Agent forwarding failure when the socketdir was autodeleted

[Andre Heinecke]

Hi,

On Tuesday 04 October 2016 11:26:59 Daniel Kahn Gillmor wrote:
> > But if I am not logged in or there is no gnupg process running. systemd
> > autodeletes /var/run/user/<uid>/gnupg this causes the remote forward of
> > the
> > Socket to fail because the directory for the socket does not exist and SSH
> > won't create it. :-/
> 
> If you're not logged in, then how does the remote forward work?  aren't
> you actually still logged in (via ssh) as long as your remote forward is
> running?

Sorry for not formulating this better. You are of course right If I'm not 
logged in the remote forward is not working.

That is not what I meant to say. The problem is, that when I disconnect the 
/run/.../gnupg dir is deleted and the next time I want to connect and ssh 
tries to set up the forwarding this will fail because the /run/.../gnupg 
directory in which the forwarded socket should be created does not exist.

Warning: remote port forwarding failed for listen path 
/var/run/user/<uid>/gnupg/S.gpg-agent

My current workaround is to connect first and start dirmngr on the remote 
machine (to get the socketdir created and used). And then connect with ssh 
socket forwarding. This is a bit clunky to use.

I've tried placing files in that folder, or to set up permissions to 000 for 
the gnupg folder (so that gnupg itself does not use it) but to no avail. It's 
still removed when disconnecting and the next connect will fail.

Regards,
Andre

-- 
Andre Heinecke |  ++49-541-335083-262  | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20161004/4350acff/attachment.sig>