[pkg-gnupg-maint] Bug#1008573: gpg-agent -managed SSH keys stored in Yubikeys cannot be used with OpenSSH 8.9

Vagrant Cascadian vagrant at debian.org
Mon Apr 11 19:00:55 BST 2022


On 2022-03-28, Philippe Grégoire wrote:
> After upgrading openssh-client to 8.9p1, Yubikey-managed SSH keys
> can no longer be used. After downgrading to 1:8.4p1-5, it works.
> I believe this is due to recent changes in OpenSSH 8.9 regarding
> ssh-agent communication protocol which GnuPG hasn't yet picked up,
> but haven't found anything on GnuPG's bug tracker.

> $ ssh example.com
> sign_and_send_pubkey: signing failed for ED25519 "cardno:XXXXXXXX" from agent: agent refused operation
> username at example.com's password:

Same problem with Gnuk, presumably multiple or all smartcards are
affected?

Although I was until today using openssh 8.9 just fine, it wasn't until
the openssh 9.0 upgrade that it stopped working for me...


live well,
  vagrant
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20220411/5b91b495/attachment.sig>


More information about the pkg-gnupg-maint mailing list