Page MenuHome GnuPG

sshProject
ActivePublic

Recent Activity

Mar 4 2024

Zymlex added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

In case if someone finds it through a search:

Mar 4 2024, 9:51 PM · Not A Bug, workaround, gnupg24, Windows, ssh

Feb 21 2024

werner closed T5084: Using GPGWin 3.1.13, Putty fails to load the private key from a YubiKey as Resolved.

Closing due to age and because gpg4win 4 started to using the much improved GnuPG 2.4

Feb 21 2024, 5:45 PM · gnupg, ssh, Bug Report, gpg4win

Jan 5 2024

werner moved T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent from Backlog to done on the gnupg24 board.
Jan 5 2024, 12:04 PM · Not A Bug, workaround, gnupg24, Windows, ssh

Oct 16 2023

werner triaged T6756: max-cache-ttl-ssh overrides max-cache-ttl as Low priority.
Oct 16 2023, 1:24 PM · MacOS, gpgagent, ssh, Bug Report

Oct 10 2023

memeplex updated the task description for T6756: max-cache-ttl-ssh overrides max-cache-ttl.
Oct 10 2023, 2:20 PM · MacOS, gpgagent, ssh, Bug Report
memeplex updated the task description for T6756: max-cache-ttl-ssh overrides max-cache-ttl.
Oct 10 2023, 2:19 PM · MacOS, gpgagent, ssh, Bug Report
memeplex created T6756: max-cache-ttl-ssh overrides max-cache-ttl.
Oct 10 2023, 2:13 PM · MacOS, gpgagent, ssh, Bug Report

Sep 26 2023

jplejacq added a comment to T6250: GPG-Agent doesn't work properly with smart cards and ed25519 keys and SSH Agent.

Here's another data point.

Sep 26 2023, 4:13 PM · gnupg, Documentation, ssh

Aug 28 2023

kelseyradley added a comment to T5794: Cannot add ed25519 SSH key with empty comment.
Aug 28 2023, 6:28 AM · ssh, gnupg (gpg22), Bug Report
kelseyradley added a comment to T2760: Populate comment field when exporting authentication key for SSH.
Aug 28 2023, 6:27 AM · gnupg24, ssh, Feature Request

May 26 2023

werner edited projects for T6250: GPG-Agent doesn't work properly with smart cards and ed25519 keys and SSH Agent, added: gnupg; removed gnupg24.
May 26 2023, 10:03 AM · gnupg, Documentation, ssh

Apr 26 2023

ebo closed T6212: The ssh keys are no longer returned in the order from control file after T5996 as Resolved.
Apr 26 2023, 9:20 AM · gnupg24 (gnupg-2.4.1), ssh, Feature Request

Apr 18 2023

werner moved T6212: The ssh keys are no longer returned in the order from control file after T5996 from QA to gnupg-2.4.1 on the gnupg24 board.
Apr 18 2023, 9:42 AM · gnupg24 (gnupg-2.4.1), ssh, Feature Request

Feb 1 2023

werner changed the status of T6212: The ssh keys are no longer returned in the order from control file after T5996 from Open to Testing.
Feb 1 2023, 9:36 AM · gnupg24 (gnupg-2.4.1), ssh, Feature Request
werner moved T6212: The ssh keys are no longer returned in the order from control file after T5996 from QA to WiP on the gnupg24 board.
Feb 1 2023, 9:36 AM · gnupg24 (gnupg-2.4.1), ssh, Feature Request
werner moved T6212: The ssh keys are no longer returned in the order from control file after T5996 from WiP to QA on the gnupg24 board.

See the the commit for a description of the changes.

Feb 1 2023, 9:29 AM · gnupg24 (gnupg-2.4.1), ssh, Feature Request
gniibe added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

@MathiasMagnus This change is to support Win32-OpenSSH by gpg-agent emulation of ssh-agent; You can use gpg-agent emulation of ssh-agent when you use Win32-OpenSSH. That is, you can use GPG auth subkey for Win32-OpenSSH.

Feb 1 2023, 6:03 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Jan 31 2023

werner moved T6212: The ssh keys are no longer returned in the order from control file after T5996 from Backlog to WiP on the gnupg24 board.
Jan 31 2023, 12:40 PM · gnupg24 (gnupg-2.4.1), ssh, Feature Request
MathiasMagnus added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

@gniibe Am I misunderstanding something? I thought that with this change one is able to connect from a Windows box to a Linux box and have GPG agent forwarding work. I am still hitting pretty much the same issue described here: https://github.com/PowerShell/Win32-OpenSSH/issues/1564
On my Windows endpoint I'm running gpg.exe version 2.4.0.49237 and in C:\Users\mate\AppData\Roaming\gnupg\gpg-agent.conf I have a single line enable-win32-openssh-support. Running gpg-connect-agent.exe reloadagent /bye I have a gpg-agent running. Get-Process gpg-agent shows that it's running. In my Windows env I have SSH_AUTH_SOCK set to \\.\pipe\openssh-ssh-agent and my Linux endpoint is configured in SSH config with

ForwardAgent yes
AddKeysToAgent yes
RemoteForward /run/user/1015/gnupg/S.gpg-agent C\:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra

As the remote end reports /run/user/1015/gnupg/S.gpg-agent that socket for agent-socket when issuing gpgconf --list-dirs and my local gpgconfg.exe --list-dirs reports C%3a\Users\mate\AppData\Local\gnupg\S.gpg-agent.extra where I transform %3a to \: manually. SSH authentication works perfectly, when connecting pinentry-qt pops up to unlock my key and when connecting to yet another machine, my SSH agent is forwarded again. However, gpg fails to use my agent. Issuing gpg --list-secret-keys --verbose prints the following to the console:

gpg --list-secret-keys --verbose
gpg: using pgp trust model
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
gpg: no running gpg-agent - starting '/usr/bin/gpg-agent'
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
gpg: waiting for the agent to come up ... (5s)
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
gpg: waiting for the agent to come up ... (4s)
gpg: waiting for the agent to come up ... (3s)
gpg: waiting for the agent to come up ... (2s)
gpg: waiting for the agent to come up ... (1s)
gpg: can't connect to the agent: End of file

What is missing to tie the knot on both ends without having to resort to 3rd party tools like @rupor-github 's agent-gui? The remote gpg version is 2.2.19, is that the issue? Must that also be 2.3.9+?

Jan 31 2023, 10:35 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Jan 24 2023

werner added a comment to T6212: The ssh keys are no longer returned in the order from control file after T5996.

Let's first collect all keys, assign a priority, sort, and only then send them back to ssh.

Jan 24 2023, 10:06 AM · gnupg24 (gnupg-2.4.1), ssh, Feature Request

Jan 19 2023

werner updated the task description for T2760: Populate comment field when exporting authentication key for SSH.
Jan 19 2023, 4:50 PM · gnupg24, ssh, Feature Request
werner removed a project from T5995: Better prompt with SETKEYDESC: gnupg (gpg23).
Jan 19 2023, 4:47 PM · gnupg24, ssh, gpgagent, scd
werner removed a project from T6212: The ssh keys are no longer returned in the order from control file after T5996: gnupg (gpg23).
Jan 19 2023, 4:44 PM · gnupg24 (gnupg-2.4.1), ssh, Feature Request
werner removed a project from T6250: GPG-Agent doesn't work properly with smart cards and ed25519 keys and SSH Agent: gnupg (gpg23).
Jan 19 2023, 4:44 PM · gnupg, Documentation, ssh

Dec 22 2022

werner closed T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent as Resolved.
Dec 22 2022, 10:34 AM · Not A Bug, workaround, gnupg24, Windows, ssh
mfilippov added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Thanks all. It is a bug in Win32 OpenSSH. https://github.com/PowerShell/Win32-OpenSSH/issues/1953 it is already fixed. I think the issue will be resolved after the update is shipped. I could use ssh -T git@github.com as a workaround.

Dec 22 2022, 10:05 AM · Not A Bug, workaround, gnupg24, Windows, ssh
gniibe added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Well, not our bug... it's a kind of support question and answer:
This might help: https://stackoverflow.com/questions/3844393/what-to-do-about-pty-allocation-request-failed-on-channel-0

Dec 22 2022, 1:00 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Dec 21 2022

werner added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

This does not look like a problem in GnuPG/gpg4win because gnupg implements the ssh-agent protocol and not the ssh server or client functionality. ssh tells sshd whether it shall allocate a PTY (Pseudo TTY). I don't use ssh with github but it is likely that you may only run commands (which don't require a PTY). Usually you would invoke a "git" command cia ssh.

Dec 21 2022, 12:10 PM · Not A Bug, workaround, gnupg24, Windows, ssh
mfilippov added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Authentication succeed if I pressed enter after:PTY allocation request failed on channel 0

Dec 21 2022, 10:58 AM · Not A Bug, workaround, gnupg24, Windows, ssh
mfilippov added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I try WinGPG 4.1.0, and I receive an error:
ssh git@github.com
PTY allocation request failed on channel 0

Dec 21 2022, 10:53 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Nov 25 2022

gniibe added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

Implications are... you won't be possible to use new protocols introduced by newer OpenSSH:

Nov 25 2022, 12:54 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

Nov 24 2022

amalon added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

Thanks. Adding 'PubkeyAuthentication unbound' to my ~/.ssh/config seems to workaround it for me on openssh-9.1p1-3 (arch). I don't quite follow what the implications of that setting are though.

