sshProject
ActivePublic

Members

  • This project does not have any members.

Recent Activity

Fri, Jan 8

werner closed T5167: GnuPG 2.25 still have problems related to Yubikey NEO. as Resolved.
Fri, Jan 8, 9:58 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Thu, Jan 7

jgentil added a comment to T5084: Using GPGWin 3.1.13, Putty fails to load the private key from a YubiKey.

I'm also getting this same error with GPG4Win 3.1.14.

Thu, Jan 7, 4:10 PM · gnupg, ssh, Bug Report, gpg4win

Wed, Jan 6

rupor-github added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I wrote https://github.com/rupor-github/win-gpg-agent to simplify usage on Windows until this issue is resolved - it handles various edge cases on Windows.

Wed, Jan 6, 7:25 PM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request

Tue, Jan 5

werner triaged T4992: ssh Yubikey not recognized, but Yubikey works with GPG well as Normal priority.
Tue, Jan 5, 9:35 AM · ssh, yubikey, Bug Report, gpg4win

Dec 23 2020

gbschenkel added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Already have set another, thanks gnibe! See ya!

Dec 23 2020, 2:27 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Please change your passphrase for your card, BTW.

Dec 23 2020, 1:31 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe changed the status of T5167: GnuPG 2.25 still have problems related to Yubikey NEO. from Open to Testing.
Dec 23 2020, 1:30 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Good. The error recovery worked well.

Dec 23 2020, 1:30 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Dec 22 2020

gbschenkel added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..
$ gpg --card-status
$ gpgconf --kill scdaemon
$ git fetch << (Used my PIN, I have reverted to my previous code other day, is not anymore 123456)

Dec 22 2020, 5:43 PM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Dec 21 2020

gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Thank you for your testing.
May I ask more test, please?

Dec 21 2020, 1:31 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Dec 20 2020

gbschenkel added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Hi, I have applied both patch and appears Yubikey is now working correct. I have uploaded the log here.

Dec 20 2020, 2:19 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Dec 16 2020

gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Nice, I gonna apply the patch and see if resolves for me!

Dec 16 2020, 3:55 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gbschenkel added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Nice, I gonna apply the patch and see if resolves for me!

Dec 16 2020, 3:25 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a commit to T5167: GnuPG 2.25 still have problems related to Yubikey NEO.: rG3c55e15cee4b: scd:ccid: Call libusb_clear_halt in ccid_vendor_specific_setup..
Dec 16 2020, 2:18 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a commit to T5167: GnuPG 2.25 still have problems related to Yubikey NEO.: rG585cfca0a60b: scd:ccid: Revert the addition of libusb_clear_halt for EP_INTR..
Dec 16 2020, 2:18 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Dec 10 2020

gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

With my Yubikey NEO, when I use OTP (touching the button to generate OTP output as key input), I observed "card eject" event:

2020-12-10 11:23:05 scdaemon[7254] DBG: ccid-driver: CCID: interrupt callback 0 (2)
2020-12-10 11:23:05 scdaemon[7254] DBG: ccid-driver: CCID: NotifySlotChange: 02
2020-12-10 11:23:05 scdaemon[7254] DBG: ccid-driver: CCID: card removed
2020-12-10 11:23:05 scdaemon[7254] DBG: enter: apdu_get_status: slot=0 hang=0
2020-12-10 11:23:05 scdaemon[7254] DBG: leave: apdu_get_status => sw=0x1000c status=0
2020-12-10 11:23:05 scdaemon[7254] DBG: Removal of a card: 0
Dec 10 2020, 3:46 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Dec 9 2020

gniibe added a commit to T5167: GnuPG 2.25 still have problems related to Yubikey NEO.: rGf50373027222: scd:ccid: Call libusb_clear_halt in ccid_vendor_specific_setup..
Dec 9 2020, 4:59 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a commit to T5167: GnuPG 2.25 still have problems related to Yubikey NEO.: rGffabc29d5ead: scd:ccid: Revert the addition of libusb_clear_halt for EP_INTR..
Dec 9 2020, 4:43 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

I checked the development log for the addition of:

libusb_clear_halt (handle->idev, handle->ep_intr);
Dec 9 2020, 4:35 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

I have another yubikey neo but its clean. Can it help it?

