Antoine Beaupre <anar...@debian.org> wrote: > When I login in the morning, my Yubikey setup fails to let me connect > to remove SSH servers:
How do you invoke gpg-agent? If it is through your first SSH invocation, gpg-agent wouldn't know the place where to ask PIN (TTY and DISPLAY). You can check if you can use your tokan with SSH after your first invocation of: $ gpg --card-status or $ gpg-connect-agent UPDATESTARTUPTTY /bye Then, that's the case. gpg-agent should know the place where to ask PIN (TTY and DISPLAY), and it is told by gpg frontend or gpg-connct-agent. But in the case of SSH (external/foreign program), there is no such mechanism telling the place. > aoû 08 09:51:37 curie gpg-agent[3298]: smartcard signing failed: Ioctl() > inapproprié pour un périphérique > aoû 08 09:51:37 curie gpg-agent[3298]: ssh sign request failed: Ioctl() > inapproprié pour un périphérique <Pinentry> If it is "Inappropriate ioctl for device", it means that pinentry failed because of no place to ask. > Once gpg-agent is restarted, the Yubikey works fine again. And that > is, even if it's unplugged and plugged back in again. For me, it sounds like... it is your first invocation of SSH (by systemd watching the socket), which invokes gpg-agent. --