I’m trying to get Putty (0.610 to use gpg-agent from GPG4Win 2.3.0 to sign into SSH servers using a keyfile stored on disk. The long-term plan is then to use either a SmartCard to Yubikey to secure things further.
For the life of me I cannot get this to work, reviewing the debug logs for gpg-agent it seems that gpg-agent is looking for a smartcard (see attached “log.txt”).
gpg-agent.conf has the following:
enable-putty-support
debug-level guru
log-file C:/logs/log.txt
disable-scdaemon
Any suggestions on how to troubleshoot this would be greatly appreciated.
log.txt (5.74 KB)
I have this same setup working, so I know its possible. I believe that you need to enable ccid mode for your yubikey for it to work. Mine came with that disabled, so it took a configuration too to set it up.
Sometimes stuff gets hung and I need to do
gpg-connect-agent killagent /bye
gpg-connect-agent /bye
Other times, the yubikey needs a kick, so I just unplug it and replug it in.
Why do you have disable-scdaemon in your config? I don’t have that in my setup and it works properly. I believe scdaemon stands for smart card daemon so I think that is something you would need.
I followed the directions at https://developers.yubico.com/PGP/SSH_authentication/Windows.html to get everything working. At this point it works, but I wouldn’t call it 100% reliable. Things like putting my computer to sleep force me to restart gpg-agent and/or unplug/replug the yubikey.
Hi Paul
Thanks for replying. I’m not using a Yubikey just yet - instead testing things out with the key on disk. I figured I’d be best getting things working on disk before trying from a YubiKey.
I’ve tried the gpg-connect-agent bits, and also tried updating %appdata%\gnupg\sshcontrol with the keygrip.
The reason I disabled scdaemon is to try and force gpg-agent to look at the disk,as the debug log read as if it were looking for a card.