[pkg-gnupg-maint] Bug#846175: Bug#846175: gnupg-agent: Cannot use/delete ssh keys w/ empty passphrase
Werner Koch
wk at gnupg.org
Tue Nov 29 16:20:28 UTC 2016
On Tue, 29 Nov 2016 14:49, matthias at urlichs.de said:
> When in doubt, do both?
No. As I explained the key might be in use by other tools not just
ssh. Tracking which key has been ssh-add'ed which has been taken from a
different source would be pretty complicated.
> In any case, if it's been added by ssh-add, it needs to be dropped.
> Otherwise you're not compatible with ssh-agent.
gpg-agent works different than ssh-agent in that it provides a
persistent store for the keys. It is not a plugin-replacement for
ssh-agent but merely speaks the same protocol and opts to differ from
ssh-agent semantics.
> One of my use cases is to add the key (from removable media) to some
> long-running process's key store. That process proceeds to do various
> remote things, after which it no longer requires access and thus removes
You can use gpg-connect-agent to remove keys from gpg-agent's store:
$ gpg-connect-agent
> keyinfo --ssh-list
S KEYINFO 1234567890334957345974597345984574958445 D - - - P - - S
Lists information about all keys enabled fro use with ssh
(~/.gnupg/sshcontrol). For a description of the format use "help
keyinfo". The command DELETE_KEY can be used to delete the key.
Although a bit hackish you may access gpg-agent's internal store
directly: For example with the key above you can do:
rm ~/.gnupg/private-keys-v1.d/1234567890334957345974597345984574958445.key
or backup that file with the key somewhere and restore it when you need
it again. Note that a key must also be listed in sshcontrol; but
ssh-add takes care of that. The key can be listed there but does not
need to be actually available under private-keys-v1.d
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20161129/450b606c/attachment.sig>
More information about the pkg-gnupg-maint
mailing list