Re: gpg-agent/ssh-add asking for passphrase at first usage
On Mon, Mar 31, 2008 at 12:17:59AM -0400, Todd Zullinger wrote: Axel Thimm wrote: some years ago I did create a nice gpg-agent --enable-ssh-support setup that would register ssh keys with the agent, but the agent would only ask for the passphrase when ssh would try a connection. Now I upgraded my system and this doesn't work anymore. What exactly doesn't work? You don't get any password prompt for either your ssh nor gpg keys? Or you get the prompt for both now instead of having your ssh key automatically added? Or something else entirely? I tried to explain, but maybe the mail was too long: Previously, right after logging in I would see the keys with ssh-add -l, but I would only be asked for the passphrase on their first usage. Now they are not listed and if I try to add them I'm asked for the pssphrase immediately. Now my questions are: [...] - *why* did it break with the update? The old system has gnupg 2.0.8 and the new one 2.0.9. But the Changelog doesn't indicate anything that would make these two behave differently. Is the new system running another agent, like the seahorse agent? I think that might be on by default now, and it provides similar functionlity to gpg-agent and ssh-agent. Maybe it's causing problems? I'm invoking gpg-agent directly in the ssh-agent replacment scrip (see my OP). -- Axel.Thimm at ATrpms.net pgpOxSFEFMmqj.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg-agent/ssh-add asking for passphrase at first usage
Hi, some years ago I did create a nice gpg-agent --enable-ssh-support setup that would register ssh keys with the agent, but the agent would only ask for the passphrase when ssh would try a connection. Now I upgraded my system and this doesn't work anymore. Unfortunately I didn't document how I had set it up and I can't even find a hint in the gnupg docs. :( Fortunately I have a backup of the old system where I can at least phenomenically investigate it: a) The old system was a Fedora system where I had replaced /usr/bin/ssh-agent with a script: #! /bin/sh exec /usr/bin/gpg-agent \ --enable-ssh-support \ --daemon \ --write-env-file ${HOME}/.gpg-agent-info \ $@ b) When logging into X11 Fedora would call this script wrapped around gnome-session. Once in a console `ssh-add -l' shows that the key has already been registered (but no passphrase has been asked yet): $ ssh-add -l 1024 95:50:9c:02:fc:71:d6:fb:0c:f6:02:d1:fc:dc:7e:3f .xxx/id_dsa (DSA) c) When an ssh connection is run gpg-agent would be contacted which in turn would fire up the pinentry-program to get the passphrase, which would then only be asked again after the default/max ttls would expire. Now my questions are: - *how* did I set this up to have the key registered, but have the passphrase asked only once it's needed? There is no ssh-add option for a delayed passphrase checking. - *where* did I set this up? I couldn't find anything in the gnome startup that would even call ssh-add. How did gpg-agent know about the location/fingerprint of my key? - *why* did it break with the update? The old system has gnupg 2.0.8 and the new one 2.0.9. But the Changelog doesn't indicate anything that would make these two behave differently. Thanks! -- Axel.Thimm at ATrpms.net pgpagYTAba82s.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg-agent/ssh-add asking for passphrase at first usage
Axel Thimm wrote: some years ago I did create a nice gpg-agent --enable-ssh-support setup that would register ssh keys with the agent, but the agent would only ask for the passphrase when ssh would try a connection. Now I upgraded my system and this doesn't work anymore. What exactly doesn't work? You don't get any password prompt for either your ssh nor gpg keys? Or you get the prompt for both now instead of having your ssh key automatically added? Or something else entirely? Now my questions are: [...] - *why* did it break with the update? The old system has gnupg 2.0.8 and the new one 2.0.9. But the Changelog doesn't indicate anything that would make these two behave differently. Is the new system running another agent, like the seahorse agent? I think that might be on by default now, and it provides similar functionlity to gpg-agent and ssh-agent. Maybe it's causing problems? That's just my half-educated guess. ;) -- ToddOpenPGP - KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~ Conscience is what hurts when everything else feels so good. pgpQtWZ1o6urS.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users