[pkg-gnupg-maint] Bug#998728: gnupg: gpg-agent ssh refuses smartcad operation

José Pekkarinen jose.pekkarinen at foxhound.fi
Sun Nov 7 09:11:48 GMT 2021 

Package: gnupg
Version: 2.2.27-2
Severity: normal

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?

   Using gpg agent for ssh returns refused operation when using
   smartcard.

   * What exactly did you do (or not do) that was effective (or
     ineffective)?

   I configured the gpg agent by adding enable-ssh-support to ~/.gnupg/gpg-agent.conf,
   I added also my key grip to .gnupg/sshcontrol and I added the
   following lines to my .bashrc:

   export GPG_TTY=$(tty)
   export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)

   Since then I can see:

   $ ssh-add -l
   4096 SHA256:QXx1d/USG3KeT3UqD74YXHnTM5SEbzZ0t3HREUcpEjI cardno:000609023428 (RSA)

   And:

   ● gpg-agent-ssh.socket - GnuPG cryptographic agent (ssh-agent emulation)
     Loaded: loaded (/usr/lib/systemd/user/gpg-agent-ssh.socket; enabled; vendor preset: enabled)
     Active: active (running) since Sun 2021-11-07 10:27:36 EET; 42min ago
   Triggers: ● gpg-agent.service
       Docs: man:gpg-agent(1)
             man:ssh-add(1)
             man:ssh-agent(1)
             man:ssh(1)
     Listen: /run/user/1000/gnupg/S.gpg-agent.ssh (Stream)
     CGroup: /user.slice/user-1000.slice/user at 1000.service/app.slice/gpg-agent-ssh.socket

   However, when I do a git clone over ssh, I see:

   sign_and_send_pubkey: signing failed for RSA "cardno:000609023428" from agent: agent refused operation

   * What was the outcome of this action?

   sign_and_send_pubkey: signing failed for RSA "cardno:000609023428" from agent: agent refused operation

   * What outcome did you expect instead?

   Doing the git clone.

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: 11.1
  APT prefers stable
  APT policy: (700, 'stable'), (650, 'testing'), (500, 'stable-updates'), (500, 'stable-security')
Architecture: amd64 (x86_64)

Kernel: Linux 5.14.9 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gnupg depends on:
ii  dirmngr         2.2.27-2
ii  gnupg-l10n      2.2.27-2
ii  gnupg-utils     2.2.27-2
ii  gpg             2.2.27-2
ii  gpg-agent       2.2.27-2
ii  gpg-wks-client  2.2.27-2
ii  gpg-wks-server  2.2.27-2
ii  gpgsm           2.2.27-2
ii  gpgv            2.2.27-2

gnupg recommends no packages.

Versions of packages gnupg suggests:
pn  parcimonie  <none>
pn  xloadimage  <none>

-- no debconf information

More information about the pkg-gnupg-maint mailing list