Hi Yutaka, > I think that your ssh invocation is the first trigger to invoke > gpg-agent (by systemd).
Yes, I can confirm that after logging into the session there is no gpg-agent running (nor ssh-agent). > Does SSH work successfully, when gpg-agent is invoked by gpg, by running > something like "gpg --card-status" before running ssh? If SSH works > after "gpg --card-status", this is another way of workaround. No. I did reset the pinentry to the gnome version and it again failed: $ gpg --card-status Reader ...........: Yubico Yubikey NEO OTP U2F CCID 00 00 ... $ ssh kimsufi sign_and_send_pubkey: signing failed: agent refused operation sign_and_send_pubkey: signing failed: agent refused operation .. $ > $ gpg-connect-agent "getinfo std_startup_env" /bye Looks fine to me, too: $ gpg-connect-agent "getinfo std_startup_env" /bye D DISPLAY=:0 D XAUTHORITY=/home/norbert/.Xauthority D XMODIFIERS=@im=fcitx D GTK_IM_MODULE=fcitx D DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus D QT_IM_MODULE=fcitx OK $ > You can test if pinentry itself works in your environment. Here is my > example session, where "-->" stands for my input and "#" is comment. Works here, too: $ pinentry-gnome3 OK Pleased to meet you getpin D hello OK bye OK closing connection $ (got a window asking me to enter) So that is rather cryptic indeed ... Best Norbert -- PREINING Norbert http://www.preining.info Accelia Inc. + JAIST + TeX Live + Debian Developer GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13