Hi ! For some reason I can’t get SSH to work on my nitrokey 3. With the same secret subkey, when I import it to my PC, SSH works perfectly and I had no problems with it in the past.
If I delete it from my PC with gpg --delete-secret-keys DAD67EAC40369ABD! (the key is on nitrokey), then it doesn’t work anymore.
Running ssh -vT git@github.com gives me a log and in the end:
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: get_agent_identities: agent returned 1 keys
debug1: Will attempt key: (none) RSA SHA256:F3HmbEtjXq+rnFQTeFQdtm8DHfKfGElEf/HtuzSNpY0 agent
debug1: Will attempt key: /home/mantas/.ssh/id_rsa
debug1: Will attempt key: /home/mantas/.ssh/id_ecdsa
debug1: Will attempt key: /home/mantas/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/mantas/.ssh/id_ed25519
debug1: Will attempt key: /home/mantas/.ssh/id_ed25519_sk
debug1: Offering public key: (none) RSA SHA256:F3HmbEtjXq+rnFQTeFQdtm8DHfKfGElEf/HtuzSNpY0 agent
debug1: Server accepts key: (none) RSA SHA256:F3HmbEtjXq+rnFQTeFQdtm8DHfKfGElEf/HtuzSNpY0 agent
sign_and_send_pubkey: signing failed for RSA “(none)” from agent: agent refused operation
debug1: Trying private key: /home/mantas/.ssh/id_rsa
debug1: Trying private key: /home/mantas/.ssh/id_ecdsa
debug1: Trying private key: /home/mantas/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/mantas/.ssh/id_ed25519
debug1: Trying private key: /home/mantas/.ssh/id_ed25519_sk
debug1: No more authentication methods to try.
I tested the nitrokey works fine with GPG decryption.
I don’t get a prompt to enter the PIN or anything.
That being said, if the Nitrokey is not connected to my PC and I run this ssh command, then it will ask me to insert this key with ID … If I insert and confirm, I get the same result.
When I import the subkey to my PC (and everything works), this is what ssh -vT git@github.com gives me (end):
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: get_agent_identities: agent returned 1 keys
debug1: Will attempt key: (none) RSA SHA256:F3HmbEtjXq+rnFQTeFQdtm8DHfKfGElEf/HtuzSNpY0 agent
debug1: Will attempt key: /home/mantas/.ssh/id_rsa
debug1: Will attempt key: /home/mantas/.ssh/id_ecdsa
debug1: Will attempt key: /home/mantas/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/mantas/.ssh/id_ed25519
debug1: Will attempt key: /home/mantas/.ssh/id_ed25519_sk
debug1: Offering public key: (none) RSA SHA256:F3HmbEtjXq+rnFQTeFQdtm8DHfKfGElEf/HtuzSNpY0 agent
debug1: Server accepts key: (none) RSA SHA256:F3HmbEtjXq+rnFQTeFQdtm8DHfKfGElEf/HtuzSNpY0 agent
ASKS PASSWORD -----------------
Authenticated to github.com ([140.82.121.4]:22) using "publickey".
debug1: channel 0: new session [client-session] (inactive timeout: 0)
debug1: Entering interactive session.
debug1: pledge: filesystem
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
[...]
I have read through the docs and did all of the stuff there and here
Why does it work when the subkey is on my PC but not when it’s on my nitrokey ? How do I debug further?