[pkg-gnupg-maint] Bug#854376: Bug#854376: gnupg-agent: Broken with systemd
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Feb 6 14:55:11 UTC 2017
Hi Mark--
On Mon 2017-02-06 08:35:47 -0500, Mark Brown <broonie at debian.org> wrote:
> I've got:
>
> SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent
>
> (this is manually forced since gnome-keyring appears to be managing to
> force itself as the SSH agent, I've filed a separate bug about that).
This isn't gpg-agent's ssh authentication socket. You're trying to talk
to the normal gpg-agent socket, which likes to respond with "OK Pleased
to meet you" -- definitely not valid ssh-agent communication :)
Please try it with:
SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
instead. Or, place "enable-ssh-support" in ~/.gnupg/gpg-agent.conf and
let /etc/X11/Xsession.d/90gpg-agent set that variable for you.
> When I try to list keys I get:
>
> $ ssh-add -L
> error fetching identities for protocol 2: invalid format
> The agent has no identities.
>
> Similarly attempting to SSH result in:
>
> debug1: pubkey_prepare: ssh_fetch_identitylist: invalid format
>
> in the SSH verbose output. If I manually disable all the systemd based
> activation and start gpg-agent from the command line with --daemon then
> the problem is resolved and I can happily authenticate.
using the same $SSH_AUTH_SOCK? I'd be very surprised at this!!
> Severity important since this is preventing me logging into remote
> systems (including in my case kernel.org which is preventing me doing
> upstream kernel work right now).
Please let me know if using the ssh socket works for you.
Thanks,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20170206/414ac66a/attachment.sig>
More information about the pkg-gnupg-maint
mailing list