So after a very long hiatus and no less than five Fedora releases I was ready to
write something new on this blog. Unfortunately, when I plugged in my NitroKey
Pro to update my site repository I was greeted by
permission denied (pubkey)
errors whenever I tried to SSH. Digging in a bit further with
reported no card even when
dmesg and the NitroKey app itself would happily
show the device.
After some research here, here, and here;
turns out that the issue is
scdaemon fighting with eachother for
exclusive control of the smartcard device. Since
pcscd seems to be started at
or very soon after login and
scdaemon only starts up when I start
.zshrc it gets exclusive control of the card before
gpg ever gets a
The solution seems to be to add the directive
pcsc-shared to the file
~/.gnupg/scdaemon.conf and then
killall gpg-agent to get it to reload its
configuration. According to my research the
pcsc-shared option is an “only if
you know what you’re doing” option but it seems to be stable for the moment. The
other proposed solutions of disabling and masking the
pcscd daemon with
systemctl or putting
~/.gnupg/scdaemon.conf either seemed
like overkill or didn’t work for me respectively.
Long story short I seem to still be able to use the GNOME smartcard subsystem
with things like Firefox while also using
gpg to SSH into my various servers.
Time will tell how well this works but for the moment it has me rolling again.