Re: Cannot export SSH public key
On Thu, Nov 23, 2023 at 10:17 AM Felix E. Klee wrote: > Can you explain why the output of `ssh-add -L` did not change? Also > why is it not the same as the output from `gpg --export-ssh-key > yubi...@f76.eu`? OK, I may have found the issue: $ grep -rl Use-for-ssh ~/.gnupg/private-keys-v1.d/* .gnupg/private-keys-v1.d/0E67508AC6866D82ABB95E0B53CF5D18DC48A786.key That’s the key grip of the master key: $ gpg -k --with-keygrip yubi...@f76.eu pub rsa4096 2023-06-29 [SC] 7A0FE73DDB744F0F97341DA71BE349D11B6ED589 Keygrip = 0E67508AC6866D82ABB95E0B53CF5D18DC48A786 uid [ultimate] Felix E. Klee (YubiKey) sub rsa4096 2023-06-29 [E] Keygrip = 07D6164F019D2EDF59C650992CF93776B2DD17F2 sub rsa4096 2023-11-22 [A] Keygrip = 9C67E5BBB72EF0BF2625792F8F134CE4FD961FF5 I don’t remember adding this, but I guess I did, maybe some months ago. Anyhow, now I removed `Use-for-ssh` from that key. I then added the keygrip of the authentication key to `~/.gnupg/sshcontrol`. However, that doesn’t work: $ ssh-add -l The agent has no identities. Only if I add the key grip of the master key to `~/.gnupg/sshcontrol`, then `ssh-add -l` is happy. But this seems wrong. I notice that the private key stub of the authentication sub key isn’t present in `~/.gnupg/private-keys-v1.d`: $ ls -1 ~/.gnupg/private-keys-v1.d/ 07D6164F019D2EDF59C650992CF93776B2DD17F2.key 0E67508AC6866D82ABB95E0B53CF5D18DC48A786.key 250CD54A263D092C462509D83D034E4BAAF73311.key BB1D7402E4603D0C12512AB235B12FE1F4BD9667.key *How do I generate the private key stub for the authentication sub key?* `gpg --card-status` doesn’t do it. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: No SSH public key authentication using smartcard
Hi, this is exactly what I thought. However, there's no solution for it. Let me repeat my comments posted previously to get an overview what is working... Actually I have a working setup on Windows 10, but here I use another terminal emulator: MobaXterm. And in the settings of MobaXterm I enabled SSH forwarding. As of now I don't want to continue using MobaXterm on Windows 11, but using Windows Terminal. I can run ssh-add.exe -L in Windows PowerShell and get the correct SSH public key fetched from secure card. THX Am 28.11.23 um 03:53 schrieb Jacob Bachmeyer: Thomas via Gnupg-users wrote: Hello Stephan, thanks for your reply. When you say I should modify ~/.ssh/config, where is this file? On jumphost? You need to configure SSH agent forwarding on your client, which will provide access to your local SSH agent at the jumphost via the SSH connection between your client and the jumphost. Since you are using a Windows client, ~/.ssh/config may not be relevant to your configuration. -- Jacob ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: No SSH public key authentication using smartcard
Thomas via Gnupg-users wrote: Hello Stephan, thanks for your reply. When you say I should modify ~/.ssh/config, where is this file? On jumphost? You need to configure SSH agent forwarding on your client, which will provide access to your local SSH agent at the jumphost via the SSH connection between your client and the jumphost. Since you are using a Windows client, ~/.ssh/config may not be relevant to your configuration. -- Jacob ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: No SSH public key authentication using smartcard
Hello Stephan, thanks for your reply. When you say I should modify ~/.ssh/config, where is this file? On jumphost? Actually I have a working setup on Windows 10, but here I use another terminal emulator: MobaXterm. And in the settings of MobaXterm I enabled SSH forwarding. As of now I don't want to continue using MobaXterm on Windows 11, but using Windows Terminal. Please not that I have not installed git for windows [1] that includes tool "Git BASH"; I don't think that this additional terminal is required to use SSH. I can run ssh-add.exe -L in Windows PowerShell and get the correct SSH public key fetched from secure card. But once connected to jumphost, all SSH relevant information is unavailable. THX On 2023-11-25 12:30, Stephan Verbücheln via Gnupg-users wrote: Coincidentally, I have a similar setup. Fortunately, you do *not* need Agent Forwarding for authentication via jump hosts. The entry for your host (in "~/.ssh/config") for this host should look something like this: Host myalias HostName myserver.com ProxyJump jumpserver.net IdentityAgent %d/.gnupg/S.gpg-agent.ssh There may be some Windows-specific pitfalls. Perhaps you have to be careful with the line breaks (Unix versus Windows convention) in the configuration files. Regards Stephan ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users Links: -- [1] https://gitforwindows.org/___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users