Dec 9 2020, 1:30 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gbschenkel added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

I have another yubikey neo but its clean. Can it help it?

Dec 9 2020, 12:57 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Changing modes will I lose/change my OTP and FIDO codes?

Dec 9 2020, 12:38 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Dec 8 2020

gbschenkel added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Changing modes will I lose/change my OTP and FIDO codes?

Dec 8 2020, 11:44 PM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe renamed T5167: GnuPG 2.25 still have problems related to Yubikey NEO. from GnuPG 2.25 still have problems related to Yubikey. to GnuPG 2.25 still have problems related to Yubikey NEO..
Dec 8 2020, 12:01 PM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe triaged T5167: GnuPG 2.25 still have problems related to Yubikey NEO. as High priority.
Dec 8 2020, 12:00 PM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Following device (a bit older than yours, I guess) works well:

DBG: ccid-driver: idVendor: 1050  idProduct: 0112  bcdDevice: 0334

When I configure it to OTP+FIDO+CCID, it also works for me, it is:

DBG: ccid-driver: idVendor: 1050  idProduct: 0116  bcdDevice: 0334
Dec 8 2020, 11:58 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Thanks a lot.
Let me explain the situation.

Dec 8 2020, 2:33 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Dec 7 2020

gbschenkel added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Hi, I changed the PIN, killed the gpg-agent and scdaemon, edited the scdaemon.conf to include your instruction, after, I run the following commands:

Dec 7 2020, 3:10 PM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Thank you for the information.
In the log, the driver detects removal of card wrongly.
That's the cause of this problem.

Dec 7 2020, 5:38 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gbschenkel added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Please show us the output of gpg --card-status, and your configuration if you have something special. Are you using Yubikey also for gpg's signing, or is it only for SSH?

Dec 7 2020, 5:12 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe claimed T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Please show us the output of gpg --card-status, and your configuration if you have something special. Are you using Yubikey also for gpg's signing, or is it only for SSH?

Dec 7 2020, 2:44 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Dec 6 2020

werner added projects to T5167: GnuPG 2.25 still have problems related to Yubikey NEO.: scd, ssh, yubikey, gnupg (gpg22).

There is no caching for smardcard PINs. Once a key (or group of keys) on a hard has been used (i.e. PIN entered). that key can be used as long as the card has not been reset or powered-down. No rule without exception: Some cards may require that a PIN entry is required for each crypto operation. For example the OpenPGP card (which is implemented on a Yubikey) does this for the signing key but not for the authentication (ssh) key. To disable this for the signing key you use the "forcesig" command of gpg --card-edit.

Dec 6 2020, 5:00 PM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Nov 23 2020

werner edited projects for T5084: Using GPGWin 3.1.13, Putty fails to load the private key from a YubiKey, added: gnupg; removed gnupg (gpg22).

Removing 2.2 tag because it has been fixed in one of the last releases.

Nov 23 2020, 1:44 PM · gnupg, ssh, Bug Report, gpg4win

Oct 1 2020

bvieira added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

@werner can you confirm if the environment I provided will work with OpenSSH support fully implemented?

Oct 1 2020, 5:49 PM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request

Sep 26 2020

werner claimed T5084: Using GPGWin 3.1.13, Putty fails to load the private key from a YubiKey.

That code in gnupg has not been touched in a very long time so this may be caused by some side effect.

Sep 26 2020, 2:29 PM · gnupg, ssh, Bug Report, gpg4win

Sep 11 2020

gniibe added a project to T5041: gpg-agent/scdaemon/gnuk unable to sign ssh certificate (Couldn't certify key … via agent: agent refused operation): Testing.
Sep 11 2020, 2:20 AM · Testing, ssh, Bug Report
gniibe changed the status of T5041: gpg-agent/scdaemon/gnuk unable to sign ssh certificate (Couldn't certify key … via agent: agent refused operation) from Open to Testing.

