Hide Forgot
Description of problem: The update from gnupg2-2.3.4-2.fc36.x86_64 to gnupg2-2.3.7-3.fc36.x86_64 broke my SSH setup with gpg-agent as ssh-agent. I have multiple SSH keys registered with gpg-agent. The preferred key is my GPG key on my YubiKey. The others are backups in local encrypted files. With the update the keys are returned in wrong order. SSH now prefers one of my backup keys. Version-Release number of selected component (if applicable): gnupg2-2.3.7-3.fc36.x86_64 How reproducible: always Steps to Reproduce: 1. configure gpg-agent to act as ssh-agent provider (add enable-ssh-support to ~/.gnupg/gpg-agent.conf and restart agent) 2. add multiple keys to gpg-agent 3. reorder keys in ~/.gnupg/sshcontrol 4. SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent.ssh ssh-add -l Actual results: ssh-add -l does not list the keys in the order they are specified in ~/.gnupg/sshcontrol instead they seem to be ordered alphanumerical by keygrip fingerprint. Expected results: keys are listed in the order they are configured in ~/.gnupg/sshcontrol Additional info: A downgrade to 2.3.4-2 and restart of gpg-agent restores the expected behavior.
This looks like a fallout from https://dev.gnupg.org/T5996. It was a significant change and from top of my head I do not see a simple way back so let me report the issue upstream: https://dev.gnupg.org/T6212 The only suggestion I have for you now would be to use `IdentitiesOnly` option of SSH to properly assign identities to servers and not depend on the agent returning the keys in particular order.