OSX 10.10 has many known issues regarding PC/SC compatibility. See Ludovic
Rousseau's blog which illustrates some issues:

On Mon, Dec 15, 2014, 8:45 PM Florin Andrei <flo...@andrei.myip.org> wrote:

> I'm generating and storing ssh keys on smartcards, and I use gpg-agent
> in ssh-agent emulation mode for authentication. This is what I have in
> gpg-agent.conf:
> pinentry-program [various pinentry apps]
> enable-ssh-support
> write-env-file
> use-standard-socket
> default-cache-ttl 600
> max-cache-ttl 7200
> Then in ~/.bash_profile I have this:
> source ~/.gpg-agent-info
> This is the smartcard type I use - the YubiKey NEO:
> https://www.yubico.com/products/yubikey-hardware/yubikey-neo/
> I use gpg and gpg-agent version 2.0.26 from Homebrew. I have also tried
> GPGTools, but the results are the same.
> https://gpgtools.org/
> After launching the agent with "gpg-agent --daemon", the ssh client will
> authenticate using the key stored on the smartcard, everything works
> just great. At least that was the case on OS X 10.9.
> After upgrading to 10.10, I've had lots of issues. Authentication seems
> to work for a while after I boot up and log into my account, but then
> after 1 hour, maybe 2, it stops working. Sometimes ssh sessions get
> stuck somewhere in authentication; other times authentication just fails.
> If I kill gpg-agent and restart it, and unplug / replug the smartcard,
> everything works again - for a while. Then later again authentication
> starts having problems, and I have to do the kill / relaunch / unplug /
> replug song and dance all over again.
> I've heard there were some changes in the smartcard framework in 10.10,
> but I'm not sure how relevant that is to this issue.
> Any idea what I can do to get the smartcards working again? (other than
> downgrade to OS X 10.9)
> --
> Florin Andrei
> http://florin.myip.org/
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
Gnupg-users mailing list

Reply via email to