[pkg-gnupg-maint] Bug#1008573: gpg-agent -managed SSH keys stored in Yubikeys cannot be used with OpenSSH 8.9
Philippe Grégoire
deb at pgregoire.xyz
Mon Mar 28 21:09:18 BST 2022
Package: gpg-agent
Version: 2.2.27-3+b1
Severity: serious
Tags: upstream
Strongly related to openssh 8.9
After upgrading openssh-client to 8.9p1, Yubikey-managed SSH keys
can no longer be used. After downgrading to 1:8.4p1-5, it works.
I believe this is due to recent changes in OpenSSH 8.9 regarding
ssh-agent communication protocol which GnuPG hasn't yet picked up,
but haven't found anything on GnuPG's bug tracker.
$ ssh example.com
sign_and_send_pubkey: signing failed for ED25519 "cardno:XXXXXXXX" from agent: agent refused operation
username at example.com's password:
## See
https://www.openssh.com/agent-restrict.html
## Other reports
https://bugs.archlinux.org/task/74143
## Workaround
I use sid and had to add the stable repo to my sources.list, then
(due to dependencies):
apt-get install openssh-client=1:8.4p1-5 \
openssh-server=1:8.4p1-5 \
openssh-sftp-server=1:8.4p1-5
Regards
More information about the pkg-gnupg-maint
mailing list