El día jueves, mayo 02, 2024 a las 07:46:33 +0200, Werner Koch via Gnupg-users escribió:
> On Thu, 2 May 2024 15:31, Matthias Apitz said: > > > which locks the card again. Any ideas? > > If you really want to reset the card after an operation _and_ you are > using pcscd you can use > > ... Thanks for all the hints. The problem with this OpenPGP card in the cellphone L5 is, that it is not an USB dongle which one could pull out to invalidate the access to the keys. It sits inside the phone as a Micro-SIM below the battery. So I now do with ~/.ssh/config: Host * # note: this needs in /etc/ssh/ssh_config: PermitLocalCommand yes # LocalCommand gpgconf --reload scdaemon This resets the card right after the PIN was provided for the SSH session. This works fine for ssh(1) command, but not for the scp(1) command. Even when I say: $ scp "-oPermitLocalCommand=yes" foo www.unixarea.de:. The "ssh" launched by "scp" shows in strace that it is launched with the valeu "-oPermitLocalCommand=no": $ grep exec scp.tr 10205 execve("/usr/bin/scp", ["scp", "-oPermitLocalCommand=yes", "foo", "www.unixarea.de"...], 0xffffdf2147a0 /* 32 vars */) = 0 10206 execve("/usr/bin/ssh", ["/usr/bin/ssh", "-x", "-oPermitLocalCommand=no", "-oClearAllForwardings=yes", "-oRemoteCommand=none", "-oRequestTTY=no", "-o", "PermitLocalCommand=yes", "-oForwardAgent=no", "-l", "XXXXXXXXXXXXXXXX", "--", "www.unixarea.de", "scp -t ."], 0xffffe38c6780 /* 32 vars */) = 0 To overcome this problem I use now a macro "scp" defined in ~/.bashrc function scp { $(which scp) $@ # lock the OpenPGP card again gpgconf --reload scdaemon } Thanks matthias -- Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub I am not at war with Russia. Я не воюю с Россией. Ich bin nicht im Krieg mit Russland. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users