Yubico Forum

Hi,

i'm currently implementing yubikey support in OTPme (http://www.otpme.org). i got HOTP and TOPT (Yubico Authenticator) working without problems. i've also added my gpg keys to the yubikey neo and use them with gpg-agent as ssh-agent replacement.

now i stumbled about the issue that the gpg-agent wants me to re-enter my passphrase after i've pressed the button (slot 1) to send my HOTP OTP as a second factor at ssh login. i've checked the gpg-agent docs but haven't found anything related. so i want to ask if this is by (yubikey) design or an issue?

regards
the2nd

That is because when you use the HID interface the CCID interface is ejected and then insert again subsequently.

Thus the OpenPGP applet is being re-initialized and you get prompted for pass-phrase again.

i thought that it must be something like that but i was not sure if this is a technical limitation or a design decision.

however its a sad situation if one wants to use it this way for ssh logins. without being re-asked for the passphrase it would be a really sane solution IMHO.