This is a simple SSH Agent that uses keys on OpenPGP cards. The cards are accessed via PC/SC (e.g. via pcscd).
The agent doesn't currently persist card identities or PINs.
$ cargo install openpgp-card-ssh-agent
$ openpgp-card-ssh-agent -H unix://$XDG_RUNTIME_DIR/ocsa.sock
List the available cards, e.g. with the opgpcard tool:
$ opgpcard list
Available OpenPGP cards:
FFFE:01234567
If you don't see any keys it's possible that GnuPG is blocking the cards. The easiest way to solve this is to unplug and plug the card again.
Set the SSH_AUTH_SOCK environment variable:
$ export SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/ocsa.sock
After freshly starting the agent, you need to add your card(s) to the agent once:
$ ssh-add -s FFFE:01234567
Enter the User PIN to the card (e.g. 123456).
The agent will verify the User PIN. If the PIN is OK, it will remember both the card ident and the User PIN.
After adding a card, regular ssh usage backed by the authentication key slot on that card will work:
$ ssh <hostname>