6

Trying to configure gpg in a way that I enter passphrase only once, and it will work for the whole session.

However, this is what I'm getting:

$ pgrep gpg-agent | wc 
      0       0       0

$ gpg-agent --daemon
gpg-agent: a gpg-agent is already running - not starting a new one

$ pgrep gpg-agent
26401

I.e., gpg-agent --daemon will start a gpg-agent but forgot it has started one right afterward, and blocks itself. Tried many times after gpgconf --kill gpg-agent, or

kill `pgrep gpg-agent`

and the results are always the same.

What's wrong?

$ lsb_release -a 
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 18.04.1 LTS
Release:        18.04
Codename:       bionic

# installed packages with KW of gpg:
gpg_2.2.4-1ubuntu1.2
gpg-agent_2.2.4-1ubuntu1.2
gpg-wks-client_2.2.4-1ubuntu1.2
gpg-wks-server_2.2.4-1ubuntu1.2
gpgconf_2.2.4-1ubuntu1.2
gpgsm_2.2.4-1ubuntu1.2
gpgv_2.2.4-1ubuntu1.2
Benjamin Loison
  • 180
  • 5
xpt
  • 8,261
  • 38
  • 102
  • 156
  • @harrymc, thx. I took a look at [that answer](https://superuser.com/questions/1302324/how-to-properly-start-gpg-agent-on-ubuntu-16-04) as per your suggestion, but found one important aspect of info missing -- how can `gpg` replace `ssh-agent`? I'm using ssh-agent forwarding and doing things on remote server. I need to keep the forwarded ssh auth, otherwise, I'll use `keychain` to simplify the whole situation, without even installing that extra OpenPGP Card component, as the linked doc *required*. – xpt May 18 '19 at 15:22
  • Moreover, regardless how fancy the situation is, with or without that extra OpenPGP Card component, the `gpg-agent --daemon` is still need to be called & started, with or without the extra `--enable-ssh-support` passed on the command-line. However this situation here is that `gpg-agent --daemon` can't even get started. – xpt May 18 '19 at 15:34
  • @karel, if you look closely, you will find that the link you provided is exactly the same as harrymc provided, and all my explanations were why they are not the same. harrymc has since retreated his "possible duplicate" suggestion. – xpt May 18 '19 at 18:14
  • I just ran into the same problem - and to make things worse it's reading secret keys from the wrong folder and I can't figure out why (was hoping to strace it, but this blocks me from doing so), were you able to resolve it? – falstro Apr 02 '20 at 08:40
  • No, falstro, I was so frustrated that I stopped spending more time in it. Good to know that there is more than me having such problem, maybe it is good time to report a bug to gpg. – xpt Apr 02 '20 at 12:24
  • 1
    I was able to solve it by clearing out the unix domain sockets in /var/run - I still don't understand how the gpg agent read from the wrong directory after having killed the process, but clearing the sockets finally made it launch properly and it started reading from the correct folder again. – falstro Apr 08 '20 at 22:15
  • Rebooting solved the issue in my case. – Benjamin Loison May 31 '23 at 20:25

1 Answers1

4

I had the same problem. I think your agent starts somewhat correctly but does not set $SSH_AUTH_SOCK for ssh to find the agent. gpgconf --list-dirs agent-ssh-socket gives you the location of the socket. Depending of your os it could be ~/.gnupg/S.gpg-agent.ssh or /run/user/6666/gnupg/S.gpg-agent.ssh. You can set it with SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)".

You can add the following lines to your .bashrc/.zshrc to start the agent:

eval $(gpg-connect-agent --quiet /bye)
export GPG_TTY=$(tty)
export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"

I hope it helps.

Benjamin Loison
  • 180
  • 5
user1667906
  • 76
  • 6
  • Thanks for the answer! My problem was that neither "gpgconf --kill gpg-agent" nor "kill `pgrep gpg-agent`" could solved the problem. Maybe _"clearing out the unix domain sockets in /var/run"_ (by @falstro) is the answer, but I couldn't verify, as I rebooted my machine. Anyway, I'll accept yours as yours is currently the only answer I get. Thanks w/ +25! – xpt Jul 28 '20 at 16:08
  • 1
    I changed how the agent is started – which is only necessary when used as an ssh-agent. Starting it like this should also rid you of the "not starting"-message. – user1667906 Jul 28 '20 at 16:34