GPG Agent for SSH Authentication (Update)
In my last post regarding the usage of GPG Agent for SSH Authentication (read here) I presented my first solution to replace the default OpenSSH Agent with GPG’s SSH Agent support. With the update to Ubuntu 21.04 I had to reconfigure this, since the current way stopped working.
Prequisites
The prequisites are almost the same as in my last article. For this article, I assume that a GPG key pair is available and working (e.g. a YubiKey or a file based key pair) for signing and encryption. Furthermore, since I’m still using Ubuntu (now in version 21.04), this tutorial is most probably specific to systems running Ubuntu 21.04. However, I guess the most parts of this tutorial can be transported to other Linux operating systems as well.
Setup GPG Agent for SSH Authentication
Actually, after I upgraded to Ubuntu 21.04, I found that there is a much simpler way to get GPG Agent for SSH Authentication running as I have desribed in my last article related to this topic. This time, just three simple steps are enough:
- First, we need to enable the GnuPG agent:
echo "use-agent" >> ~/.gnupg/gpg.conf
- Second, we need to tell the GnuPG agent also to enable support for SSH:
echo "enable-ssh-support" >> ~/.gnupg/gpg-agent.conf
- Third, we need to inform SSH to use the GnuPG provided SSH agent by manually configuring the IdentityAgent (OpenSSH documentation). In my case (with Ubuntu 21.04), the SSH auth socket created by GnuPG agent was located at /run/user/1000/gnupg/S.gpg-agent.ssh:
echo "IdentityAgent /run/user/1000/gnupg/S.gpg-agent.ssh" >> ~/.ssh/config
Optional Steps
Currently, by default, also the Gnome Keyring based SSH agent is starting (at least on my system). In order to disable, I had to uncheck SSH Key Agent in the gnome-session-properties applet.
5 COMMENTS
In impish (21.10) this is broken:
disabling the gnome-keyring works fine, but I’m receiving a different agent in SSH_AUTH_SOCK.
What I’ve done to fix it, is “systemctl –user disable ssh-agent”, but then the gpg-agent doesn’t start either. They’ve invented a bunch of new things in impish. I’m still very fond of the gpg confirmation dialog for agent use.
I’m working with 21.10, too, and it worked as described in the post without problems.
hello, i have tried these steps to no avail. is there anything you could assist with?
Works wonderfully on 22.04 as well, thanks.
This is a lovely way to configure it — much less hassle than previous setups đ
Upgraded to 22.04.1 LTS and I get the faulty environment variable:
/run/user/1000/openssh_agent
Instead of:
/run/user/1000/gnupg/S.gpg-agent.ssh
If I set it manually everything works fine…