[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-users
Subject: Gpg-agent requires kill&relaunch after restart to enable SSH support
From: Alexander Hermes <alexander.hermes () grasshopperasia ! com>
Date: 2018-10-12 2:17:18
Message-ID: CANJ0NYfJ5eneO=0n1eGu2CLz+8HFuOLTEPwpcWR1Mozt07O3fQ () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi,
I am trying to use gpg-agent as a drop-in replacement for ssh-agent and I
have an issue where I consistently have to kill & manually relaunch the
agent upon every reboot because the agent initially refuses SSH support
I have included more information on my environment & GPG versions below,
but in brief it's Fedora 28 and GPG 2.2.8. Here is my issue:
* I have enabled `enable-ssh-support` in .gnupg/gpg-agent.conf and added
lines to my .bashrc to set GPG_TTY and start gpg agent upon login
* When I initially boot my system and log in to Gnome (Gnome3 with wayland)
a gpg-agent process is started (I can see it in the process list - see
initial ps output below)
* If I try to use the SSH function of the agent by SSHing into a machine
then SSH reports "agent refused operation"
* If I kill and relaunch the agent through `gpgconf --kill gpg-agent &&
gpgconf --launch gpg-agent` then it starts working
Please can you help me troubleshoot / debug this issue:
0) Can you think of how this can happen?
1) How can I figure out what the configuration of the _running_ agent is to
check if it's picked up the options?
2) How can I get the agent to log to a file (I tried setting debug / log
file options in gpg-agent.conf but that seems to have no effect)
Please CC me in any responses.
Thanks a lot,
Alexander
*## Initial ps output*
alexander.hermes@dev28-wslpt ~ $ ps auxf | grep gpg-agent
alexand+ 2455 0.0 0.0 370644 644 ? Ss 08:48 0:00 gpg-agent
--homedir /home/alexander.hermes/.gnupg --use-standard-socket --daemon
*## .gnupg/gpg-agent.conf*
###+++--- GPGConf ---+++###
enable-ssh-support
###+++--- GPGConf ---+++### Mon 01 Oct 2018 10:11:45 AM +08
# GPGConf edited this configuration file.
# It will disable options before this marked block, but it will
# never change anything below these lines.
debug-level expert
debug-all
verbose
log-file /var/log/gpg-agent
*## .bashrc gpg lines*
# Setup for GPG-agent
export GPG_TTY="$(tty)"
# Cf. https://wiki.archlinux.org/index.php/GnuPG#SSH_agent
unset SSH_AGENT_PID
if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
fi
(... other stuff ...)
# Start gpg agent
gpgconf --launch gpg-agent
*## GPG2 info*
alexander.hermes@dev28-wslpt .gnupg $ gpg2 --version
gpg (GnuPG) 2.2.8
libgcrypt 1.8.3
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <
https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /home/alexander.hermes/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP
*## GPG-Agent info*
alexander.hermes@dev28-wslpt .gnupg $ gpg-agent --version
gpg-agent (GnuPG) 2.2.8
libgcrypt 1.8.3
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <
https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
*## Kernel info + OS*
Linux dev28-wslpt.grass.corp 4.17.14-202.fc28.x86_64 #1 SMP Wed Aug 15
12:29:25 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Fedora release 28 (Twenty Eight)
[Attachment #5 (text/html)]
<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div \
dir="ltr"><div dir="ltr"><div dir="ltr"><div>Hi,</div><div><br></div><div>I am trying \
to use gpg-agent as a drop-in replacement for ssh-agent and I have an issue where I \
consistently have to kill & manually relaunch the agent upon every reboot because \
the agent initially refuses SSH support <br></div><div><br></div><div>I have included \
more information on my environment & GPG versions below, but in brief it's \
Fedora 28 and GPG 2.2.8. Here is my issue:</div><div><br></div><div>* I have enabled \
`enable-ssh-support` in .gnupg/gpg-agent.conf and added lines to my .bashrc to set \
GPG_TTY and start gpg agent upon login</div><div>* When I initially boot my system \
and log in to Gnome (Gnome3 with wayland) a gpg-agent process is started (I can see \
it in the process list - see initial ps output below)</div><div>* If I try to use the \
