gpg-agent and SSH: No keys

ssh gnupg

5,298

I see two problems with your setup:

However, I borrowed and used the .init script from this blog (in lieu of editing my Xprofile).

The init script from that blog post is outdated (i.e., for versions of GnuPG prior to 2.1). Don't use it.
Edit: Upon doing set | grep SSH_AUTH_SOCK, I get:
```
SSH_AUTH_SOCK=/run/user/1000/keyring-PLDuNs/ssh
```
However, upon trying to cat this file, I get a No such device or address error. However, I'm not sure if this is relevant or just user error by expecting a return.
You're using the wrong SSH auth socket.

For a source on these claims, consult the official documentation. For a straight fix, see Jens Erat’s outline of the process on the Unix StackExchange. Copied here for convenience:

enable the ssh-agent protocol by adding enable-ssh-support to ~/.gnupg/gpg-agent.conf

export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh; you might want to do that in your ~/.profile

kill ssh-agent if started and reload gpg-agent (gpg-connect-agent reloadagent /bye)

export and add your public key to target servers (ssh-add -L should now contain the familiar SSH public key line for your OpenPGP key)

Editor's Note: This step can be simplified by adding the key's ‘keygrip’ value to ~/.gnupg/sshcontrol and then authorizing it on the remote server with ssh-copy-id.

ssh to the target server as with a normal SSH key

5,298

Kaz Wolfe

Hello. You showed up in my review queue. You will be reviewed and re-tagged if necessary. Failure to comply may result in harm. Yes, I am a wolf. Awoo. IT director for a warehousing company, doing networking, systems, and support. My languages of choice are Java and Python. One of the six people who actually like MongoDB. Self-declared cybersecurity expert. If you need me, swing by the AskUbuntu General Room or contact me on Discord. If you want to talk to me over e-mail for some reason, shoot a message to the below listed address. Please don't spam me. Notable Achievements Wrote WolfBot. And abandoned it. And then went back to working on it. And then archived it to go work on Discord chatbots Played video games Managed to nuke an entire Linux install, live. And then fix it, live. Reddit. Operate DIY Tech, a partnered Discord server. Honestly not much. I'm pretty boring. Contact Information PGP Key: 2588 13F5 3A16 EBB4 (Keybase Enabled) Discord: KazWolfe#2896 E-mail: (username)@linux.com

Updated on September 18, 2022

Comments

Kaz Wolfe over 1 year
I'm trying to enable SSH authentication through my GPG subkey, using this tutorial. However, I borrowed and used the .init script from this blog (in lieu of editing my Xprofile).

However, I'm getting a very peculiar error message:
```
┌─[12:53:49]─[user@pc]
└──> ~ $ ssh-add -l
gpg-agent[7659]: ssh handler 0xABCD1234 for fd 5 started
gpg-agent[7659]: ssh request 1 is not supported
gpg-agent[7659]: ssh request handler for request_identities (11) started
gpg-agent[7659]: no running SCdaemon - starting it
gpg-agent[7659]: DBG: first connection to SCdaemon established
gpg-agent[7659]: no authentication key for ssh on card: Card error
gpg-agent[7659]: /home/user/.gnupg/sshcontrol:4: key '[keygrip from auth key]' skipped: No such file or directory
gpg-agent[7659]: ssh request handler for request_identities (11) ready
The agent has no identities.
gpg-agent[7659]: ssh handler 0xABCD1234 for fd 5 terminated
```
This, of course, makes no sense because I have never used a smartcard, nor do I think I have smartcard drivers installed.

Additionally, these GPG keys are valid and are imported. The key listed above also does have an authentication subkey.

I am running GnuPG version 2.1.1.

Is there any way to fix this, and (as a bonus), get my SSH keys working through GPG?

Contents of ~/.gnupg/sshcontrol:
```
# List of allowed ssh keys.  Only keys present in this file are used
# in the SSH protocol.  The ssh-add tool may add new entries to this

<keygrip from my auth key>
```
Edit: Upon doing set | grep SSH_AUTH_SOCK, I get:
```
SSH_AUTH_SOCK=/run/user/1000/keyring-PLDuNs/ssh
```
However, upon trying to cat this file, I get a No such device or address error. However, I'm not sure if this is relevant or just user error by expecting a return.
- Jakuje over 8 years
  
  What do you have in your /home/user/.gnupg/sshcontrol? It looks like something broken there.
- Kaz Wolfe over 8 years
  
  @Jakuje Edited to show (censored) contents.
- Jakuje over 8 years
  
  What are you trying to achieve in the first place? Why don't you use normal ssh keys and normal ssh-agent in the first place?
- Kaz Wolfe over 8 years
  
  @Jakuje I'm trying to swap over to using my GPG authentication key for SSH logins from now on. And, when I eventually do move over to a smartcard, I'll be able to use that for SSH logins.
- Jakuje over 8 years
  
  Fair enough. I would like to give it a try some time also. Maybe tomorrow. For bonus, you can add the keys just using ssh-add ~/.ssh/id_rsa or where they are (if you don't have the gpg-agent totally messed up).
- Jens Erat over 8 years
  
  ssh-add -l requests gpg-agent to list all available keys -- this includes checking a smartcard if there is one. It looks like gpg-agent finds a smart card, but cannot talk with it. Try adding disable-scdaemon to ~/.gnupg/gpg-agent.conf and restart gpg-agent. Don't forget to remove that option once you've got an OpenPGP smartcard.
- Kaz Wolfe over 8 years
  
  @JensErat I tried that, and it returns the same thing, just without the smartcard error.