Unable to use SSH on NitroKey Pro 2 on Fedora

I am currently using Fedora 30 Workstation and am trying to SSH into a CentOS 7 test server. This server is on a vm, fresh install, I can SSH fine with a password. I have not touched the SSH config on it at all apart from enabling public key authentication and disabling password authentication.

I have generated keys on my nitrokey. I exported my main key with:

gpg2 --armor --export 241A34A9EF2FD153 > public.key

I then removed .ssh and .gnupg

I imported the key with:
gpg2 --import public.key

I then add ‘use-agent’ to ~/.gnupg/gpg.conf This file was not present and so I made it.

I then add ‘enable-ssh-support’ to ~/.gnupg/gpg-agent.conf The file was not present and so I made it.

I then add:

unset SSH_AGENT_PID
if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
fi

to my .bashrc

I do gpg2 --card-status and select the 3rd key ID (The authentication key) and do:

gpg2 --export-ssh-key D5474A8FA35D5B52 >> ~/authorized_keys

I move this file to the .ssh directory of the user I want to ssh into on my server vm and disable password authentication on the server and enable pubkey authentication.
I remove the file on my fedora client

When I try to SSH I get:

[user@chinkpad ~]$ ssh pravda@192.168.122.51
pravda@192.168.122.51: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

echo $SSH_AUTH_SOCK returns /run/user/1000/gnupg/S.gpg-agent.ssh

I added pinentry to the gpg-agent.conf (Yes it is installed and present)

pinentry-program /usr/bin/pinentry-curses

The same occured.

I added the below to my .bashrc to fix potential TTY issues and still the same:

export GPG_TTY=$(tty)
gpg-connect-agent updatestartuptty /bye >/dev/null

I am feeling like I have never used linux. What am I doing so so wrong?

I have installed libccid equivalent in fedora (pcsc-lite-ccid) and the nitrokey app.

To clarify this was never working at any stage

Hi,

I would try to use the SSH command with -vvv flag to get a much more verbose output. Is the device used when trying to SSH? I mean, does the LED even light up shortly or anything? What keys does SSH offer to the server (seen in the output)?

Just some thoughts…

Kind regards
Alex

Hi there Alex,

I have found a solution, where the formatting of exporting the keys to file was bugged? Exported file size was 1492 bytes but the file made with the method below was 743 bytes??? The exported file when viewed with cat gave 2 missing character symbols at the start.

I had to print ssh key with gpg --export-ssh-key and then place the output into a blank file then upload it.

In doing so I could properly use my ssh key on the server.

With that said I am struggling on Windows still (will make new thread).

1 Like

Never experienced this behavior. Good to know that you got it right now :smile:

Have you tried gpg with --display-charset and/or --utf8-strings ?

Especially the first allows you to either let gpg translate or to output raw (UTF8) data/strings