[arch-general] Starting gpg-agent on X login (gdm)
After looking through my new shine Arch system I found that ssh-agent is run from /etc/gdm/Xsession, so I suppose that's where I need to make changes in order to get gpg-agent to run, right? Is there some documentation on the preferred way of doing this? Should I look into using seahorse instead of {ssh,gpg}-agent? /M
Magnus Therning schrieb:
After looking through my new shine Arch system I found that ssh-agent is run from /etc/gdm/Xsession, so I suppose that's where I need to make changes in order to get gpg-agent to run, right?
Is there some documentation on the preferred way of doing this?
Should I look into using seahorse instead of {ssh,gpg}-agent?
/M
how about ~/.xinitrc or ~/.xsession?
Hubert Grzeskowiak wrote:
Magnus Therning schrieb:
After looking through my new shine Arch system I found that ssh-agent is run from /etc/gdm/Xsession, so I suppose that's where I need to make changes in order to get gpg-agent to run, right?
Is there some documentation on the preferred way of doing this?
Should I look into using seahorse instead of {ssh,gpg}-agent?
/M
how about ~/.xinitrc or ~/.xsession?
Yes, I could do that, but it'd be user-specific, I would like to make it system wide. Also, I'll end up executing something like `ssh-agent ~/.xsession` and that doesn't take advantage of the fact that gpg-agent can act like ssh-agent and thus ssh-agent wouldn't have to run at all. I can always hack something up myself, but it'd be nicer to copy some guru's tried-and-tested setup :-) /M
Hubert Grzeskowiak wrote:
Magnus Therning schrieb:
After looking through my new shine Arch system I found that ssh-agent is run from /etc/gdm/Xsession, so I suppose that's where I need to make changes in order to get gpg-agent to run, right?
Is there some documentation on the preferred way of doing this?
Should I look into using seahorse instead of {ssh,gpg}-agent?
/M
how about ~/.xinitrc or ~/.xsession?
Yes, I could do that, but it'd be user-specific, I would like to make it system wide. Also, I'll end up executing something like `ssh-agent ~/.xsession` and that doesn't take advantage of the fact that gpg-agent can act like ssh-agent and thus ssh-agent wouldn't have to run at all.
I can always hack something up myself, but it'd be nicer to copy some guru's tried-and-tested setup :-)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Magnus Therning wrote: source this script [1] somewhere (I do it in my .xinitrc) and it should take care of the rest. [1] http://git.server-speed.net/cgit.cgi/bin/tree/gpg-agent.sh Greets Florian -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBAgAGBQJJ9MkoAAoJEG0WVcFM4cE+TEcQAKNVgMlxAk/iuaocEvC83lPz hNgW+1dU53S+Mu1tFpVjl6PEA/+8tN38he/FHDnG4ex6hiRLmvEu7hNxskv3/F3G mqmHiB4FEFbEXYfyOHhiv+WsWHvIB65iCCvFFAKprQg5rbCWXN6twRH5pyKeGm7R lkFUJWPqrPo2KGAzuw2LKXrVVeSf6Mj9AYl4YhZV/hgFc/PfC8oTEw4044wrQjzX 4cbOUD6Q2d0kRq8iyBxRe3hAUPlB8fxSggw6pTB2YOBs62SniSv7wHfgp48fe06Z V/bS55wTx3XAgKoZUqarqmF4HKGDPy61LFokFNO4LysLesE24xGdSugKKLmsIIJS SYRzi0HpUnRqOOUUmPT4pLE5THlxgXYnSfyZNpIS1EdDEHx5tDsmwt7zJemsUnls 6jpHkKUL4WcgdY7tCXKKBo+MV9232pGEO9vSZqJ78vDGPzBlOH3dcMMgUVDRE/vZ 91FSJVWoVLyRgwe1M1L5iutmaB1oR08W7I0sJRegU+J3/yUmunu+LZFimA/FJLse hkclkykW6sW1xIVXg9divKVuBdQJoRyUjmG3SSN+30ldGp0Q5y7JRHz0bX0cvZqA lFBVNl5RWpz1lcDbc3N0OccSyxFsfJudjDcQqWevSiGPas2JypRcsQCihcf6k+gZ 1y7mRuirpOTqChRGlcNl =Pq9K -----END PGP SIGNATURE-----
On Sun, Apr 26, 2009 at 09:17:32PM +0100, Magnus Therning wrote:
After looking through my new shine Arch system I found that ssh-agent is run from /etc/gdm/Xsession, so I suppose that's where I need to make changes in order to get gpg-agent to run, right?
Is there some documentation on the preferred way of doing this?
The gpg-agent manual page is rather detailed; have also a look to gnupg info pages.
On Monday 27 April 2009 01:47:32 Magnus Therning wrote:
After looking through my new shine Arch system I found that ssh-agent is run from /etc/gdm/Xsession, so I suppose that's where I need to make changes in order to get gpg-agent to run, right?
