How to setup SSH/PuTTY to use Yubikey OpenPGP authentication?

Question

I would like to use YubiKey's OpenPGP interface to authenticate myself against my OpenSSH server on Windows 10:

• I created the keys according to this:

  gpg --card-status
  Reader ...........: Yubico Yubikey 4 OTP U2F CCID 0
    Application ID ...: BEEFBEEFBEEFBEEFBEEFBEEF99990000
    Version ..........: 2.1
    Manufacturer .....: Yubico
    Serial number ....: 99999999
    Name of cardholder: John Doe
    Language prefs ...: en
    Sex ..............: male
    URL of public key : https://example.com/pgp.asc
    Login data .......: johndoe
    Signature PIN ....: required
    Key attributes ...: rsa4096 rsa4096 rsa4096
    Max. PIN lengths .: 127 127 127
    PIN retry counter : 3 3 3
    Signature counter : 39
    Signature key ....: BEEF BEEF BEEF BEEF BEEF  BEEF BEEF BEEF BEEF 0001
          created ....: 2017-11-20 00:00:01
    Encryption key....: BEEF BEEF BEEF BEEF BEEF  BEEF BEEF BEEF BEEF 0002
          created ....: 2017-11-20 00:00:02
    Authentication key: BEEF BEEF BEEF BEEF BEEF  BEEF BEEF BEEF BEEF 0003
          created ....: 2017-11-20 00:00:03
    General key info..: pub  rsa4096/BEEFBEEFBEEF0001 2017-11-20 John Doe <john@example.com>
    sec>  rsa4096/BEEFBEEFBEEF0001  created: 2017-11-20  expires: never
                                    Cardnumber:BEEF BEEF9999
    ssb>  rsa4096/BEEFBEEFBEEF0002  created: 2017-11-20  expires: never
                                    Cardnumber:BEEF BEEF9999
    ssb>  rsa4096/BEEFBEEFBEEF0003  created: 2017-11-20  expires: never
                                    Cardnumber:BEEF BEEF9999
  

• PuTTY should work per the documentation, as I extracted the public key [below], reinserted the YubiKey, and restarted gpg-agent, however SSH login failed:

  gpg --export-ssh-key BEEF0003
  ssh-rsa [...] openpgp:0xBEEF0003
  

I found another tutorial on how to using YubiKey for SSH authentication, setting it up the way McQueen Labs recommend, but this didn't work either:

• There wasn't a prompt for the card pin, making me think either this kind of SSH authentication is not done via PKE [unlikely] or there is a configuration option missing, as I received error:

  No supported authentication methods available (server sent: publickey)
  

How do I set up PuTTY to use YubiKey OpenPGP authentication and what do I configure on the server side?

Answer 1

I had the same problem with my YubiKey 5 NFC and it seems PuTTY couldn't read the config or pubring files:

• Changing the home directory for gpg on Windows 10 solved the problem:
  From: %APPDATA%\gnupg\ To: %HOMEPATH%\gnupg\
  • Check the gpg home directory: gpg --version
  • Change the home directory: create environment variable GNUPGHOME within the new home directory

Answer 2

I wrote a tutorial on using Yubikeys with PGP keys via SSH to log into Linux from Windows, hope it helps anyone as confused as I was: https://horugame.com/sign-in-to-linux-from-windows-via-yubikey/