[arch-general] gpg-agent, ssh keys, and systemd --user
Robbie Smith
zoqaeski at gmail.com
Mon Apr 15 19:46:31 EDT 2013
On 15/04/13 19:00, Damien Robert wrote:
> Robbie Smith wrote in message <5165674E.4080001 at gmail.com>:
>> I’ve written the following user service, and it should do the same
>> thing, but it doesn’t seem to work:
>>
>> $ cat ~/.config/systemd/user/gpg-agent.service
>> [Unit]
>> Description=GnuPG private key agent
>> Wants=environment.target
>> Before=environment.target
>> IgnoreOnIsolate=true
>
> So your question has been answered, but in case anyone is interested I run
> a setup pretty similar to yours, except that I also launch a user service
> for ssh-agent (because gpg-agent does not yet know how to handle ECDSA ssh keys
> :-()
>
> $ cat gpg-agent.service
> [Unit]
> Description=gpg-agent
> ConditionFileIsExecutable=/usr/bin/gpg-agent
>
> [Service]
> ExecStart=/usr/bin/gpg-agent --daemon --use-standard-socket
> Type=forking
> Restart=always
>
> [Install]
> WantedBy=basic.target
>
> $ cat ssh-agent.service
> [Unit]
> Description=ssh-agent
> ConditionFileIsExecutable=/usr/bin/ssh-agent
>
> [Service]
> ExecStart=/usr/bin/ssh-agent -d -a %t/ssh_auth_sock
> Restart=always
>
> [Install]
> WantedBy=basic.target
>
> So after ssh-agent is launched, it is just a matter of exporting the right
> environment variable:
> [ -z "$SSH_AUTH_SOCK" ] && export SSH_AUTH_SOCK="${XDG_RUNTIME_DIR:-/run/user/${UID:-$(id -u)}}/ssh_auth_sock"
>
> As for gpg-agent, you can't tell him where to put his socket, but at least
> using "--use-standard-socket" he will use a socket in a standard place.
> You then just need to tell gpg to look for an agent listening to this socket:
>
> $ cat ~/.gnupg/gpg.conf
> [...]
> use-agent
> $ cat ~/.gnupg/gpg-agent.conf
> use-standard-socket
>
The issue I’m getting is that these unit files (or my variants thereof)
do not work for me. The agents are starting, and the environment
variables exist, but none of my programs (ssh-add, git, etc) can access
them, so I continuously get asked the passphrase for the private keys.
More information about the arch-general
mailing list