On 05/07/16 23:23, Daniel Kahn Gillmor wrote: > You're right, this really is a better question for OpenSSH users.
Well, I'm stubborn, and I'm still going to answer here :-). > Do you have a .pub file of the public part of your identity? try > pointing Identities to that file. Yes, that occured to me as well as a possibility to try. It turned out to be the correct idea. With default config, no restrictions: > $ ssh-add -l > 2048 27:f1:31:87:c8:05:5e:30:32:04:61:83:af:f5:8d:a1 cardno:000500000241 (RSA) > 2048 69:22:fd:08:4e:a5:77:c5:2c:1c:c5:e4:e3:e0:96:96 /home/peter/.ssh/id_rsa > (RSA) > 256 03:92:b4:ff:0b:8c:dc:39:63:d0:18:c1:1e:78:12:ff test_id (ED25519) > $ ssh -vvv mscrabtree > OpenSSH_6.7p1 Debian-5+deb8u2, OpenSSL 1.0.1t 3 May 2016 > debug1: Reading configuration data /home/peter/.ssh/config > [...] > debug1: Offering RSA public key: /home/peter/.ssh/id_rsa > debug3: send_pubkey_test > debug2: we sent a publickey packet, wait for reply > debug1: Server accepts key: pkalg ssh-rsa blen 277 > debug2: input_userauth_pk_ok: fp > 69:22:fd:08:4e:a5:77:c5:2c:1c:c5:e4:e3:e0:96:96 > debug3: sign_and_send_pubkey: RSA > 69:22:fd:08:4e:a5:77:c5:2c:1c:c5:e4:e3:e0:96:96 > Agent admitted failure to sign using the key. > debug1: Offering RSA public key: cardno:000500000241 > debug3: send_pubkey_test > debug2: we sent a publickey packet, wait for reply > debug1: Server accepts key: pkalg ssh-rsa blen 279 > debug2: input_userauth_pk_ok: fp > 27:f1:31:87:c8:05:5e:30:32:04:61:83:af:f5:8d:a1 > debug3: sign_and_send_pubkey: RSA > 27:f1:31:87:c8:05:5e:30:32:04:61:83:af:f5:8d:a1 > Agent admitted failure to sign using the key. > debug1: Offering ED25519 public key: test_id > debug3: send_pubkey_test > debug2: we sent a publickey packet, wait for reply > debug1: Server accepts key: pkalg ssh-ed25519 blen 51 > debug2: input_userauth_pk_ok: fp > 03:92:b4:ff:0b:8c:dc:39:63:d0:18:c1:1e:78:12:ff > debug3: sign_and_send_pubkey: ED25519 > 03:92:b4:ff:0b:8c:dc:39:63:d0:18:c1:1e:78:12:ff > Agent admitted failure to sign using the key. I'm not entering any password on purpose, so it will try more keys. And it offered all it had (since I configured the server to accept them all). Now with: > $ cat .ssh/config > [...] > IdentitiesOnly yes > > [...] > Host mscrabtree > IdentityFile /home/peter/.ssh/id_card.pub > $ ssh -vvv mscrabtree > [...] > debug1: Offering RSA public key: /home/peter/.ssh/id_card.pub > debug3: send_pubkey_test > debug2: we sent a publickey packet, wait for reply > debug1: Server accepts key: pkalg ssh-rsa blen 279 > debug2: input_userauth_pk_ok: fp > 27:f1:31:87:c8:05:5e:30:32:04:61:83:af:f5:8d:a1 > debug3: sign_and_send_pubkey: RSA > 27:f1:31:87:c8:05:5e:30:32:04:61:83:af:f5:8d:a1 > Agent admitted failure to sign using the key. > debug2: we did not send a packet, disable method > debug1: No more authentication methods to try. > Permission denied (publickey). It only offers my smartcard. Change it to > IdentityFile /home/peter/.ssh/test_id.pub > > $ ssh -vvv mscrabtree > [...] > debug1: Offering ED25519 public key: /home/peter/.ssh/test_id.pub > debug3: send_pubkey_test > debug2: we sent a publickey packet, wait for reply > debug1: Server accepts key: pkalg ssh-ed25519 blen 51 > debug2: input_userauth_pk_ok: fp > 03:92:b4:ff:0b:8c:dc:39:63:d0:18:c1:1e:78:12:ff > debug3: sign_and_send_pubkey: ED25519 > 03:92:b4:ff:0b:8c:dc:39:63:d0:18:c1:1e:78:12:ff > Agent admitted failure to sign using the key. > debug2: we did not send a packet, disable method > debug1: No more authentication methods to try. > Permission denied (publickey). It only offers the key test_id. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
