Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Doesn't prompt for ssh connection #42

Open
kidylee opened this issue Nov 19, 2024 · 0 comments
Open

Doesn't prompt for ssh connection #42

kidylee opened this issue Nov 19, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@kidylee
Copy link

kidylee commented Nov 19, 2024

Describe the bug

Followed this link to setup pgp as ssh key agent: https://gist.github.com/mcattarinussi/834fc4b641ff4572018d0c665e5a94d3

It works with pinentry-mac, but touch-id doesn't prompt when run ssh -T [email protected]

System information

macOS

  • Architecture: (M1)
  • Version: (e.g. 15.1)

GPG

  • Output of gpg --version:
% gpg --version
gpg (GnuPG) 2.4.6
libgcrypt 1.10.3
Copyright (C) 2024 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /Users/kidylee/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
       CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
  • Installed via Homebrew?
    Yes

Configuration

pinentry-program /opt/homebrew/opt/pinentry-touchid/bin/pinentry-touchid
enable-ssh-support
# default-cache-ttl 1
debug-level basic
log-file /Users/kidylee/.gnupg/gpg-agent.log

Logs

2024-11-19 16:18:43 gpg-agent[59579] ssh handler 0x16eedb000 for fd 8 started
2024-11-19 16:18:43 gpg-agent[59579] ssh request handler for extension (27) started
2024-11-19 16:18:43 gpg-agent[59579] ssh-agent extension '[email protected]' received
2024-11-19 16:18:43 gpg-agent[59579] ssh-agent extension '[email protected]' not supported
2024-11-19 16:18:43 gpg-agent[59579] ssh request handler for extension (27) ready
2024-11-19 16:18:43 gpg-agent[59579] ssh request handler for request_identities (11) started
2024-11-19 16:18:43 gpg-agent[59579] no running /opt/homebrew/Cellar/gnupg/2.4.6/libexec/scdaemon daemon - starting it
2024-11-19 16:18:43 gpg-agent[59579] DBG: chan_10 <- OK GNU Privacy Guard's Smartcard server ready, process 59591
2024-11-19 16:18:43 gpg-agent[59579] first connection to daemon /opt/homebrew/Cellar/gnupg/2.4.6/libexec/scdaemon established
2024-11-19 16:18:43 gpg-agent[59579] DBG: chan_10 -> GETINFO socket_name
2024-11-19 16:18:43 gpg-agent[59579] DBG: chan_10 <- D /Users/kidylee/.gnupg/S.scdaemon
2024-11-19 16:18:43 gpg-agent[59579] DBG: chan_10 <- OK
2024-11-19 16:18:43 gpg-agent[59579] DBG: additional connections at '/Users/kidylee/.gnupg/S.scdaemon'
2024-11-19 16:18:43 gpg-agent[59579] DBG: chan_10 -> OPTION event-signal=31
2024-11-19 16:18:43 gpg-agent[59579] DBG: chan_10 <- OK
2024-11-19 16:18:43 gpg-agent[59579] DBG: chan_10 -> SERIALNO --all
2024-11-19 16:18:43 gpg-agent[59579] DBG: chan_10 <- ERR 100696144 Operation not supported by device <SCD>
2024-11-19 16:18:43 gpg-agent[59579] error getting list of cards: Operation not supported by device
2024-11-19 16:18:43 gpg-agent[59579] DBG: sshkeys[0]: order=100012, pubkey=0x0000000154817c00 sn=(null)
2024-11-19 16:18:43 gpg-agent[59579] ssh request handler for request_identities (11) ready
2024-11-19 16:18:43 gpg-agent[59579] ssh request handler for sign_request (13) started
2024-11-19 16:18:43 gpg-agent[59579] starting a new PIN Entry
2024-11-19 16:18:43 gpg-agent[59579] DBG: connection to PIN entry established
2024-11-19 16:18:43 gpg-agent[59579] You may want to update to a newer pinentry
2024-11-19 16:18:43 gpg-agent[59579] DBG: error calling pinentry: Operation cancelled <Pinentry>
2024-11-19 16:18:43 gpg-agent[59579] failed to unprotect the secret key: Operation cancelled
2024-11-19 16:18:43 gpg-agent[59579] failed to read the secret key
2024-11-19 16:18:43 gpg-agent[59579] ssh sign request failed: Operation cancelled <Pinentry>
2024-11-19 16:18:43 gpg-agent[59579] ssh request handler for sign_request (13) ready
2024-11-19 16:18:44 gpg-agent[59579] DBG: chan_10 -> RESTART
2024-11-19 16:18:44 gpg-agent[59579] DBG: chan_10 <- OK
2024-11-19 16:18:44 gpg-agent[59579] ssh handler 0x16eedb000 for fd 8 terminated

It would be very useful for us if you could enable the basic debug info for your gpg-agent and attach the generated log. Add the following to your ~/.gpg-agent.conf:

pinentry-program /opt/homebrew/opt/pinentry-touchid/bin/pinentry-touchid
enable-ssh-support
# default-cache-ttl 1
debug-level basic
log-file /Users/kidylee/.gnupg/gpg-agent.log

debug-level basic
log-file /Users/<USERNAME>/.gnupg/gpg-agent.log

Reload gpg-agent with the following command:

$ gpg-connect-agent reloadagent /bye

Add/attach the relevant section of the log to this issue (feel free to redact your key IDs).

pinentry-touchid:

pinentry-touchid also generates its own log which you can find in $TMPDIR/pinentry-touchid.log.
@kidylee kidylee added the bug Something isn't working label Nov 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kidylee