diff options
| -rw-r--r-- | README.md | 22 |
1 files changed, 20 insertions, 2 deletions
@@ -70,7 +70,7 @@ If you have a comment or suggestion, please open an [Issue](https://github.com/d - [OpenBSD](#openbsd) - [Windows](#windows) - [WSL](#wsl) - - [Use ssh-agent or use S.weasel-pegant](#use-ssh-agent-or-use-sweasel-pegant) + - [Use ssh-agent or use S.weasel-pageant](#use-ssh-agent-or-use-sweasel-pageant) - [Prerequisites](#prerequisites) - [WSL configuration](#wsl-configuration) - [Remote host configuration](#remote-host-configuration) @@ -2428,7 +2428,7 @@ The goal here is to make the SSH client inside WSL work together with the Window **Note** this works only for SSH agent forwarding. Real GPG forwarding (encryption/decryption) is actually not supported. See [weasel-pageant](https://github.com/vuori/weasel-pageant) for further information or consider using [wsl2-ssh-pageant](https://github.com/BlackReloaded/wsl2-ssh-pageant) which supports both SSH and GPG agent forwarding. -#### Use ssh-agent or use S.weasel-pegant +#### Use ssh-agent or use S.weasel-pageant One way to forward is just `ssh -A` (still need to eval weasel to setup local ssh-agent), and only relies on OpenSSH. In this track, `ForwardAgent` and `AllowAgentForwarding` in ssh/sshd config may be involved; However, if you use the other way (gpg ssh socket forwarding), you should not enable `ForwardAgent` in ssh config. See [SSH Agent Forwarding](#remote-machines-ssh-agent-forwarding) for more info. @@ -2986,6 +2986,24 @@ gpg: [stdin]: encryption failed: Unusable public key - Refer to Yubico article [Troubleshooting Issues with GPG](https://support.yubico.com/hc/en-us/articles/360013714479-Troubleshooting-Issues-with-GPG) for additional guidance. +- If, when you try the above `--card-status` command, you get receive the error, `gpg: selecting card failed: No such device` or `gpg: OpenPGP card not available: No such device`, it's possible that the latest release of pcscd is now requires polkit rules to operate properly. Create the following file to allow users in the `wheel` group to use the card. Be sure to restart pcscd when you're done to allow the new rules to take effect. +``` +cat << EOF > /etc/polkit-1/rules.d/99-pcscd.rules +polkit.addRule(function(action, subject) { + if (action.id == "org.debian.pcsc-lite.access_card" && + subject.isInGroup("wheel")) { + return polkit.Result.YES; + } +}); +polkit.addRule(function(action, subject) { + if (action.id == "org.debian.pcsc-lite.access_pcsc" && + subject.isInGroup("wheel")) { + return polkit.Result.YES; + } +}); +EOF +``` + # Alternatives * [`piv-agent`](https://github.com/smlx/piv-agent) is an SSH and GPG agent which you can use with your PIV hardware security device (e.g. a Yubikey). |