On 07/19/2016 05:54 PM, NIIBE Yutaka wrote: > On 07/19/2016 02:22 PM, Ben Warren wrote: >> We don’t see this issue when using a file-based key for SSH, >> although in that case we’re using ssh-agent, not gpg-agent. I’ll >> try using a file-based GPG key, which will be closer to the failing >> configuration. > > Are you using some other tools for Yubikey? > > People sometimes do or write a script with > > gpg-connect-agent "SCD RESET" /bye > > (to reset PIN auth state) but this only works well if we have a single > connection from gpg-agent to scdaemon. Having ssh-sessions (with > forwarding), we have multiple connections from gpg-agent to scdaemon. > This could be a cause of troubles.
I think that the problem occurs when we do "SCD RESET" above or removal/insertion of token during the use of SSH. It seems for me that OpenSSH client (7.2p2, in my case) keeps the connection to ssh-agent even if it doesn't use forwarding. So, it is likely that we encounter this problem. Today, I fixed this issue by: commit 1598a4476466822e7e9c757ac471089d3db4b545 Please try it out. -- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users