Why exactly does pinentry fails with gpg-agent and ssh support?

André Colomb andre at colomb.de
Mon Jan 22 18:06:48 CET 2018

Hello Daniel,

I'm on Ubuntu 17.10 with GnuPG 2.1.15, by the way.

Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote on 2018-01-22 12:53
> It may also depend on how the session itself is started.  Maybe one of
> you is starting the user session in non-graphical mode (either a vt
> login, or maybe ssh?), while the other one is starting it directly from
> a graphical display manager?

The session is started by GDM3, using the vanilla gnome-session scripts
(not the adapted ubuntu-session, also based on GNOME 3).  The systemd
user unit file is copied from /usr/lib/systemd/user/gpg-agent.service
and the Upstart-specific "initctl" command line commented out.

The main difference I see here is that I have enabled the user unit by
symlinking from ~/.config/systemd/user/default.target.wants/, whereas
the Ubuntu package includes the symlink in

acolomb at barnov:~$ systemctl --user status gpg-agent.service
   Loaded: loaded (/home/acolomb/.config/systemd/user/gpg-agent.service;
enabled; vendor preset: enabled)

> do you have dbus-user-session installed?  (it is recommended)


(from your other message:)
> the systemd user service takes care of automatically launching the
> gpg-agent when the user connects to it via the ssh-agent protocol, so
> this isn't required when using systemd.

I can't see how it does that in my packaged Ubuntu version (2.1.15),
there is no gpg-agent.socket unit file anywhere?

Any other ideas on how to debug this?  What logging should I enable for
gpg-agent and how?

Btw. it affects both my Yubikey as well as file-based authentication
subkeys, so not specific to scdaemon apparently.

From: André Colomb <andre at colomb.de>

More information about the Gnupg-users mailing list