Fixed in Gnuk 1.2.16, although it still has a limitation by the I/O buffer size.

Sep 11 2020, 2:19 AM · Testing, ssh, Bug Report

Sep 4 2020

bvieira added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

So, if there's no support for native OpenSSH yet, I'll wait for it. After it's supported, I should be able to get the scenery I described working, right?

Sep 4 2020, 1:52 PM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request
werner added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Unfortunately you can't pass extra arguments.

Sep 4 2020, 7:47 AM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request
gniibe added a comment to T5041: gpg-agent/scdaemon/gnuk unable to sign ssh certificate (Couldn't certify key … via agent: agent refused operation).

Thanks for your information. No debug output any more, as I already figured out things.

Sep 4 2020, 1:53 AM · Testing, ssh, Bug Report

Sep 3 2020

ccx added a comment to T5041: gpg-agent/scdaemon/gnuk unable to sign ssh certificate (Couldn't certify key … via agent: agent refused operation).

In case of Ed25519 certificate signed by Ed25519 key with only few names and flags it seems to be just below 500 bytes. This could of course grow if names are added or larger public key is being signed.

Sep 3 2020, 5:14 PM · Testing, ssh, Bug Report
gpguser123 added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

@bvieira You need to set pinentry-mode=loopback for gpg program used in git.

Sep 3 2020, 4:22 PM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request
gniibe added a comment to T5041: gpg-agent/scdaemon/gnuk unable to sign ssh certificate (Couldn't certify key … via agent: agent refused operation).

Well, from the viewpoint of card specification, "a message M of arbitrary size" for Ed25519/Ed448 in RFC8032 is not good, because card has a limit for buffer size and the protocol in the OpenPGP card specification requires the steps of (1) the message M is buffered and then (2) the compute the signature.

Sep 3 2020, 3:15 AM · Testing, ssh, Bug Report

Sep 2 2020

bvieira added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I'm actually trying to do the following:

Sep 2 2020, 2:10 PM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request
avemilia added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

In the meantime you can use [0]. I have tested with ssh key on yubikey and AuthenticationMethods publickey, win32-ssh (or ssh-portable, which is the new repository name) correctly works with gpg and pinentry is called. Despite it being called wsl, wsl environment is not required.

Sep 2 2020, 1:59 PM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request
gniibe claimed T5041: gpg-agent/scdaemon/gnuk unable to sign ssh certificate (Couldn't certify key … via agent: agent refused operation).
Sep 2 2020, 5:42 AM · Testing, ssh, Bug Report
gniibe added a comment to T5041: gpg-agent/scdaemon/gnuk unable to sign ssh certificate (Couldn't certify key … via agent: agent refused operation).

I just confirmed that Gnuk has a limitation for the input length is less than or equals to 256.
So, this is the issue of Gnuk, not GnuPG (or at least, Gnuk has the problem).

Sep 2 2020, 5:40 AM · Testing, ssh, Bug Report
gniibe added a comment to T5041: gpg-agent/scdaemon/gnuk unable to sign ssh certificate (Couldn't certify key … via agent: agent refused operation).

Please show us concrete example of debug output by scdaemon, when you run ssh-keygen.
You can have a setup in .gnupg/scdaemon.conf like:

Sep 2 2020, 5:11 AM · Testing, ssh, Bug Report

Sep 1 2020

ccx updated the task description for T5041: gpg-agent/scdaemon/gnuk unable to sign ssh certificate (Couldn't certify key … via agent: agent refused operation).
Sep 1 2020, 4:24 PM · Testing, ssh, Bug Report
ccx added a comment to T5041: gpg-agent/scdaemon/gnuk unable to sign ssh certificate (Couldn't certify key … via agent: agent refused operation).

I've meant scdaemon rather than OpenSC. I'll correct the descritpion.

Sep 1 2020, 4:23 PM · Testing, ssh, Bug Report