Re: Win 11 + Smarcard: SSH public key authentication fails
Hello Werner, thanks for your reply. Your understanding is correct: From Win 11 to any other (Linux) server using SSH. Actually I installed PuTTY only because of this statement (I found in my research): "[...] The ssh-pageant provides the same kind of functionality to ssh but, as opposed to ssh-agent, does speak the PuTTY protocol. This enables ssh to speak with the gpg-agent via the ssh-pageant.[...]" And ssh-pageant is not available for Win 11, but pageant is included in PuTTY. Could you please share some details of your working setup (scripts connecting from Win 10/11 to other servers using SSH). THX Thomas Am 15.01.24 um 17:36 schrieb Werner Koch via Gnupg-users: Hi! I am not 100% sure whether I did understand you correctly: You are in Windows 11 and want to use its native OpenSSH client to connect to some other ssh server. Why do you need Putty, which has an integrated but different ssh implementation? For Putty you had *enable-putty-support* in your gpg-agent.conf. For the native client you need to add *enable-w32-openssh-support* to your gpg-agent.conf. Better disable the Putty support; I am not sure whether there are any conflicts. Take care, alhough me and my scripts ssh into Windows10 and 11 boxes quite often, the other way around is not that well tested. For debugging options, please see my other mail from today. Shalom-Salam, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Win 11 + Smarcard: SSH public key authentication fails
Hi! I am not 100% sure whether I did understand you correctly: You are in Windows 11 and want to use its native OpenSSH client to connect to some other ssh server. Why do you need Putty, which has an integrated but different ssh implementation? For Putty you had *enable-putty-support* in your gpg-agent.conf. For the native client you need to add *enable-w32-openssh-support* to your gpg-agent.conf. Better disable the Putty support; I am not sure whether there are any conflicts. Take care, alhough me and my scripts ssh into Windows10 and 11 boxes quite often, the other way around is not that well tested. For debugging options, please see my other mail from today. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein openpgp-digital-signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Trouble with GPG Cards for SSH when using FIDO2
On Mon, 15 Jan 2024 09:25, Philipp Schmidt said: > - Everything works fine until I use one of the keys for FIDO2 > - Afterwards I cannot restore the service without a reboot Try to add pscs-shared to scdaemon.conf and gpgconf -R scdaemon. Does this change anything? If not, add log-file /foo/scd.log debug ipc,reader,card to scdaemon.conf and check the log file or send it to me. Make sure that you did not enter the PIN as it would show up in the log. If this does not give any hints, adding "debug cardio" will give even more verbose output. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein openpgp-digital-signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Win 11 + Smarcard: SSH public key authentication fails
Hello, in the past I used Windows 10 + Smartcard + MobaXterm for SSH public key authentication w/o problems incl. SSH forward. Now I have a new device with Windows 11, and I want to use the same Smartcard for SSH public key authentication using Win 11 (native) SSH client. Therfore I installed - Gpg4win 4.2 (latest version) - PowerShell 7 (latest version) - PuTTY 0.8 (latest version) and configured gpg.conf and gpg-agent.conf. I don't intend to install git BASH assuming PowerShell 7 provides a working shell. I can run gpg --card-status and ssh-add -L w/o problems, means I can display all information stored on my Smartcard and the SSH public key (key ends with "cardno:0005_80CE". However when I try to connect to a SSH server public key authentication fails. I found this statement when searching for a solution: "[...] The ssh-pageant provides the same kind of functionality to ssh but, as opposed to ssh-agent, does speak the PuTTY protocol. This enables ssh to speak with the gpg-agent via the ssh-pageant.[...]" Can you please advise how to fix this issue?___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Trouble with GPG Cards for SSH when using FIDO2
Hello Everybody, since some update, about 2 Month ago, I started to run into trouble using my both yubi Keys. To be precise: I have setup gpg such that the ssh auth Agent can access the keys. That worked for a long time. For example: `ssh-add -L` always displayed both public keys. As mentioned before, now I am running into trouble, but not right from the start. As far as I could observe that, it happens always after I used one of the keys for a FIDO2 Authentification. After that `ssh-add -L` doesn't display any more keys and `gpg --card-status` says: ``` gpg: selecting card failed: No such device gpg: OpenPGP card not available: No such device ``` event though the keys are inserted. In such a case, the only thing that helps is a reboot. I really would like to provide more details, but I really do not know where to start. Basiline: - Everything works fine until I use one of the keys for FIDO2 - Afterwards I cannot restore the service without a reboot I am running Arch Linux with a new Kernel and GPG version 2.4.3 Thanks in ahead for any help! public.asc Description: application/pgp-keys signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users