gpg-agent and SSH: No keys - Glam Prestige Journal

I'm trying to enable SSH authentication through my GPG subkey, using this tutorial. However, I borrowed and used the .init script from this blog (in lieu of editing my Xprofile).

However, I'm getting a very peculiar error message:

┌─[12:53:49]─[user@pc]
└──> ~ $ ssh-add -l
gpg-agent[7659]: ssh handler 0xABCD1234 for fd 5 started
gpg-agent[7659]: ssh request 1 is not supported
gpg-agent[7659]: ssh request handler for request_identities (11) started
gpg-agent[7659]: no running SCdaemon - starting it
gpg-agent[7659]: DBG: first connection to SCdaemon established
gpg-agent[7659]: no authentication key for ssh on card: Card error
gpg-agent[7659]: /home/user/.gnupg/sshcontrol:4: key '[keygrip from auth key]' skipped: No such file or directory
gpg-agent[7659]: ssh request handler for request_identities (11) ready
The agent has no identities.
gpg-agent[7659]: ssh handler 0xABCD1234 for fd 5 terminated

This, of course, makes no sense because I have never used a smartcard, nor do I think I have smartcard drivers installed.

Additionally, these GPG keys are valid and are imported. The key listed above also does have an authentication subkey.

I am running GnuPG version 2.1.1.

Is there any way to fix this, and (as a bonus), get my SSH keys working through GPG?

Contents of ~/.gnupg/sshcontrol:

# List of allowed ssh keys. Only keys present in this file are used
# in the SSH protocol. The ssh-add tool may add new entries to this
<keygrip from my auth key>

Edit: Upon doing set | grep SSH_AUTH_SOCK, I get:

SSH_AUTH_SOCK=/run/user/1000/keyring-PLDuNs/ssh

However, upon trying to cat this file, I get a No such device or address error. However, I'm not sure if this is relevant or just user error by expecting a return.

1 Answer

I see two problems with your setup:

However, I borrowed and used the .init script from this blog (in lieu of editing my Xprofile).
The init script from that blog post is outdated (i.e., for versions of GnuPG prior to 2.1). Don't use it.
Edit: Upon doing set | grep SSH_AUTH_SOCK, I get:
```
SSH_AUTH_SOCK=/run/user/1000/keyring-PLDuNs/ssh
```
However, upon trying to cat this file, I get a No such device or address error. However, I'm not sure if this is relevant or just user error by expecting a return.
You're using the wrong SSH auth socket.

For a source on these claims, consult the official documentation. For a straight fix, see Jens Erat’s outline of the process on the Unix StackExchange. Copied here for convenience:

enable the ssh-agent protocol by adding enable-ssh-support to ~/.gnupg/gpg-agent.conf

export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh; you might want to do that in your ~/.profile

kill ssh-agent if started and reload gpg-agent (gpg-connect-agent reloadagent /bye)

export and add your public key to target servers (ssh-add -L should now contain the familiar SSH public key line for your OpenPGP key)

Editor's Note: This step can be simplified by adding the key's ‘keygrip’ value to ~/.gnupg/sshcontrol and then authorizing it on the remote server with ssh-copy-id.

ssh to the target server as with a normal SSH key

1 Answer

Your Answer

Sign up or log in

Post as a guest

Related Journals

Where to locate png for nether portal in assets

How to get a Ships-of-the-Line?

In Score Attack mode, what affects the score?

How do I retrieve the special vehicles from my garage?