[moreentropy]

This was exactly my experience from two years ago. But to my surprise with recent gpg2 versions most of those issues are gone (plus EC ssh key files are supported, older gpg-agent could only do RSA)

scdaemon used to crash all the time, that doesn't happen anymore. GPG doesn't lock the card so I have to stop scdaemon to use it w/ other apps.

So for the last half year I've happily used gpg-agent/scdaemon also as SSH agent and it works really well without any issues.

But setting this up (w/ Ubuntu+Gnome) is still a ridiculous task:

- Ensure gnupg2, scdaemon, pinentry-gnome3 are installed

- cp /etc/xdg/autostart/gnome-keyring-ssh.desktop ~/.config/autostart/

- edit ~/.config/autostart/gnome-keyring-ssh.desktop and add "X-GNOME-Autostart-enabled=false"

- edit ~/.gnupg/gpg-agent.conf and add "enable-ssh-support"

Gnome session startup will read both the "X-GNOME-Autostart-enabled=false" and the "enable-ssh-support" and set up and start gpg-agent as ssh agent in the session. There are other ways to disable a .desktop file, but the String "X-GNOME-Autostart-enabled=false" has to be there for this to work.

When all this is set up usability is excellent. the system will even prompt to plug in the right yubikey when you ssh into something. No need to add/remove the card to/from the agent.

[Tharre]

And yet, scdaemon will still hang everytime you suspend on linux[0]. I've written a udev rule to somewhat mitigate this[1], but it's still really annoying that seemingly nobody cares enough to fix this issue.

[0] https://wiki.gnupg.org/SmartCard#Known_problem_of_Yubikey

[1] https://github.com/Tharre/pkgbuilds/blob/master/arch-system/...