Re: running gpg-agent in foreground

[Falko Strenzke]

Thanks, the first approach seems to work fine for me.

- Falko

Am 17.01.24 um 17:56 schrieb Werner Koch:

On Wed, 17 Jan 2024 14:01, Falko Strenzke said:

I would like to run my development version of GPG-agent under valgrind. As I
understand it, for that purpose I have to run it in the foreground, i.e. in
server mode. However, whenever I launch it as

No, that will not work for you.  I recommend this:

   cd /my/test/directory
   GNUPGHOME=`pwd` gpg-agent --daemon /bin/sh

This way you can easily start gpg-agent via valgrind.  Instead of
running a shell directly you may also use a script instead of /bin/sh:

--8<---cut here---start->8---
#!/bin/sh

SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
export SSH_AUTH_SOCK
cat >setup-tests.ini <<'EOF'
PS1="$(echo "$PS1" | sed 's,\\\$ $,(GnuPGTest)\\\$ ,')"
export HISTCONTROL=ignoreboth
export HISTFILE=$(pwd)/.bash_history
EOF
exec bash --init-file setup-tests.ini
--8<---cut here---end--->8---

which gives you a dedicated prompt so that you can easily see that you
are in a test environment.

For logging put "log-file socket://" into common.conf and
run

   watchgnupg --time-only --homedir /my/test/directory

in another terminal.  Add --force to take over the logging socket.
Useful debug options for gpg-agent.conf are "debug ipc".  Use
"gpg-agent --debug help" to get a list of all debug options.


Salam-Shalom,

Werner


--

*MTG AG*
Dr. Falko Strenzke
Executive System Architect

Phone: +49 6151 8000 24
E-Mail: falko.stren...@mtg.de
Web: mtg.de 

MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany
Commercial register: HRB 8901
Register Court: Amtsgericht Darmstadt
Management Board: Jürgen Ruf (CEO), Tamer Kemeröz
Chairman of the Supervisory Board: Dr. Thomas Milde

This email may contain confidential and/or privileged information. If 
you are not the correct recipient or have received this email in error,
please inform the sender immediately and delete this email.Unauthorised 
copying or distribution of this email is not permitted.


Data protection information: Privacy policy 





OpenPGP_0xD1AC7C9C72A60A61.asc
Description: OpenPGP public key


OpenPGP_signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Win 11 + Smarcard: SSH public key authentication fails

[Werner Koch via Gnupg-users]

On Wed, 17 Jan 2024 08:22, Thomas said:

> I didn't use ssh @ on purpose because I'm used to
> use the same user on remoteserver as on client.

Common problem for me too when I ssh into a Windows box where I use a
different user name on purpose ;-).  This way you don't accidently login
into a testbox and run commands not intended for that box.


Shalom-Salam,

   Werner


-- 
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein


openpgp-digital-signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: running gpg-agent in foreground

[Werner Koch via Gnupg-users]

On Wed, 17 Jan 2024 14:01, Falko Strenzke said:
> I would like to run my development version of GPG-agent under valgrind. As I
> understand it, for that purpose I have to run it in the foreground, i.e. in
> server mode. However, whenever I launch it as

No, that will not work for you.  I recommend this:

  cd /my/test/directory
  GNUPGHOME=`pwd` gpg-agent --daemon /bin/sh

This way you can easily start gpg-agent via valgrind.  Instead of
running a shell directly you may also use a script instead of /bin/sh:

--8<---cut here---start->8---
#!/bin/sh

SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
export SSH_AUTH_SOCK
cat >setup-tests.ini <<'EOF'
PS1="$(echo "$PS1" | sed 's,\\\$ $,(GnuPGTest)\\\$ ,')"
export HISTCONTROL=ignoreboth
export HISTFILE=$(pwd)/.bash_history
EOF
exec bash --init-file setup-tests.ini
--8<---cut here---end--->8---

which gives you a dedicated prompt so that you can easily see that you
are in a test environment.

For logging put "log-file socket://" into common.conf and 
run

  watchgnupg --time-only --homedir /my/test/directory

in another terminal.  Add --force to take over the logging socket.
Useful debug options for gpg-agent.conf are "debug ipc".  Use
"gpg-agent --debug help" to get a list of all debug options.


