Hi Daniel, Responses inline.
On Thu, Feb 9, 2017 at 12:42 AM, Daniel Kahn Gillmor <[email protected]> wrote: > Hi Punit-- > > On Mon 2017-02-06 11:35:32 -0500, Punit Agrawal wrote: >> Not sure if it's related but gpg-agent stopped behaving as ssh >> agent after updating the system today. On my machine, I have >> >> % env | grep -i ssh >> SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent.ssh >> >> When trying to ssh, I run into >> >> % ssh <remote-host> >> sign_and_send_pubkey: signing failed: agent refused operation >> >> "ssh-add -L" shows that the key that should be used to log into the remote. >> >> On further digging, I landed at >> /usr/lib/systemd/user/gpg-agent-ssh.socket which doesn't seem to >> be explicitly enabling ssh support. But I'm not familiar with >> systemd units so might've misunderstood what's going on. > > modern versions of gpg-agent have ssh support enabled by default. > > If you're getting a refusal from the agent to sign the key, please let > me know: > > * what version of the gnupg-agent package? I've got version 2.1.18-3 of the package (I'm running testing) > > * what version of pinentry are you using by default? (e.g. the output > of "readlink -f $(which pinentry)") % readlink -f $(which pinentry) /usr/bin/pinentry-qt > > * how are you launching your graphical environment? (e.g. "no graphical > environment at all", or "startx", or "gdm" or some other display manager) sddm > > * do you have dbus-user-session installed? No. > > > As a diagnostic workaround, can you try running the following and then > tell me whether gpg-agent starts working for you? > > gpg-connect-agent updatestartuptty /bye After executing the above command, gpg-agent starts working for me. :) As a further test, I killed the gpg-agent process % pkill gpg-agent and then I'm back to the agent refusing to sign the key - % ssh <hostname> sign_and_send_pubkey: signing failed: agent refused operation at which point re-executing "gpg-connect-agent updatestartuptty /bye" makes it work again. I've got the following in my environment variables - % env | grep -iE "gpg|ssh" GPG_AGENT_INFO=/run/user/1000/gnupg/S.gpg-agent:0:1 SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent.ssh GPG_TTY=/dev/pts/2 Let me know if there is anything else I can add to help get to the bottom of the problem. Thanks, Punit
