[pkg-gnupg-maint] Bug#934237: Bug#934237: yubikey communication fails on startup
NIIBE Yutaka
gniibe at fsij.org
Fri Aug 9 01:08:35 BST 2019
Antoine Beaupre <anarcat at debian.org> wrote:
> When I login in the morning, my Yubikey setup fails to let me connect
> to remove SSH servers:
How do you invoke gpg-agent? If it is through your first SSH
invocation, gpg-agent wouldn't know the place where to ask PIN (TTY and
DISPLAY).
You can check if you can use your tokan with SSH after your first
invocation of:
$ gpg --card-status
or
$ gpg-connect-agent UPDATESTARTUPTTY /bye
Then, that's the case.
gpg-agent should know the place where to ask PIN (TTY and DISPLAY), and
it is told by gpg frontend or gpg-connct-agent. But in the case of SSH
(external/foreign program), there is no such mechanism telling the
place.
> aoû 08 09:51:37 curie gpg-agent[3298]: smartcard signing failed: Ioctl() inapproprié pour un périphérique
> aoû 08 09:51:37 curie gpg-agent[3298]: ssh sign request failed: Ioctl() inapproprié pour un périphérique <Pinentry>
If it is "Inappropriate ioctl for device", it means that pinentry failed
because of no place to ask.
> Once gpg-agent is restarted, the Yubikey works fine again. And that
> is, even if it's unplugged and plugged back in again.
For me, it sounds like... it is your first invocation of SSH (by systemd
watching the socket), which invokes gpg-agent.
--
More information about the pkg-gnupg-maint
mailing list