Hey, after switching to a different computer (running Arch Linux) and ran into the same problem, namely the sign_and_send_pubkey: signing failed: agent refused operation error whenever I tried to use the NitroKey GPG key to SSH into a remote server.
After even more frustration, I found that, again, the problem was with getting gpg-agent to work correctly, and since the official NitroKey docs for using it to SSH are pretty sparse, I have some recommendations for hanges (courtesy of the Arch Wiki)
I think the main two things that are missing from the NitroKey docs (for both MacOS and GNU/Linux since they use mostly the same stuff in this case) are:
- You need to have a pinentry program installed and when on the step for adding the
enable-ssh-supportto~/.gnupg/gpg-agent.conf, also add a line pointing to your pinentry program, like this:
pinentry-program /usr/bin/pinentry(or whereever your pinentry is). - You need to point gpg-agent to the correct TTY. In the step when you edit your
~/.bashrcto add the$SSH_AUTH_SOCKstuff, you should also add two additional lines:
export GPG_TTY=$(tty)
gpg-connect-agent updatestartuptty /bye >/dev/null
(I also would recommend adding a comment about instead using.zshrcinstead for zsh or whatever else depending on your shell. You’d be surprised how many people will accidentally edit.bashrcwhile running zsh