[pkg-gnupg-maint] Bug#1008573: gpg-agent -managed SSH keys stored in Yubikeys cannot be used with OpenSSH 8.9
Vagrant Cascadian
vagrant at debian.org
Mon Apr 11 22:18:11 BST 2022
On 2022-04-11, Vagrant Cascadian wrote:
> On 2022-03-28, Philippe Grégoire wrote:
>> After upgrading openssh-client to 8.9p1, Yubikey-managed SSH keys
>> can no longer be used. After downgrading to 1:8.4p1-5, it works.
>> I believe this is due to recent changes in OpenSSH 8.9 regarding
>> ssh-agent communication protocol which GnuPG hasn't yet picked up,
>> but haven't found anything on GnuPG's bug tracker.
>
>> $ ssh example.com
>> sign_and_send_pubkey: signing failed for ED25519 "cardno:XXXXXXXX" from agent: agent refused operation
>> username at example.com's password:
>
> Same problem with Gnuk, presumably multiple or all smartcards are
> affected?
According to some folks on irc.oftc.net #debian-devel, not all
smartcards are affected, we're the lucky ones!
I am using a fairly old build of gnuk, maybe newer firmware versions
have been made compatible somehow... ?
> Although I was until today using openssh 8.9 just fine, it wasn't until
> the openssh 9.0 upgrade that it stopped working for me...
For me, downgrading to openssh 1:8.9p1-3 seems to work fine.
I've marked that version of openssh as hold for now, but that feels very
wrong. :/
live well,
vagrant
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20220411/7a822554/attachment.sig>
More information about the pkg-gnupg-maint
mailing list