Salam-Shalom,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein


openpgp-digital-signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

running gpg-agent in foreground

[Falko Strenzke]

I would like to run my development version of GPG-agent under valgrind. 
As I understand it, for that purpose I have to run it in the foreground, 
i.e. in server mode. However, whenever I launch it as


./bin/gpg-agent --homedir   --log-file agent.log 
--server --debug-all


then, when I launch a private key operation via the gpg application, a 
new agent is started (in daemon mode) and used by gpg and I find no way 
to get the agent launched in server mode to ever process anything.


In contrast, if I start it with the same command line, except for using 
daemon mode, i.e.,


./bin/gpg-agent --homedir   --log-file agent.log 
--daemon --debug-all


then the gpg application always connects to it like expected.

Any ideas how I can launch the agent in the foreground so that the gpg 
application will connect to it?


- Falko

--

*MTG AG*
Dr. Falko Strenzke
Executive System Architect

Phone: +49 6151 8000 24
E-Mail: falko.stren...@mtg.de
Web: mtg.de 


Follow us

 



MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany
Commercial register: HRB 8901
Register Court: Amtsgericht Darmstadt
Management Board: Jürgen Ruf (CEO), Tamer Kemeröz
Chairman of the Supervisory Board: Dr. Thomas Milde

This email may contain confidential and/or privileged information. If 
you are not the correct recipient or have received this email in error,
please inform the sender immediately and delete this email.Unauthorised 
copying or distribution of this email is not permitted.


Data protection information: Privacy policy 





OpenPGP_0xD1AC7C9C72A60A61.asc
Description: OpenPGP public key


OpenPGP_signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Win 11 + Smarcard: SSH public key authentication fails

[Thomas via Gnupg-users]

Hello,

accidently I identified the root cause for this issue.

I executed this SSH command:

ssh 

I didn't use ssh @ on purpose because I'm used to 
use the same user on remoteserver as on client.


After executing SSH command

ssh @

gpg-agent works as expected and I can login with public key.

One may consider this as a bug, however I'm happy that I found a 
solution for my issue.


Now I can proceed to next issue: SSH forward

Thanks for your great support!

Thomas

Am 2024-01-16 18:50, schrieb Werner Koch:


On Mon, 15 Jan 2024 20:03, Thomas Schneider said:


And ssh-pageant is not available for Win 11, but pageant is included
in PuTTY.


I didn't implemented or tested the newer --enable-w32-openssh-support 
so
I don't have first have experience.  However, Windows comes with an 
sssh
server and an client, which are slighly modified OpenSSH versions.  
Thus

you should be able to simply run

c:\ ssh -v snow...@hawaii.nsa.gov

The ssh diagnostics enabled with -v should show you what's going on and
whether ssh tries to use an ssh-agent implementation.

You need to start gpg-agent first, of course:

gpgconf --launch gpg-agent

or run any gpg command or kleopatra, etc.)


Could you please share some details of your working setup (scripts
connecting from Win 10/11 to other servers using SSH).


Okay, let's try it: I just installed a gpg4win 4.3.0-beta and tried it
on my testbox (Windows 10.0 build 19045) using my regular token:

debug1: Next authentication method: publickey
debug1: Offering public key: cardno:FFFE_xxx ED25519 
SHA256:tXYM7ne2kI+ZUw7jGii9LBhoz8uB0ucKv28OSSW6a/g agent
debug1: Server accepts key: cardno:FFFE_xxx ED25519 
SHA256:tXYM7ne2kI+ZUw7jGii9LBhoz8uB0ucKv28OSSW6a/g agent

debug1: Authentication succeeded (publickey).
Authenticated to ftp.gnupg.org ([217.69.76.55]:22).

But that should also work with your gpg4win version.

the native client you need to add *enable-w32-openssh-support* to your


Oops, the option is actually *enable-win32-openssh-support*.  I try to
get it into the Kleopatra config dialog with gnupg 2.4.4 - right now
kleopatra can only enable the Unix style ssh support.

Shalom-Salam,

   Werner___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users