This assumes you are using step ssh while you also need to use a hardware-backed GPG key (such as a Yubikey) to derive an SSH key and are using gpg-agent.
In my case, this derived SSH key is used for GitHub and Gitea access.
For gpg-agent to work as expected with SSH, you probably have these lines or their equivalent in your ~/.zshrc file:
export GPG_TTY="$(tty)"export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) gpgconf --launch gpg-agent
The effect of those lines will be to disable your ssh-agent, which is required for step ssh to work as expected.
You have two possible solutions:
- You can use a different SSH key, such as using a FIDO2 SSH key, which will not use
gpg-agentat all. Since OpenSSH v8.2, you can follow this guide and your SSH key will be decoupled from SSH. Crucially, this does not impede your ability to sign commits usinggpgwith a hardware device. For this to work on macOS, you will need to install the latest version of OpenSSH:brew install openssh - You can also use the excellent iTerm2 and simply create a second profile. You will need to login to
step sshevery time you launch the profile as thessh-agentis killed when you exit the terminal window. To that effect, create a profile and in the Send text at start box, add:
eval ssh-agent && step ssh login
If you already havegpg-agentconfigured when you installstep ssh, you might need to runstep ssh config --forceafter logging in for the setup to complete successfully.