[pkg-gnupg-maint] Bug#846175: Bug#846175: gnupg-agent: Cannot use/delete ssh keys w/ empty passphrase

Werner Koch wk at gnupg.org
Tue Nov 29 16:20:28 UTC 2016


On Tue, 29 Nov 2016 14:49, matthias at urlichs.de said:

> When in doubt, do both?

No.  As I explained the key might be in use by other tools not just
ssh.  Tracking which key has been ssh-add'ed which has been taken from a
different source would be pretty complicated.  

> In any case, if it's been added by ssh-add, it needs to be dropped.
> Otherwise you're not compatible with ssh-agent.

gpg-agent works different than ssh-agent in that it provides a
persistent store for the keys.  It is not a plugin-replacement for
ssh-agent but merely speaks the same protocol and opts to differ from
ssh-agent semantics.

> One of my use cases is to add the key (from removable media) to some
> long-running process's key store. That process proceeds to do various
> remote things, after which it no longer requires access and thus removes

You can use gpg-connect-agent to remove keys from gpg-agent's store:

  $ gpg-connect-agent
  >  keyinfo --ssh-list
  S KEYINFO 1234567890334957345974597345984574958445 D - - - P - - S

Lists information about all keys enabled fro use with ssh
(~/.gnupg/sshcontrol).  For a description of the format use "help
keyinfo".  The command DELETE_KEY can be used to delete the key.

Although a bit hackish you may access gpg-agent's internal store
directly: For example with the key above you can do:

 rm  ~/.gnupg/private-keys-v1.d/1234567890334957345974597345984574958445.key

or backup that file with the key somewhere and restore it when you need
it again.  Note that a key must also be listed in sshcontrol; but
ssh-add takes care of that.  The key can be listed there but does not
need to be actually available under private-keys-v1.d


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20161129/450b606c/attachment.sig>


More information about the pkg-gnupg-maint mailing list