I am currently using Fedora 30 Workstation and am trying to SSH into a CentOS 7 test server. This server is on a vm, fresh install, I can SSH fine with a password. I have not touched the SSH config on it at all apart from enabling public key authentication and disabling password authentication.
I have generated keys on my nitrokey. I exported my main key with:
gpg2 --armor --export 241A34A9EF2FD153 > public.key
I then removed .ssh and .gnupg
I imported the key with:
gpg2 --import public.key
I then add ‘use-agent’ to ~/.gnupg/gpg.conf This file was not present and so I made it.
I then add ‘enable-ssh-support’ to ~/.gnupg/gpg-agent.conf The file was not present and so I made it.
I then add:
unset SSH_AGENT_PID if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)" fi
to my .bashrc
I do gpg2 --card-status and select the 3rd key ID (The authentication key) and do:
gpg2 --export-ssh-key D5474A8FA35D5B52 >> ~/authorized_keys
I move this file to the .ssh directory of the user I want to ssh into on my server vm and disable password authentication on the server and enable pubkey authentication.
I remove the file on my fedora client
When I try to SSH I get:
[user@chinkpad ~]$ ssh pravda@192.168.122.51
pravda@192.168.122.51: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
echo $SSH_AUTH_SOCK returns /run/user/1000/gnupg/S.gpg-agent.ssh
I added pinentry to the gpg-agent.conf (Yes it is installed and present)
pinentry-program /usr/bin/pinentry-curses
The same occured.
I added the below to my .bashrc to fix potential TTY issues and still the same:
export GPG_TTY=$(tty)
gpg-connect-agent updatestartuptty /bye >/dev/null
I am feeling like I have never used linux. What am I doing so so wrong?
I have installed libccid equivalent in fedora (pcsc-lite-ccid) and the nitrokey app.
To clarify this was never working at any stage