Management of background services with systemd

Fri Mar 3 11:36:09 CET 2023

On Thu, Mar 02, 2023 at 05:53:21PM +0100, Werner Koch via Gnupg-users wrote:
> On Wed,  1 Mar 2023 21:24, Michael Richardson said:
> 
> > Combined with SSH access to the machine, and the passphrase/pin popup shows
> > up in the wrong place.
> 
> Talking about ssh: Yes, you need to make sure that gpg-agent has been
> launched.  But once that has been done ssh works nicely.
> 
> The major problem with ssh is that ssh has no way to pass environment
> variables to gpg-agent via the ssh-agent protocol.  gpg-agent needs the
> envvars to pop up pinentry on the right tty/display.  I once posted
> patches to the ssh list to extend ssh in this way but the interest was
> not high and I had no time to starting convincing them to apply these
> patches.
> 
> Actually it would also be possible to tell ssh to autostart gpg-agent,
> similar to what gpg does.  This could be done as a generic pre-connect
> extension to ssh.

FWIW, there is also the keychain tool that may be invoked in shell startup
scripts (which also provides the ability to differentiate - if needed -
between interactive and non-interactive shells):

- the tool itself: https://www.funtoo.org/Keychain
- a couple of patches that we apply to the Debian packaging:
    - https://salsa.debian.org/debian/keychain/-/blob/debian/master/debian/patches/malformed-ssh-key.patch
    - https://salsa.debian.org/debian/keychain/-/blob/debian/master/debian/patches/empty-ssh-askpass.patch

G'luck,
Peter

-- 
Peter Pentchev  roam at ringlet.net roam at debian.org pp at storpool.com
PGP key:        http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230303/ca5ac60f/attachment.sig>