Gpg-agent requires kill&relaunch after restart to enable SSH support

Alexander Hermes alexander.hermes at grasshopperasia.com
Fri Oct 12 04:17:18 CEST 2018


Hi,

I am trying to use gpg-agent as a drop-in replacement for ssh-agent and I
have an issue where I consistently have to kill & manually relaunch the
agent upon every reboot because the agent initially refuses SSH support

I have included more information on my environment & GPG versions below,
but in brief it's Fedora 28 and GPG 2.2.8. Here is my issue:

* I have enabled `enable-ssh-support` in .gnupg/gpg-agent.conf and added
lines to my .bashrc to set GPG_TTY and start gpg agent upon login
* When I initially boot my system and log in to Gnome (Gnome3 with wayland)
a gpg-agent process is started (I can see it in the process list - see
initial ps output below)
* If I try to use the SSH function of the agent by SSHing into a machine
then SSH reports "agent refused operation"
* If I kill and relaunch the agent through `gpgconf --kill gpg-agent &&
gpgconf --launch gpg-agent` then it starts working

Please can you help me troubleshoot / debug this issue:

0) Can you think of how this can happen?
1) How can I figure out what the configuration of the _running_ agent is to
check if it's picked up the options?
2) How can I get the agent to log to a file (I tried setting debug / log
file options in gpg-agent.conf but that seems to have no effect)

Please CC me in any responses.

Thanks a lot,

Alexander

*## Initial ps output*
alexander.hermes at dev28-wslpt ~ $ ps auxf | grep gpg-agent
alexand+  2455  0.0  0.0 370644   644 ?        Ss   08:48   0:00 gpg-agent
--homedir /home/alexander.hermes/.gnupg --use-standard-socket --daemon

*## .gnupg/gpg-agent.conf*
###+++--- GPGConf ---+++###
enable-ssh-support
###+++--- GPGConf ---+++### Mon 01 Oct 2018 10:11:45 AM +08
# GPGConf edited this configuration file.
# It will disable options before this marked block, but it will
# never change anything below these lines.
debug-level expert
debug-all
verbose
log-file /var/log/gpg-agent

*## .bashrc gpg lines*
# Setup for GPG-agent
export GPG_TTY="$(tty)"
# Cf. https://wiki.archlinux.org/index.php/GnuPG#SSH_agent
unset SSH_AGENT_PID
if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
  export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
fi
(... other stuff ...)
# Start gpg agent
gpgconf --launch gpg-agent

*## GPG2 info*
alexander.hermes at dev28-wslpt .gnupg $ gpg2 --version
gpg (GnuPG) 2.2.8
libgcrypt 1.8.3
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <
https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/alexander.hermes/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP

*## GPG-Agent info*
alexander.hermes at dev28-wslpt .gnupg $ gpg-agent --version
gpg-agent (GnuPG) 2.2.8
libgcrypt 1.8.3
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <
https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

*## Kernel info + OS*
Linux dev28-wslpt.grass.corp 4.17.14-202.fc28.x86_64 #1 SMP Wed Aug 15
12:29:25 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Fedora release 28 (Twenty Eight)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20181012/6856c579/attachment.html>


More information about the Gnupg-users mailing list