Trouble with GPG Cards for SSH when using FIDO2
Philipp Schmidt
philipp at knutschmidt.de
Fri Feb 2 08:04:33 CET 2024
Hello Werner,
thanks a lot for your reply and all the useful commands. Please excuse the late reply, but this one is getting me crazy since I am not able to create a situation in which I can reliably reproduce the failure. I guess that is due to OS updates as well.
Here are some of the edgy cases:
- When I launch a bash right after startup `ssh-add -L` displays all the keys and they remain even after the usage of FIDO
- When I come back from Lunch - waking up the box from logout - the keys are gone, even with the bash still open.
- In case the keys are gone, none of the scripts you provided change anything.
Maybe that is helpful here: The code from my `.bashrc`:
```
export GPG_TTY="$(tty)"
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
gpgconf --launch gpg-agent
```
Adding `pscs-shared` completely breaks it, and it stops working.
I will further try to clearly reproduce it. Any hints are welcome.
THANKS FOR HELP!
Best Philipp
> Werner Koch <wk at gnupg.org> hat am 15.01.2024 17:04 CET geschrieben:
>
>
> On Mon, 15 Jan 2024 09:25, Philipp Schmidt said:
>
> > - Everything works fine until I use one of the keys for FIDO2
> > - Afterwards I cannot restore the service without a reboot
>
> Try to add
>
> pscs-shared
>
> to scdaemon.conf and gpgconf -R scdaemon. Does this change anything?
> If not, add
>
> log-file /foo/scd.log
> debug ipc,reader,card
>
> to scdaemon.conf and check the log file or send it to me. Make sure
> that you did not enter the PIN as it would show up in the log. If this
> does not give any hints, adding "debug cardio" will give even more
> verbose output.
>
>
> Salam-Shalom,
>
> Werner
>
> --
> The pioneers of a warless world are the youth that
> refuse military service. - A. Einstein
Philipp Schmidt (Diplom-Designer) | knutschmidt.de (http://knutschmidt.de) | philipp at knutschmidt.de | +49 176 23 43 27 79
-------------- next part --------------
A non-text attachment was scrubbed...
Name: public.asc
Type: application/pgp-keys
Size: 1753 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20240202/929a12ed/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 475 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20240202/929a12ed/attachment.sig>
More information about the Gnupg-users
mailing list