SSH_AUTH_SOCK - to set or not to set?

theaetetos at theaetetos at
Thu Jun 23 23:41:54 CEST 2022

Hi, Damien.

Jun 22, 2022, 20:19 by dgouttegattat at

> Yes. `gnupg_SSH_AUTH_SOCK_by` is set by the agent at the same time as
> `SSH_AUTH_SOCK` (...)
> The `gpgconf` thing is to make sure `SSH_AUTH_SOCK` is always set to
> the correct path (...).

Thank you for the explanation...

> In most cases you should set `SSH_AUTH_SOCK` yourself in your profile
> script.

...and for this important clarification.

> 2) You invoke gpg-agent in a profile script like this:
> eval $(gpg-agent --sh --enable-ssh-support daemon)
> Nowadays, with the start-on-demand mechanism (which made
> GPG_AGENT_INFO obsolete), I don’t think there’s any compelling reason
> to still use that method, but it’s still there.

Still, as indicated in the man page for gpg-agent under the
--enable-ssh-support option, ssh queries cannot themselves launch the
gpg-agent, so the agent needs to be started explicitly (creating the
socket) if one expects to initiate any SSH connections before said
agent can be autostarted by a gpg request.  For that, I just use
`gpgconf --launch gpg-agent` in my init script, and of course I will
be setting the SSH_AUTH_SOCK as required.

>Hope that helps,

You've been most helpful. Thank you once again.

Best regards,

More information about the Gnupg-users mailing list