[pkg-gnupg-maint] Bug#854376: Bug#854376: Unable to use gpg-agent as ssh-agent
Punit Agrawal
punitagrawal at gmail.com
Thu Feb 9 12:25:17 UTC 2017
Hi Daniel,
Responses inline.
On Thu, Feb 9, 2017 at 12:42 AM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> Hi Punit--
>
> On Mon 2017-02-06 11:35:32 -0500, Punit Agrawal wrote:
>> Not sure if it's related but gpg-agent stopped behaving as ssh
>> agent after updating the system today. On my machine, I have
>>
>> % env | grep -i ssh
>> SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent.ssh
>>
>> When trying to ssh, I run into
>>
>> % ssh <remote-host>
>> sign_and_send_pubkey: signing failed: agent refused operation
>>
>> "ssh-add -L" shows that the key that should be used to log into the remote.
>>
>> On further digging, I landed at
>> /usr/lib/systemd/user/gpg-agent-ssh.socket which doesn't seem to
>> be explicitly enabling ssh support. But I'm not familiar with
>> systemd units so might've misunderstood what's going on.
>
> modern versions of gpg-agent have ssh support enabled by default.
>
> If you're getting a refusal from the agent to sign the key, please let
> me know:
>
> * what version of the gnupg-agent package?
I've got version 2.1.18-3 of the package (I'm running testing)
>
> * what version of pinentry are you using by default? (e.g. the output
> of "readlink -f $(which pinentry)")
% readlink -f $(which pinentry)
/usr/bin/pinentry-qt
>
> * how are you launching your graphical environment? (e.g. "no graphical
> environment at all", or "startx", or "gdm" or some other display manager)
sddm
>
> * do you have dbus-user-session installed?
No.
>
>
> As a diagnostic workaround, can you try running the following and then
> tell me whether gpg-agent starts working for you?
>
> gpg-connect-agent updatestartuptty /bye
After executing the above command, gpg-agent starts working for me. :)
As a further test, I killed the gpg-agent process
% pkill gpg-agent
and then I'm back to the agent refusing to sign the key -
% ssh <hostname>
sign_and_send_pubkey: signing failed: agent refused operation
at which point re-executing "gpg-connect-agent updatestartuptty /bye"
makes it work again.
I've got the following in my environment variables -
% env | grep -iE "gpg|ssh"
GPG_AGENT_INFO=/run/user/1000/gnupg/S.gpg-agent:0:1
SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent.ssh
GPG_TTY=/dev/pts/2
Let me know if there is anything else I can add to help get to the
bottom of the problem.
Thanks,
Punit
More information about the pkg-gnupg-maint
mailing list