Doesn't prompt for ssh connection

[kidylee]

Describe the bug

Followed this link to setup pgp as ssh key agent: https://gist.github.com/mcattarinussi/834fc4b641ff4572018d0c665e5a94d3

It works with pinentry-mac, but touch-id doesn't prompt when run ssh -T git@github.com

System information

macOS

• Architecture: (M1)
• Version: (e.g. 15.1)

GPG

• Output of gpg --version:

% gpg --version
gpg (GnuPG) 2.4.6
libgcrypt 1.10.3
Copyright (C) 2024 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /Users/kidylee/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
       CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

• Installed via Homebrew?
  Yes

Configuration

pinentry-program /opt/homebrew/opt/pinentry-touchid/bin/pinentry-touchid
enable-ssh-support
# default-cache-ttl 1
debug-level basic
log-file /Users/kidylee/.gnupg/gpg-agent.log

Logs

2024-11-19 16:18:43 gpg-agent[59579] ssh handler 0x16eedb000 for fd 8 started
2024-11-19 16:18:43 gpg-agent[59579] ssh request handler for extension (27) started
2024-11-19 16:18:43 gpg-agent[59579] ssh-agent extension 'session-bind@openssh.com' received
2024-11-19 16:18:43 gpg-agent[59579] ssh-agent extension 'session-bind@openssh.com' not supported
2024-11-19 16:18:43 gpg-agent[59579] ssh request handler for extension (27) ready
2024-11-19 16:18:43 gpg-agent[59579] ssh request handler for request_identities (11) started
2024-11-19 16:18:43 gpg-agent[59579] no running /opt/homebrew/Cellar/gnupg/2.4.6/libexec/scdaemon daemon - starting it
2024-11-19 16:18:43 gpg-agent[59579] DBG: chan_10 <- OK GNU Privacy Guard's Smartcard server ready, process 59591
2024-11-19 16:18:43 gpg-agent[59579] first connection to daemon /opt/homebrew/Cellar/gnupg/2.4.6/libexec/scdaemon established
2024-11-19 16:18:43 gpg-agent[59579] DBG: chan_10 -> GETINFO socket_name
2024-11-19 16:18:43 gpg-agent[59579] DBG: chan_10 <- D /Users/kidylee/.gnupg/S.scdaemon
2024-11-19 16:18:43 gpg-agent[59579] DBG: chan_10 <- OK
2024-11-19 16:18:43 gpg-agent[59579] DBG: additional connections at '/Users/kidylee/.gnupg/S.scdaemon'
2024-11-19 16:18:43 gpg-agent[59579] DBG: chan_10 -> OPTION event-signal=31
2024-11-19 16:18:43 gpg-agent[59579] DBG: chan_10 <- OK
2024-11-19 16:18:43 gpg-agent[59579] DBG: chan_10 -> SERIALNO --all
2024-11-19 16:18:43 gpg-agent[59579] DBG: chan_10 <- ERR 100696144 Operation not supported by device <SCD>
2024-11-19 16:18:43 gpg-agent[59579] error getting list of cards: Operation not supported by device
2024-11-19 16:18:43 gpg-agent[59579] DBG: sshkeys[0]: order=100012, pubkey=0x0000000154817c00 sn=(null)
2024-11-19 16:18:43 gpg-agent[59579] ssh request handler for request_identities (11) ready
2024-11-19 16:18:43 gpg-agent[59579] ssh request handler for sign_request (13) started
2024-11-19 16:18:43 gpg-agent[59579] starting a new PIN Entry
2024-11-19 16:18:43 gpg-agent[59579] DBG: connection to PIN entry established
2024-11-19 16:18:43 gpg-agent[59579] You may want to update to a newer pinentry
2024-11-19 16:18:43 gpg-agent[59579] DBG: error calling pinentry: Operation cancelled <Pinentry>
2024-11-19 16:18:43 gpg-agent[59579] failed to unprotect the secret key: Operation cancelled
2024-11-19 16:18:43 gpg-agent[59579] failed to read the secret key
2024-11-19 16:18:43 gpg-agent[59579] ssh sign request failed: Operation cancelled <Pinentry>
2024-11-19 16:18:43 gpg-agent[59579] ssh request handler for sign_request (13) ready
2024-11-19 16:18:44 gpg-agent[59579] DBG: chan_10 -> RESTART
2024-11-19 16:18:44 gpg-agent[59579] DBG: chan_10 <- OK
2024-11-19 16:18:44 gpg-agent[59579] ssh handler 0x16eedb000 for fd 8 terminated

It would be very useful for us if you could enable the basic debug info for your gpg-agent and attach the generated log. Add the following to your ~/.gpg-agent.conf:

pinentry-program /opt/homebrew/opt/pinentry-touchid/bin/pinentry-touchid
enable-ssh-support
# default-cache-ttl 1
debug-level basic
log-file /Users/kidylee/.gnupg/gpg-agent.log

debug-level basic
log-file /Users/<USERNAME>/.gnupg/gpg-agent.log

Reload gpg-agent with the following command:

$ gpg-connect-agent reloadagent /bye

Add/attach the relevant section of the log to this issue (feel free to redact your key IDs).

pinentry-touchid:

pinentry-touchid also generates its own log which you can find in $TMPDIR/pinentry-touchid.log.

[lujstn]

Hey @kidylee, I've created a new fork of this repo which fixes this issue 🙂
Just pushed to homebrew so you can install – feel free to take a look! https://github.com/lujstn/pinentry-touchid

[kidylee]

Hey @kidylee, I've created a new fork of this repo which fixes this issue 🙂 Just pushed to homebrew so you can install – feel free to take a look! https://github.com/lujstn/pinentry-touchid

wow! Thanks for your hard work, I will definitely have a try!