[pkg-gnupg-maint] Bug#1101471: Bug#1101471: starting of agent for system accounts is inacceptable
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Apr 9 21:39:14 BST 2025
On Mon 2025-03-31 21:53:41 +0200, Marc Haber wrote:
> It is probably enough to have an ssh-agent running on the side of the
> ssh client to invoke a gpg agent on the server side? I am not using gpg
> in any way here.
If we were to remove the systemd sockets, then gpg would auto-launch the
daemons on its own.
So maybe the issue is that the gpg-agent-ssh.socket startup is somehow
setting SSH_AUTH_SOCK when it shouldn't be?
Marc, what does this command show for you?
gpgconf --list-options gpg-agent | grep ^enable-ssh-agent:
Can you see anything in the per-user journal for the system user related
to gpg-agent? as the system user in question, can you share the output
of this:
journalctl --user-unit 'gpg-agent*'
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20250409/2883faa4/attachment.sig>
More information about the pkg-gnupg-maint
mailing list