SSH function of the agent by SSHing into a machine then SSH reports "agent \
refused operation"</div><div>* If I kill and relaunch the agent through `gpgconf \
--kill gpg-agent && gpgconf --launch gpg-agent` then it starts \
working<br></div><div><br></div><div>Please can you help me troubleshoot / debug this \
issue:</div><div><br></div><div>0) Can you think of how this can \
happen?<br></div><div>1) How can I figure out what the configuration of the _running_ \
agent is to check if it's picked up the options?<br></div><div>2) How can I get \
the agent to log to a file (I tried setting debug / log file options in \
gpg-agent.conf but that seems to have no effect)<br></div><div><br></div><div>Please \
CC me in any responses.<br></div><div><br></div><div>Thanks a \
lot,</div><div><br></div><div>Alexander<br></div><div><br></div><div><b>## Initial ps \
output</b></div><div><span \
style="font-family:monospace,monospace">alexander.hermes@dev28-wslpt ~ $ ps auxf | \
grep gpg-agent<br>alexand+ 2455 0.0 0.0 370644 644 ? Ss \
08:48 0:00 gpg-agent --homedir /home/alexander.hermes/.gnupg \
--use-standard-socket --daemon</span><br></div><div><br></div><div><b>## \
.gnupg/gpg-agent.conf</b></div><div><span \
style="font-family:monospace,monospace">###+++--- GPGConf \
---+++###<br>enable-ssh-support<br>###+++--- GPGConf ---+++### Mon 01 Oct 2018 \
10:11:45 AM +08<br># GPGConf edited this configuration file.<br># It will disable \
options before this marked block, but it will<br># never change anything below these \
lines.<br>debug-level expert<br>debug-all<br>verbose<br>log-file \
/var/log/gpg-agent</span><br></div><div><br></div><div><b>## .bashrc gpg \
lines</b></div><div><span style="font-family:monospace,monospace"># Setup for \
GPG-agent <br>export GPG_TTY="$(tty)"<br># Cf. <a \
href="https://wiki.archlinux.org/index.php/GnuPG#SSH_agent" \
target="_blank">https://wiki.archlinux.org/index.php/GnuPG#SSH_agent</a><br>unset \
SSH_AGENT_PID<br>if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then<br> \
export SSH_AUTH_SOCK="$(gpgconf --list-dirs \
agent-ssh-socket)"<br>fi<br></span></div><div><span \
style="font-family:monospace,monospace">(... other stuff \
...)<br></span></div><div><span style="font-family:monospace,monospace"># Start gpg \
agent<br>gpgconf --launch gpg-agent</span><br></div><div><br></div><div><b><b>## \
</b>GPG2 info</b><br></div><div><span \
style="font-family:monospace,monospace">alexander.hermes@dev28-wslpt .gnupg $ gpg2 \
--version<br>gpg (GnuPG) 2.2.8<br>libgcrypt 1.8.3<br>Copyright (C) 2018 Free Software \
Foundation, Inc.<br>License GPLv3+: GNU GPL version 3 or later <<a \
href="https://gnu.org/licenses/gpl.html" \
target="_blank">https://gnu.org/licenses/gpl.html</a>><br>This is free software: \
you are free to change and redistribute it.<br>There is NO WARRANTY, to the extent \
permitted by law.<br><br>Home: /home/alexander.hermes/.gnupg<br>Supported \
algorithms:<br>Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA<br>Cipher: IDEA, 3DES, \
CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,<br> CAMELLIA128, \
CAMELLIA192, CAMELLIA256<br>Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, \
SHA224<br>Compression: Uncompressed, ZIP, ZLIB, \
BZIP</span></div><div><br></div><div><b><b>## </b>GPG-Agent \
info</b><br></div><div><span \
style="font-family:monospace,monospace">alexander.hermes@dev28-wslpt .gnupg $ \
gpg-agent --version<br>gpg-agent (GnuPG) 2.2.8<br>libgcrypt 1.8.3<br>Copyright (C) \
2018 Free Software Foundation, Inc.<br>License GPLv3+: GNU GPL version 3 or later \
<<a href="https://gnu.org/licenses/gpl.html" \
target="_blank">https://gnu.org/licenses/gpl.html</a>><br>This is free software: \
you are free to change and redistribute it.<br>There is NO WARRANTY, to the extent \
permitted by law.</span><br></div><div><br></div><div><b><b>## </b>Kernel info + \
OS</b><br></div><div><span style="font-family:monospace,monospace">Linux \
dev28-wslpt.grass.corp 4.17.14-202.fc28.x86_64 #1 SMP Wed Aug 15 12:29:25 UTC 2018 \
x86_64 x86_64 x86_64 GNU/Linux<br>Fedora release 28 (Twenty \
Eight)</span><br></div></div></div></div></div></div></div></div></div>
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic