If SSH operations have been attempted while the OpenPGP card is unplugged
scdaemon may need to be restarted for it to recover the key.
The card reader is a PC/SC compatible Todos Argos Mini II reader. Driver source
available.
0. gpg-agent running with --enable-ssh-support
- card inserted
ssh-add -L
[shows SSH key]
- remove card
ssh-add -L
[shows no keys]
- insert card
ssh-add -L
[still shows no keys]
- Other operations such as "gpg --clearsign" still finds the card and is
successful. But it appears gpg now bypasses the agent and accesses the card
directly.
- Restart scdaeon
pkill -9 scdaemon; pkill -HUP gpg-agent
ssh-add -L
[now finds key again]
If the same is done, but skipping "ssh-add -L" in step 2 the nscdaemon finds the
card again, and the pin cache is cleared just like expected.
In this broken state .gnupg/reader_0.status reports "ACTIVE".
Also pcsc-wrapper is no longer running when this happens.
pcsc_scan properly identifies the card as removed / inserted OpenPGP.
Last lines of the logs says:
scdaemon[12866]: PC/SC RESET failed: no smartcard (0xffffffff8010000c)
scdaemon[12866]: no supported card application found: General error
gpg-agent[12810]: error getting serial number of card: General error
gpg-agent[12810]: ssh request handler for request_identities (11) ready
and scdaemon closes the connection to pcsc-wrapper.