Using gpg for ssh (Maximum Portability)
andrewg at andrewg.com
Fri Jun 23 12:33:21 CEST 2017
On 2017/06/21 18:17, Peter Lebbing wrote:
> On 18/06/17 03:48, Christopher Jones wrote:
>> It's a task to setup gpg on new boxes: Import pub key, ultimately trust
>> my key, and muck around with gpg and ssh agents.
> Configuring gpg as an SSH agent for Linux in the easiest way is very,
> very distribution dependent. If you're lucky, it's a single switch
> somewhere. systemd, or Xsession, or something similar
For any linux distro that provides a recent gnupg 2.1, the easiest way
(not necessarily the Proper Way) is to put the following in your ~/.profile:
if [ -z "$SSH_CLIENT" ]; then
$XDG_RUNTIME_DIR normally expands to /run/user/<UID>. For v2.0, the
default socket location is under ~/.gnupg, but otherwise the trick is
the same. Note the vital <if> statement that prefers a forwarded
ssh-agent over a local gpg-agent.
This avoids having to mess around with distro/gui-specific session
configurations, and also has the advantage that you can cut and paste it
onto the command line of a logged-in system. There is no need to disable
the vanilla ssh-agent - just override $SSH_AUTH_SOCK and nothing will
talk to it.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users