Hi, some years ago I did create a nice "gpg-agent --enable-ssh-support" setup that would register ssh keys with the agent, but the agent would only ask for the passphrase when ssh would try a connection.
Now I upgraded my system and this doesn't work anymore. Unfortunately
I didn't document how I had set it up and I can't even find a hint in
the gnupg docs. :(
Fortunately I have a backup of the old system where I can at least
phenomenically investigate it:
a) The old system was a Fedora system where I had replaced
/usr/bin/ssh-agent with a script:
#! /bin/sh
exec /usr/bin/gpg-agent \
--enable-ssh-support \
--daemon \
--write-env-file ${HOME}/.gpg-agent-info \
"$@"
b) When logging into X11 Fedora would call this script wrapped around
gnome-session. Once in a console `ssh-add -l' shows that the key has
already been registered (but no passphrase has been asked yet):
$ ssh-add -l
1024 95:50:9c:02:fc:71:d6:fb:0c:f6:02:d1:fc:dc:7e:3f .xxx/id_dsa (DSA)
c) When an ssh connection is run gpg-agent would be contacted which in
turn would fire up the pinentry-program to get the passphrase,
which would then only be asked again after the default/max ttls
would expire.
Now my questions are:
- *how* did I set this up to have the key registered, but have the
passphrase asked only once it's needed? There is no ssh-add option
for a delayed passphrase checking.
- *where* did I set this up? I couldn't find anything in the gnome
startup that would even call ssh-add. How did gpg-agent know about
the location/fingerprint of my key?
- *why* did it break with the update? The old system has gnupg 2.0.8
and the new one 2.0.9. But the Changelog doesn't indicate anything
that would make these two behave differently.
Thanks!
--
Axel.Thimm at ATrpms.net
pgpagYTAba82s.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
