I have two Yubikey 5s: one for personal use and one for work. Each have a full set of subkeys; what I use most often is the authentication subkey for SSH authentication.
When the first card is plugged in already, plugging in the second card doesn't cause its key to show up in gpg-agent's SSH agent, or to be visible in any way. scdaemon seems unaware of the other card in all ways I can see -- from within gpg-connect-agent, I can see that scd getinfo card_list shows just the first one. The output of scd getinfo reader_list under Debian Buster running gpg 2.2.12 is similar -- just the one reader is listed. Under Windows with gpg4win 3.1.9 (which packages gpg 2.2.16), scd getinfo reader_list returns ERR 100663354 No data <SCD>
Furthermore, on gpg4win, unplugging the first card does not cause the second card to be recognized: instead, gpg --card-status as well as ssh-add -L report the old, now-unplugged card! (Unplugging the second card fixes this.) Fortunately I cannot reproduce this behavior on Debian -- there, unplugging the first card means the second card is immediately recognized.
I realize that it's probably quite a big project to add multi-card support to scdaemon, gpg-agent, and the gpg UI itself when it wasn't built in from the start, but I'd love to see any of the following:
- On Windows, unplugging the first card should be recognized by scdaemon, instead of reporting stale data; ideally the second card is recognized without replugging it (as it is under Debian)
- The ability to issue Assuan command(s) to scdaemon to switch between cards/readers when multiple Yubikeys are plugged in
- Even if gpg proper cannot use both cards at once, the ability for gpg-agent to serve the SSH keys of each card simultaneously
I'm happy to split this up into a bug report and a feature request, or multiple of each -- please let me know what makes the most sense. Thanks!