SSH_AUTH_SOCK - to set or not to set?
theaetetos at tutanota.com
theaetetos at tutanota.com
Thu Jun 23 23:41:54 CEST 2022
Hi, Damien.
Jun 22, 2022, 20:19 by dgouttegattat at incenp.org:
> Yes. `gnupg_SSH_AUTH_SOCK_by` is set by the agent at the same time as
> `SSH_AUTH_SOCK` (...)
> The `gpgconf` thing is to make sure `SSH_AUTH_SOCK` is always set to
> the correct path (...).
Thank you for the explanation...
> In most cases you should set `SSH_AUTH_SOCK` yourself in your profile
> script.
...and for this important clarification.
> 2) You invoke gpg-agent in a profile script like this:
> eval $(gpg-agent --sh --enable-ssh-support daemon)
> Nowadays, with the start-on-demand mechanism (which made
> GPG_AGENT_INFO obsolete), I don’t think there’s any compelling reason
> to still use that method, but it’s still there.
Still, as indicated in the man page for gpg-agent under the
--enable-ssh-support option, ssh queries cannot themselves launch the
gpg-agent, so the agent needs to be started explicitly (creating the
socket) if one expects to initiate any SSH connections before said
agent can be autostarted by a gpg request. For that, I just use
`gpgconf --launch gpg-agent` in my init script, and of course I will
be setting the SSH_AUTH_SOCK as required.
>Hope that helps,
You've been most helpful. Thank you once again.
Best regards,
Patrizio
More information about the Gnupg-users
mailing list