You are not logged in.
Hello,
As I use gnupg, I run the gpg-agent. I run it with systemd --user and it works flawlessly. As I already run gpg-agent, I figured I might as well just add my ssh keys to it as well. Therefore I start gpg-agent with --enable-ssh-support. I use my SSH keys a lot and never had any problems with connecting to anything with a simple ssh .... or pushing things to git etc.
As the SOCKS_AUTH_SSH envvar needs to be set for ssh-add to work, I added this line to my .bashrc
export SSH_AUTH_SOCK=~/.gnupg/S.gpg-agent.ssh
Now, adding my SSH Keys with a simple ssh-add seems to work fine (no errors etc).
However, when I try to connect to a server now, the following happens:
ssh -vT user@server.com
OpenSSH_6.8p1, OpenSSL 1.0.2a 19 Mar 2015
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to XXXXXXXXX port XXXXX.
debug1: Connection established.
debug1: identity file /home/XXXXX/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/XXXXX/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.8
debug1: match: OpenSSH_6.8 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr umac-64-etm@openssh.com none
debug1: kex: client->server aes128-ctr umac-64-etm@openssh.com none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:Mw5MTDp91yExgStdoMPMwi2yZdoG9MruOm+6XiC5Vks
debug1: Host '[XXXXXXX]:XXX' is known and matches the ECDSA host key.
debug1: Found key in /home/XXXX/.ssh/known_hosts:1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/XXXXX/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: No more authentication methods to try.
Permission denied (publickey).
Which is very strange as id_rsa is my (ecrypted) private key. I am also prompted to enter the corresponding password when issuing ssh-add.
What could the problem be in this case? Thanks a lot!!
Last edited by replax (2015-05-18 19:06:58)
Offline
Did you look through: https://wiki.archlinux.org/index.php/SSH_keys
It sounds like you havent uploaded your public key with
ssh-copy-id remote-server.org
Offline
Please paste your service file.
Offline
My service file is (~/.config/systemd/user/gpg-agent.service):
[Unit]
Description=GnuPG private key agent
IgnoreOnIsolate=true
[Service]
Type=forking
ExecStart=/usr/bin/gpg-agent --daemon --enable-ssh-support
ExecStop=/usr/bin/pkill gpg-agent
Restart=on-abort
[Install]
WantedBy=default.target
@Durden, my key is added on the remote server. If I do not add my SSH Key to my gpg-agent, I can login just fine. That is what is strange to me to begin with..
Last edited by replax (2015-05-18 18:47:49)
Offline
Do you see the approved key in:
~/.gnupg/sshcontrol
?
Offline
Well, there is something listed in .gnupg/sshcontrol , I am not sure if it is connected to my own key though. I tried ssh-add -l and it will list my one key, although it is different from the one in sshcontrol. I suspect that that is an issue of presentation though, as ssh-add spews out the SHA256 of my key..
How could I go about verifying that they key is indeed correct? Shouldn't it be added automatically by ssh-add?
Thanks a lot!!
Offline
Well, there is something listed in .gnupg/sshcontrol , I am not sure if it is connected to my own key though. I tried ssh-add -l and it will list my one key, although it is different from the one in sshcontrol. I suspect that that is an issue of presentation though, as ssh-add spews out the SHA256 of my key..
How could I go about verifying that they key is indeed correct? Shouldn't it be added automatically by ssh-add?
Thanks a lot!!
Yes it should be added automatically. I suppose you could try it in a new user just to start fresh and see if it works, at least then you'll have either verified that your steps were correct or incorrect.
Offline