/rG224e26cf7b67f22bb0140133eac6b4ad24f3b1b7 and somewhere on the openssh ML one should find my patch. I am so used to run the updatestartuptty that I don't even think about this. It is the first thing I do when I ssh into my laptop. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein openpgp-digital-signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Cannot export SSH public key
On Fri, Nov 24, 2023 at 9:09 AM Felix E. Klee wrote: > In addition, I need: > > gpg-connect-agent updatestartuptty /bye or otherwise, I get no PIN entry dialog / prompt ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users