Nov 24 2022, 9:01 PM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
gniibe renamed T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required) from OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required) to OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
Nov 24 2022, 2:38 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
gniibe added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

In my cases (tested with 9.1), here are the length of data to be signed by ssh-agent (emulation by gpg-agent).

  • 164 bytes: Both features disabled by: ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com -o PubkeyAuthentication=unbound
  • 192 bytes: Unbound only by: ssh -o PubkeyAuthentication=unbound
  • 298 bytes: No Post Quantum only by: ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com
  • 330 bytes: Both features enabled (no options)
Nov 24 2022, 2:22 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

Nov 22 2022

gniibe added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

I tested with openssh 9.1. When I add -o PubkeyAuthentication=unbound, I can make the length of data smaller.

Nov 22 2022, 8:12 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

Nov 9 2022

amalon added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
In T5931#165009, @alexk wrote:

A workaround you can add the following line to ~/.ssh/config or /etc/ssh/ssh_config:

KexAlgorithms -sntrup761x25519-sha512@openssh.com

For me ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com ... does work as well.

Nov 9 2022, 7:40 PM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
alexk added a project to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required): workaround.

A workaround you can add the following line to ~/.ssh/config or /etc/ssh/ssh_config:

Nov 9 2022, 10:51 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

Nov 1 2022

gniibe edited projects for T6250: GPG-Agent doesn't work properly with smart cards and ed25519 keys and SSH Agent, added: Documentation; removed Bug Report.

The problem here is how large the data to be signed is. It is an issue of protocol design. The protocols are explained in openssh/PROTOCOL.certkeys and openssh/PROTOCOL. Unfortunately, it seems that it was designed with not much consideration for smartcard use case, so, data to be signed may be longer (than the capability of smartcard).

Nov 1 2022, 12:59 AM · gnupg, Documentation, ssh

Oct 31 2022

alca7raz added a comment to T6250: GPG-Agent doesn't work properly with smart cards and ed25519 keys and SSH Agent.

Sadly, it doesn't work for me. But thank you.

Oct 31 2022, 11:31 AM · gnupg, Documentation, ssh
gniibe added a comment to T6250: GPG-Agent doesn't work properly with smart cards and ed25519 keys and SSH Agent.

I managed to find a way to minimize the data (less than the one on Oct 25).
And it somehow works for me.

Oct 31 2022, 7:52 AM · gnupg, Documentation, ssh

Oct 30 2022

alca7raz added a comment to T6250: GPG-Agent doesn't work properly with smart cards and ed25519 keys and SSH Agent.

So what should I do now? Should I report it to OpenSSH team?

Oct 30 2022, 5:03 PM · gnupg, Documentation, ssh

Oct 28 2022

werner updated subscribers of T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.
Oct 28 2022, 3:56 PM · Not A Bug, workaround, gnupg24, Windows, ssh
werner added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Will go into 2.3.9 and gpg4win 4.0.5

Oct 28 2022, 3:56 PM · Not A Bug, workaround, gnupg24, Windows, ssh

Oct 27 2022

werner triaged T6250: GPG-Agent doesn't work properly with smart cards and ed25519 keys and SSH Agent as Normal priority.
Oct 27 2022, 8:27 AM · gnupg, Documentation, ssh

Oct 26 2022

gniibe changed the status of T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent from Open to Testing.
Oct 26 2022, 9:24 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Oct 14 2022

gniibe added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Pushed to master.

Oct 14 2022, 7:03 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Sep 19 2022

werner triaged T6212: The ssh keys are no longer returned in the order from control file after T5996 as Normal priority.

We want to get rid of sshcontrol but we could keep it as an optional configuration to sort keys. I won't say it is a bug, though.

Sep 19 2022, 8:19 PM · gnupg24 (gnupg-2.4.1), ssh, Feature Request
chyen added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I hacked configure.ac of gnupg to force it build with libgpg-error 1.45, and OpenSSH works with the created pipe. Maybe the libgpg-error fix is only necessary in some certain circumstances?

Sep 19 2022, 5:22 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Sep 7 2022

gniibe added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

It's not yet pushed, because it requires new release of libgpg-error (for T6112: libgpg-error,w32: bidirectional Pipe support for estream).

Sep 7 2022, 1:56 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Sep 6 2022

aheinecke added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I was looking for this when writing the update NEWS for the latest release and noticed that this has not been pushed yet. I really think that it would be nice to have that. Especially for Smartcard use cases.

Sep 6 2022, 11:53 AM · Not A Bug, workaround, gnupg24, Windows, ssh