Re: Win 11 + Smarcard: SSH public key authentication fails
Hello Werner, thanks for your reply. Your understanding is correct: From Win 11 to any other (Linux) server using SSH. Actually I installed PuTTY only because of this statement (I found in my research): "[...] The ssh-pageant provides the same kind of functionality to ssh but, as opposed to ssh-agent, does speak the PuTTY protocol. This enables ssh to speak with the gpg-agent via the ssh-pageant.[...]" And ssh-pageant is not available for Win 11, but pageant is included in PuTTY. Could you please share some details of your working setup (scripts connecting from Win 10/11 to other servers using SSH). THX Thomas Am 15.01.24 um 17:36 schrieb Werner Koch via Gnupg-users: Hi! I am not 100% sure whether I did understand you correctly: You are in Windows 11 and want to use its native OpenSSH client to connect to some other ssh server. Why do you need Putty, which has an integrated but different ssh implementation? For Putty you had *enable-putty-support* in your gpg-agent.conf. For the native client you need to add *enable-w32-openssh-support* to your gpg-agent.conf. Better disable the Putty support; I am not sure whether there are any conflicts. Take care, alhough me and my scripts ssh into Windows10 and 11 boxes quite often, the other way around is not that well tested. For debugging options, please see my other mail from today. Shalom-Salam, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: No SSH public key authentication using smartcard
Hello Stephan, thanks for your reply. When you say I should modify ~/.ssh/config, where is this file? On jumphost? Actually I have a working setup on Windows 10, but here I use another terminal emulator: MobaXterm. And in the settings of MobaXterm I enabled SSH forwarding. As of now I don't want to continue using MobaXterm on Windows 11, but using Windows Terminal. THX Am 25.11.23 um 12:30 schrieb Stephan Verbücheln via Gnupg-users: Coincidentally, I have a similar setup. Fortunately, you do *not* need Agent Forwarding for authentication via jump hosts. The entry for your host (in “~/.ssh/config”) for this host should look something like this: Host myalias HostName myserver.com ProxyJump jumpserver.net IdentityAgent %d/.gnupg/S.gpg-agent.ssh There may be some Windows-specific pitfalls. Perhaps you have to be careful with the line breaks (Unix versus Windows convention) in the configuration files. Regards Stephan ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Subkeys export to Security Token fails: Secret key available.
Hi, I had to reset my blocked Yubikey. Then I started with setting up the key again; all worked fine including "key attributes". After this I tried to export the PGP keys to the token, however this fails with error message: gpg: KEYTOCARD failed: Unusable secret key I don't understand how to fix this issue, and I don't understand what's causing this issue. When I execute "gpg --expert --edit-key 0x I can see this: Secret key available. pub rsa4096/Secret subkey is available. pub rsa4096/ created: 2020-01-06 expires: 2021-01-05 Nutzung: C Trust: unbekannt Validity: unbekannt ssb rsa4096/ created: 2020-01-06 expires: 2021-01-05 Nutzung: A Card number:0006 ssb rsa4096/ created: 2020-01-06 expires: 2021-01-05 Nutzung: S Card number:0006 ssb rsa4096/ created: 2020-01-06 expires: 2021-01-05 Nutzung: E Card number:0006 All subkeys are marked as Stub which is correct because the keys have been exported before. However now the keys don't exist anymore on the keycard. Can you please advise how to fix this issue? THX ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