Hmm.. I use kde and there is nothing for ssh-agent in /etc. I think it should go in shell startup so that even non-gui session have ssh-agent too. I always ran it thr. ~/.xsession, from days of slackware so didn't notice it till now. Here is the script I use. I also need to find out how to use gpg-agent as ssh- agent. :) ----------------------------------- if [ -x "$(which gpg-agent)" ]; then if test -f $HOME/.gpg-agent-info && kill -0 $(cut -d: -f 2 $HOME/.gpg- agent-info) 2>/dev/null; then GPG_AGENT_INFO=$(cat $HOME/.gpg-agent-info) export GPG_AGENT_INFO else eval $(gpg-agent --daemon) echo $GPG_AGENT_INFO >$HOME/.gpg-agent-info fi fi # Note that the new option --write-env-file may be used instead. # You should always add the following lines to your .bashrc or whatever # initialization file is used for all shell invocations: GPG_TTY=$(tty) export GPG_TTY #Start ssh-agent. Don't want to use agent from last session if it persits at all. killall ssh-agent; eval `ssh-agent -s`; export SSH_AGENT_PID; export SSH_AUTH_SOCK; -----------------------------------
Should I look into using seahorse instead of {ssh,gpg}-agent?
and I got to find a KDE equivalent too. :) -- Shridhar
Le Lundi 27 à 5:12, Shridhar Daithankar a écrit :
Hmm.. I use kde and there is nothing for ssh-agent in /etc. I think it should go in shell startup so that even non-gui session have ssh-agent too.
I would agree with that. Having it enabled for everyone, I'm not sure. You should consider adding it to /etc/skel if you have several users and you want it to be pre-configured for every user you wall add.
#Start ssh-agent. Don't want to use agent from last session if it persits at all.
Should I look into using seahorse instead of {ssh,gpg}-agent?
and I got to find a KDE equivalent too. :)
Choose a desktop agnostic one : keychain will automagically start {ssh,gpg}-agent or use one if it is available. I find it nice to log in into my desktop computer on the morning, unlock my SSH keys, and then when later I'm moving, I can log back to my desktop and from there use my SSH key to login to further machines. I guess it depends on your computing habits. And well, I you really want only one daemon, you can still tell keychain ot use gpg-agent's --enable-ssh-support (I never tried). Just add to your .${SHELL}login : keychain . ~/.keychain/chameau-sh . ~/.keychain/chameau-sh-gpg <http://www.gentoo.org/proj/en/keychain/index.xml> -- Fred
2009/4/27 Frédéric Perrin <frederic.perrin@resel.fr>:
Le Lundi 27 à 5:12, Shridhar Daithankar a écrit :
Hmm.. I use kde and there is nothing for ssh-agent in /etc. I think it should go in shell startup so that even non-gui session have ssh-agent too.
I would agree with that. Having it enabled for everyone, I'm not sure. You should consider adding it to /etc/skel if you have several users and you want it to be pre-configured for every user you wall add.
AFAIU it has to go in both. I need the agent running in X, my shell startup isn't run when I log into X (at least not via GDM, I doubt it's ever run).
#Start ssh-agent. Don't want to use agent from last session if it persits at all.
Should I look into using seahorse instead of {ssh,gpg}-agent?
and I got to find a KDE equivalent too. :)
Choose a desktop agnostic one : keychain will automagically start {ssh,gpg}-agent or use one if it is available. I find it nice to log in into my desktop computer on the morning, unlock my SSH keys, and then when later I'm moving, I can log back to my desktop and from there use my SSH key to login to further machines. I guess it depends on your computing habits. And well, I you really want only one daemon, you can still tell keychain ot use gpg-agent's --enable-ssh-support (I never tried).
Just add to your .${SHELL}login :
keychain . ~/.keychain/chameau-sh . ~/.keychain/chameau-sh-gpg
Thanks for the pointer to keychain. It's really only a replacement for ssh-agent though, not for gpg-agent. I've done some digging and it seems the Gnome way of doing this is to have ssh-agent start dbus-launch, which in turn starts seahorse, which then starts gnome-session. Somewhat complicated, then I have to look into replacing ssh-agent by keychain :-) I'll report back as soon as I have my modfied GDM script and shell startup skeleton. /M -- Magnus Therning (OpenPGP: 0xAB4DFBA4) magnus@therning.org Jabber: magnus@therning.org http://therning.org/magnus identi.ca|twitter: magthe
Magnus Therning wrote: [..]
I'll report back as soon as I have my modfied GDM script and shell startup skeleton.
This is what I ended up with: --- /etc/gdm/Xsession_orig 2009-04-27 17:13:50.346834448 +0100 +++ /etc/gdm/Xsession 2009-04-27 17:16:25.310151728 +0100 @@ -213,6 +213,14 @@ fi fi +# add seahorse if found +seahorse="`gdmwhich seahorse-agent`" +if [ -n "${seahorse}" ] && [ -x "${seahorse}" ]; then + command="seahorse-agent --execute $command" +elif [ -z "${seahorse}" ]; then + echo "$0: seahorse not found!" +fi + # add ssh-agent if found sshagent="`gdmwhich ssh-agent`" if [ -n "$sshagent" ] && [ -x "$sshagent" ] && [ -z "$SSH_AUTH_SOCK" ]; then It seems to work well enough, but feedback and suggestions are always welcome. In the end I don't start dbus-launch in /etc/gdm/Xsession, despite the suggestions I found online. It seems it's started anyway, and running as the logged in user, so why complicate things even further? /M -- Magnus Therning (OpenPGP: 0xAB4DFBA4) magnus@therning.org Jabber: magnus@therning.org http://therning.org/magnus identi.ca|twitter: magthe
participants (6)
-
Alessandro Doro
-
Florian Pritz
-
Frédéric Perrin
-
Hubert Grzeskowiak
-
Magnus Therning
-
Shridhar Daithankar