Henk Katerberg writes: > On GuixSD running Gnome: the command 'ssh ' results in error > sign_and_send_pubkey: signing failed: agent refused operation > and then falls back to password authentication. > > (Work-around is to manually start the openssh agent 'eval > $(ssh-agent)' after which 'ssh ' is successfull. From this I > conclude that the key pair used and the .ssh/config entry for > are OK.) This sounds a lot like the issue I describe in my blog post here: https://www.gnu.org/software/guix/blog/2018/customize-guixsd-use-stock-ssh-agent-everywhere/ From the blog post: "Unfortunately, up until GNOME 3.28 (the current release), the GNOME Keyring's SSH agent implementation was not as complete as the stock SSH agent from OpenSSH. As a result, earlier versions of GNOME Keyring did not support many use cases. This was a problem for me, since GNOME Keyring couldn't read my modern SSH keys. [...] Happily, starting with GNOME 3.28, GNOME Keyring delegates all SSH agent functionality to the stock SSH agent from OpenSSH. They have removed their custom implementation entirely. This means that today, I could solve my problem simply by using the most recent version of GNOME Keyring. I'll probably do just that when the new release gets included in Guix. However, when I first encountered this problem, GNOME 3.28 hadn't been released yet, so the only option available to me was to customize GNOME Keyring or remove it entirely." Since your work-around was the same as mine - use the stock OpenSSH ssh-agent - you might find the blog post useful for your situation. The version of GNOME currently packaged in Guix is 3.24.3 (see gnu/packages/gnome.scm). Because GNOME Keyring just wrap's OpenSSH's ssh-agent starting with GNOME 3.28, it seems likely that upgrading to GNOME 3.28 or later will fix your issue. If your problem continues to occur even after Guix has upgraded GNOME to 3.28 or later, then we will need to investigate more. -- Chris