#StackBounty: #gnupg #gpg-agent How to properly start gpg-agent on Ubuntu 16.04

Bounty: 100

I have a Yubikey4 loaded with my gpg-key, acting as a smartcard. I can do gpg2 card-status and it gives me the whole shebang showing all my subkeys and everything is fine.

I then wanted to use gpg-agent to ssh into remote hosts using my gpg key. I added the following to my ~/.gnupg/gpg-agent.conf

enable-ssh-support
pinentry-program /usr/bin/pinentry-curses
default-cache-ttl 60

I also set the SSH_AUTH_SOCK in my .bashrc as this:

export SSH_AUTH_SOCK=~/.gnupg/S.gpg-agent.ssh

If I then reboot my machine, the key is added and visible with ssh-add -l

4096 SHA256....... cardno: ..... (RSA)

But any attempts to ssh to a remote server just hangs, ssh -vvv tells me the machine tries to sign and send the key, but the agent refuses operation.

If I then execute a script I made using various sources it all works.

   killall gpg
   export SSH_AUTH_SOCK=~/.gnupg/S.gpg-agent.ssh; gpg-agent --daemon --keet-tty --use-standard-socket --pinentry-program=/usr/bin/pinentry-curses 

I tried implementing this using bashrc, executing it with my deskopt-manager and a user systemd task to no avail.

Can anybody help me figure out how to start this automatically on login, without the need to execute “my script”?


Get this bounty!!!

Leave a Reply