You are not logged in.
Hello,
As said in the title, my goal is to set up gpg-agent such that when I ssh into a remote server, gpg-agent would prompt me with a passphrase to unlock my ssh authentication key. Following this guide , I set up .pam_environment and .bashrc as directed. Upon reboot, I get the following outputs for the different commands
ps aux | grep agent
---------------------------------
735 0.0 0.0 82984 3404 ? SLs 0:00 /usr/bin/gpg-agent --supervised
ssh-agent
----------------------------------
SSH_AUTH_SOCK= /tmp/ssh-PEdfdd8w7MTc/agent.798; export SSH_AUTH_SOCK
SSH_AGENT_PID=799; export SSH_AGENT_PID;
echo Agent pid 799
echo $SSH_AUTH_SOCK
--------------------------------------
/run/user/1001/gnupg/S.gpg-agent.sshWhen I try
ssh-add -L, I'd get
Agent has no entities. Even if I export one of my authentication-enabled gpg subkey as ssh key, and try
ssh-add my-gpg-ssh.gpgI'd get
Format not supported I also tried adding my-gpg-ssh.gpg to .ssh/authorizedkeys on the remote server and ssh into it. I would get permission denied error. This tells me that the gpg-agent is not being called.
Please advise.
Last edited by doubleslash (2019-01-16 15:54:42)
Offline
Though gpg-agent has OpenSSH agent emulation, the opposite is not true: you won't be able to add a GPG key to the agent with OpenSSH's ssh-add.
Did you follow Using_a_PGP_key_for_SSH_authentication ?
Unless you have your GPG key on a keycard, you need to add your key to $GNUPGHOME/sshcontrol to be recognized as a SSH key.
Last edited by sabroad (2019-01-16 12:31:40)
--
saint_abroad
Offline
That did it! Thank you so much. You ended a couple days of struggle for me. Let me recapitulate the steps below in case someone else might find it helpful. Assuming you have a key capable of authentication set up, you need
1. ~/.pam_environment and ~/.bashrc
~/.pam_environment
---------------------------------------------------------------------
SSH_AGENT_PID DEFAULT=
SSH_AUTH_SOCK DEFAULT="${XDG_RUNTIME_DIR}/gnupg/S.gpg-agent.ssh"
~/.bashrc
----------------------------------------------------------------
SSH_AGENT_PID DEFAULT=
SSH_AUTH_SOCK DEFAULT="${XDG_RUNTIME_DIR}/gnupg/S.gpg-agent.ssh"2. Export your pgp key as ssh key to myssh.gpg
gpg --export-ssh-key gpg-key-id > myssh.gpgIf you need to get the key's id, run
gpg --list-keys --keyid-format short3. Get the keygrip
gpg --list-keys --with-keygripand copy it to $GNUPGHOME/sshcontrol as explained here
4. Concatenate myssh.gpg to your remote server's .ssh/authorizedkeys
All done. When you ssh my-remote-server, you should get a window to enter the passphrase of your gpg key
Offline