Package: gpg-agent Version: 2.2.40-1 Severity: normal X-Debbugs-Cc: vagr...@debian.org
I recently switched to a new laptop running bookworm, and started noticing issues connecting to machines running openssh server 0.9.x (e.g. running bookworm). debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: cardno:FFFE 87023833 ED25519 SHA256:SrXM0ACTMy3d2DkLRt/UehScFvN8w+62NoN9/6+u5Kg agent debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 60 debug1: Server accepts key: cardno:FFFE 87023833 ED25519 SHA256:SrXM0ACTMy3d2DkLRt/UehScFvN8w+62NoN9/6+u5Kg agent debug3: sign_and_send_pubkey: using publickey-hostbound-...@openssh.com with ED25519 SHA256:SrXM0ACTMy3d2DkLRt/UehScFvN8w+62NoN9/6+u5Kg debug3: sign_and_send_pubkey: signing using ssh-ed25519 SHA256:SrXM0ACTMy3d2DkLRt/UehScFvN8w+62NoN9/6+u5Kg sign_and_send_pubkey: signing failed for ED25519 "cardno:FFFE 87023833" from agent: agent refused operation debug1: Trying private key: /home/vagrant/.ssh/id_rsa ... I would assume that this is some client-side interaction, since the agent is running locally, but this same setup works fine when connecting to systems running older versions of openssh server (e.g. bullseye)... so there is definitely something about the newer openssh server versions that triggers the issue. I can also try using my older laptop, which was also running bookworm, to see if I missed something in the configuration. The openpgp smartcard is a fairly old gnuk firmware, fwiw. live well, vagrant -- System Information: Debian Release: bookworm/sid APT prefers testing-security APT policy: (500, 'testing-security'), (500, 'testing'), (1, 'experimental'), (1, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-6-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages gpg-agent depends on: ii gpgconf 2.2.40-1 ii init-system-helpers 1.65.2 ii libassuan0 2.5.5-5 ii libc6 2.36-8 ii libgcrypt20 1.10.1-3 ii libgpg-error0 1.46-1 ii libnpth0 1.6-3 ii pinentry-curses [pinentry] 1.2.1-1 ii pinentry-gnome3 [pinentry] 1.2.1-1 Versions of packages gpg-agent recommends: ii gnupg 2.2.40-1 Versions of packages gpg-agent suggests: ii dbus-user-session 1.14.6-1 ii libpam-systemd 252.6-1 ii pinentry-gnome3 1.2.1-1 ii scdaemon 2.2.40-1 -- no debconf information
signature.asc
Description: PGP signature