Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: SSH Security Keys (Yubikey) with GPG-Agent #6655

Open
2 tasks done
Lurgrid opened this issue Mar 18, 2025 · 5 comments
Open
2 tasks done

bug: SSH Security Keys (Yubikey) with GPG-Agent #6655

Lurgrid opened this issue Mar 18, 2025 · 5 comments
Assignees
@rycee @sumnerevans @berbiche
Labels
bug triage Issues or feature request that have not been triaged yet

Comments

@Lurgrid
Copy link

Lurgrid commented Mar 18, 2025

Are you following the right branch?

  • My Nixpkgs and Home Manager versions are in sync

Is there an existing issue for this?

  • I have searched the existing issues

Issue description

I recently migrated from Arch Linux to NixOS, but I have a problem since my migration I can't use my Yubikey with ssh. I get an error when I do ssh-add <path of ssh key of type sk>:

Could not add identity “toto”: agent refused operation

Whereas I can use it when I do ssh-keygen to create a key of type sk.

Here’s my home.nix

...
  programs.ssh = {
    enable = true;
  };

  services.gpg-agent = {
    enable = true;
    
    enableScDaemon = true;
    enableZshIntegration = true;
    enableSshSupport = true;

    verbose = true;
    pinentryPackage = pkgs.pinentry-curses;
  };
...

Maintainer CC

No response

System information

- system: `"x86_64-linux"`
 - host os: `Linux 6.12.19, NixOS, 25.05 (Warbler), 25.05.20250315.c80f6a7`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.24.12`
 - channels(root): `"nixos"`
 - nixpkgs: `/nix/store/alzxn3hjisc84hrlv44x6hni48crww26-source`
@Lurgrid Lurgrid added bug triage Issues or feature request that have not been triaged yet labels Mar 18, 2025
@NklsCh
Copy link

NklsCh commented Mar 18, 2025

Atleast on problem in my eyes, is that you define gpg in your configuration.nix and home.nix

https://github.com/Lurgrid/dotfiles/blob/a69ee2265d47e0f44cf378c7fc5aade2e03eb879/home.nix#L268C3-L276C5

https://github.com/Lurgrid/dotfiles/blob/a69ee2265d47e0f44cf378c7fc5aade2e03eb879/configuration.nix#L211-L213

As far as i am aware, nix doesnt like that so it overrides one of them but im not sure

@Lurgrid
Copy link
Author

Lurgrid commented Mar 18, 2025

Atleast on problem in my eyes, is that you define gpg in your configuration.nix and home.nix

https://github.com/Lurgrid/dotfiles/blob/a69ee2265d47e0f44cf378c7fc5aade2e03eb879/home.nix#L268C3-L276C5

https://github.com/Lurgrid/dotfiles/blob/a69ee2265d47e0f44cf378c7fc5aade2e03eb879/configuration.nix#L211-L213

As far as i am aware, nix doesnt like that so it overrides one of them but im not sure

No, I removed it from my configuration.nix it's just that I need an SSH agent to push (hence my issue) so my repo is not up-to-date

@NklsCh
Copy link

NklsCh commented Mar 18, 2025

what does echo $SSH_AUTH_SOCK return?

@Lurgrid
Copy link
Author

Lurgrid commented Mar 18, 2025

It returns this

❯ echo $SSH_AUTH_SOCK
/run/user/1000/gnupg/S.gpg-agent.ssh

@Lurgrid
Copy link
Author

Lurgrid commented Mar 22, 2025

@rycee do you have any ideas?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rycee rycee

@sumnerevans sumnerevans

@berbiche berbiche

Labels
bug triage Issues or feature request that have not been triaged yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@rycee @sumnerevans @berbiche @NklsCh @Lurgrid