嗨,build议我尝试stackexchange后发布。 欣赏你可能解决我的问题的任何光线
我正在努力从一台使用Putty和g10 / gnupg智能卡的Windows机器ssh到一台linux机器。 我看到一个关于ssh的类似问题,但是使用了X.509证书。 但是,最后我们有同样的错误。 https://security.stackexchange.com/questions/91817/convert-rsa-openssh-key-putty-key-to-gpg-key
我有以下设置
Windows 10客户端,Gemalto Gemplus PCI Express读卡器,G10智能卡,Debian 8主机上
我已完成以下步骤
在主机上:
Generated a keypair on the card itself, published the keys to keys.gnupg.net using a separate linux machine Installed gnupg2 on the linux host in question gpg --recv-key XXXXXXXX on the linux host using the main key ID mkdir /etc/ssh/user, chown user:user, chmod 755 touch /etc/ssh/user/authorized_keys, chown user:user, chmod 644 changed AuthorizedKeysFile line in /etc/ssh/sshd_conf to reflect the new file gpgkey2ssh XXXXXXXX >> /etc/ssh/user/authorized_keys using the main key ID 在客户端
Installed putty Installed gpg4win with Kleopatra In Kleopatra configure dialog checked off the box for Putty Support Installed openPGP card driver https://www.mysmartlogon.com/openpgp-card-mini-driver/
执行这些步骤后,当禁用隧道明文密码时,ssh不起作用。 这些是症状
Connection drops instantly after entering username in Putty with default options I can sign and encrypt just fine on the windows client with the Kleopatra setup. No problem recognizing card. Pinentry works fine. Key XXXXXXXX is shown in the Kleopatra "certificates" menu gpg --card-edit shows that an authentication subkey really does exist on the card for that matter, gpg --card-status returns nothing unusual Tested gemplus reader on other linux laptop; lsusb, pcsc_scan everthing checks out
尝试治愈
Killing and restarting gpg-agent, scdaemon, pageant, kleopatra in various orders on client with and without reader inserted Downloaded modified pageant.exe containing "smartcard support" and did more iterations of above, then deleted the thing. http://smartcard-auth.de/ssh-en.html Confirmed that --enable-ssh-support is in the gpg-agent.conf Running gpg-agent from the windows command line using the enable ssh support flag Changing permissions on /etc/ssh/user and authorized_keys (changed them back in the end) Tried all the different SSH-2 related checkboxes in the Putty Auth dialog somewhat haphazardly. (keyboard-interactive, forwarding etc) Tried gpgkey2ssh using the encryption subkey heading and appended that to authorized_keys. Tried explicit path in sshd_conf with username instead of %u Restarting the windows client X. Went to GPG4win support forums and saw that reading the articles requires signing up and signing up requires way too much personal info for a project that's supposedly about privacy. Not to mention the login page has an untrustworthy cert (according to my workhorse laptop anyway)
似乎没有什么说服Windows客户端,它必须在这里与智能卡交谈。 无论如何,我卡住了,我感谢任何帮助