This assumes you are using
step ssh while you also need to use a hardware-backed GPG key (such as a Yubikey) to derive an SSH key and are using
In my case, this derived SSH key is used for GitHub and Gitea access.
gpg-agent to work as expected with SSH, you probably have these lines or their equivalent in your
export GPG_TTY="$(tty)"export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) gpgconf --launch gpg-agent
The effect of those lines will be to disable your
ssh-agent, which is required for
step ssh to work as expected.
You have two possible solutions:
- You can use a different SSH key, such as using a FIDO2 SSH key, which will not use
gpg-agentat all. Since OpenSSH v8.2, you can follow this guide and your SSH key will be decoupled from SSH. Crucially, this does not impede your ability to sign commits using
gpgwith a hardware device. For this to work on macOS, you will need to install the latest version of OpenSSH:
brew install openssh
- You can also use the excellent iTerm2 and simply create a second profile. You will need to login to
step sshevery time you launch the profile as the
ssh-agentis killed when you exit the terminal window. To that effect, create a profile and in the Send text at start box, add:
&& step ssh login
If you already have
gpg-agentconfigured when you install
step ssh, you might need to run
step ssh config --forceafter logging in for the setup to complete successfully.