You are not logged in.

#1 2019-06-16 16:21:40

Jubijub
Member
From: Lausanne, Switzerland
Registered: 2018-04-04
Posts: 23
Website

[gpg-agent] agent doesn't remember ssh nor gpg passphrases

Hello everyone,

What I want : I would like gpg-agent to only ask for gpg and ssh passphrases one per session, and work with git

Symptoms

  • using git with ssh and signed commits does prompt for passphrase, using the right pinentry configuration, and the commit sign and the push work

  • within the same session, doing a new commit or a new push asks for the passphrases again, as if there was no agent running

  • if I don't run echo UPDATESTARTUPTTY | gpg-connect-agent , I have sign_and_send_pubkey: signing failed: agent refused operation errors when trying to commit, and logs show failed to unprotect the secret key: Inappropriate ioctl for device arch linux errors


My config files

#~/.pam_environment
GSM_SKIP_SSH_AGENT_WORKAROUND   DEFAULT=1 # this should disable gnome keyring, as per wiki instructions (and it works if I use ssh-agent)
SSH_AGENT_PID                   DEFAULT=
SSH_AUTH_SOCK                   DEFAULT="${XDG_RUNTIME_DIR}/gnupg/S.gpg-agent.ssh"
# ~/.config/systemd/user/gpg-agent.service 
[Unit]
Description=GnuPG private key agent
IgnoreOnIsolate=true

[Service]
Type=forking
ExecStart=/usr/bin/gpg-agent --supervised
Restart=on-abort

[Install]
WantedBy=default.target
# ~/.gnupg/gpg-agent.conf 
max-cache-ttl           60480000
default-cache-ttl       60480000
max-cache-ttl-ssh       60480000
default-cache-ttl-ssh   60480000
pinentry-program        /usr/bin/pinentry-curses
enable-ssh-support
supervised

Logs and info

This sounds correct

$ echo $SSH_AUTH_SOCK
/run/user/1000/gnupg/S.gpg-agent.ssh

$ssh-add -l
256 SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx jubijub@gmail.com (ED25519)

I have strange timeout issues in journalctl

Jun 16 16:54:37 fastlearner systemd[1095]: Starting GnuPG private key agent...
Jun 16 16:54:37 fastlearner gpg-agent[6044]: gpg-agent (GnuPG) 2.2.16 starting in supervised mode.
Jun 16 16:54:37 fastlearner gpg-agent[6044]: using fd 3 for std socket (/run/user/1000/gnupg/S.gpg-agent)
Jun 16 16:54:37 fastlearner gpg-agent[6044]: using fd 4 for browser socket (/run/user/1000/gnupg/S.gpg-agent.browser)
Jun 16 16:54:37 fastlearner gpg-agent[6044]: using fd 5 for ssh socket (/run/user/1000/gnupg/S.gpg-agent.ssh)
Jun 16 16:54:37 fastlearner gpg-agent[6044]: using fd 6 for extra socket (/run/user/1000/gnupg/S.gpg-agent.extra)
Jun 16 16:54:37 fastlearner gpg-agent[6044]: listening on: std=3 extra=6 browser=4 ssh=5
Jun 16 16:54:57 fastlearner tracker-store[5882]: OK
Jun 16 16:54:57 fastlearner systemd[1095]: tracker-store.service: Succeeded.
Jun 16 16:56:07 fastlearner systemd[1095]: gpg-agent.service: Start operation timed out. Terminating.
Jun 16 16:56:07 fastlearner systemd[1095]: gpg-agent.service: Failed with result 'timeout'.
Jun 16 16:56:07 fastlearner gpg-agent[6044]: SIGTERM received - shutting down ...
Jun 16 16:56:07 fastlearner gpg-agent[6044]: gpg-agent (GnuPG) 2.2.16 stopped
Jun 16 16:56:07 fastlearner systemd[1095]: Failed to start GnuPG private key agent.
Jun 16 16:57:09 fastlearner systemd[1095]: Starting GnuPG private key agent...
Jun 16 16:57:09 fastlearner gpg-agent[6712]: gpg-agent (GnuPG) 2.2.16 starting in supervised mode.
Jun 16 16:57:09 fastlearner gpg-agent[6712]: using fd 3 for std socket (/run/user/1000/gnupg/S.gpg-agent)
Jun 16 16:57:09 fastlearner gpg-agent[6712]: using fd 4 for browser socket (/run/user/1000/gnupg/S.gpg-agent.browser)
Jun 16 16:57:09 fastlearner gpg-agent[6712]: using fd 5 for ssh socket (/run/user/1000/gnupg/S.gpg-agent.ssh)
Jun 16 16:57:09 fastlearner gpg-agent[6712]: using fd 6 for extra socket (/run/user/1000/gnupg/S.gpg-agent.extra)
Jun 16 16:57:09 fastlearner gpg-agent[6712]: listening on: std=3 extra=6 browser=4 ssh=5
Jun 16 16:57:09 fastlearner dbus-daemon[1121]: [session uid=1000 pid=1121] Activating via systemd: service name='org.freedesktop.Tracker1' unit='tracker-store.service' requested by ':1.41' (uid=1000 pid=1341 comm>
Jun 16 16:57:09 fastlearner systemd[1095]: Starting Tracker metadata database store and lookup manager...
Jun 16 16:57:09 fastlearner dbus-daemon[1121]: [session uid=1000 pid=1121] Successfully activated service 'org.freedesktop.Tracker1'
Jun 16 16:57:09 fastlearner systemd[1095]: Started Tracker metadata database store and lookup manager.
Jun 16 16:57:39 fastlearner tracker-store[6719]: OK
Jun 16 16:57:39 fastlearner systemd[1095]: tracker-store.service: Succeeded.
Jun 16 16:58:39 fastlearner systemd[1095]: gpg-agent.service: Start operation timed out. Terminating.
Jun 16 16:58:39 fastlearner gpg-agent[6712]: SIGTERM received - shutting down ...
Jun 16 16:58:39 fastlearner gpg-agent[6712]: gpg-agent (GnuPG) 2.2.16 stopped
Jun 16 16:58:39 fastlearner systemd[1095]: gpg-agent.service: Failed with result 'timeout'.
Jun 16 16:58:39 fastlearner systemd[1095]: Failed to start GnuPG private key agent.

I am 100% sure gnome-keyring isn't interfering as I disabled it (see below what I have tried)

$ ps -e | grep gnome                                                                                                                               
  723 tty1     00:00:00 gnome-session-b
  755 tty1     00:00:03 gnome-shell
 1105 ?        00:00:00 gnome-keyring-d
 1123 tty2     00:00:00 gnome-session-b
 1159 tty2     00:01:31 gnome-shell
 5586 tty2     00:00:00 chrome-gnome-sh

What I tried

  • echo UPDATESTARTUPTTY | gpg-connect-agent ==> returns OK, but same issues are happening. This does fix the issue sign_and_send_pubkey: signing failed: agent refused operation

  • Starting the service with an ExecStart=/usr/bin/gpg-agent --daemon --enable-ssh-support --supervised ==> same issues

  • I am 100% sure I removed ssh-agent (disabled the service, removed the symlink in ~/.config/systemd/user/default.target.wants, .pam_environment now points to gpg-agent, and there is no ref to start ssh-agent in my .zshrc). I also did the cp /etc/xdg/autostart/gnome-keyring-ssh.desktop ~/.config/autostart/ &&
    echo 'Hidden=true' >> ~/.config/autostart/gnome-keyring-ssh.desktop

Last edited by Jubijub (2019-06-16 16:36:44)

Offline

Board footer

Powered by FluxBB