In my last post regarding the usage of GPG Agent for SSH Authentication (read here) I presented my first solution to replace the default OpenSSH Agent with GPG’s SSH Agent support. With the update to Ubuntu 21.04 I had to reconfigure this, since the current way stopped working.
The prequisites are almost the same as in my last article. For this article, I assume that a GPG key pair is available and working (e.g. a YubiKey or a file based key pair) for signing and encryption. Furthermore, since I’m still using Ubuntu (now in version 21.04), this tutorial is most probably specific to systems running Ubuntu 21.04. However, I guess the most parts of this tutorial can be transported to other Linux operating systems as well.
Setup GPG Agent for SSH Authentication
Actually, after I upgraded to Ubuntu 21.04, I found that there is a much simpler way to get GPG Agent for SSH Authentication running as I have desribed in my last article related to this topic. This time, just three simple steps are enough:
- First, we need to enable the GnuPG agent:
echo "use-agent" >> ~/.gnupg/gpg.conf
- Second, we need to tell the GnuPG agent also to enable support for SSH:
echo "enable-ssh-support" >> ~/.gnupg/gpg-agent.conf
- Third, we need to inform SSH to use the GnuPG provided SSH agent by manually configuring the IdentityAgent (OpenSSH documentation). In my case (with Ubuntu 21.04), the SSH auth socket created by GnuPG agent was located at /run/user/1000/gnupg/S.gpg-agent.ssh:
echo "IdentityAgent /run/user/1000/gnupg/S.gpg-agent.ssh" >> ~/.ssh/config
Currently, by default, also the Gnome Keyring based SSH agent is starting (at least on my system). In order to disable, I had to uncheck SSH Key Agent in the gnome-session-properties applet.