不能将gpg-agent用作ssh代理 [英] can't use gpg-agent as an ssh agent
问题描述
我一直试图让gpg-agent充当ssh代理,但是没有任何运气.我正在运行Linux Mint(Sarah)的KDE版本.
I've been trying to get gpg-agent to work as an ssh agent, but without any luck. I'm running the KDE version of Linux Mint (Sarah).
首先,我在/etc/X11/Xsession.options中禁用了内置的ssh代理:
First, I disabled the built-in ssh agent in /etc/X11/Xsession.options:
# $Id: Xsession.options 189 2005-06-11 00:04:27Z branden $
#
# configuration options for /etc/X11/Xsession
# See Xsession.options(5) for an explanation of the available options.
allow-failsafe
allow-user-resources
allow-user-xsession
#use-ssh-agent
use-session-dbus
然后,我在gpg-agent中启用了ssh-agent支持:
Then, I enabled the ssh-agent support in gpg-agent:
> $ cat ~/.gnupg/gpg-agent.conf
enable-ssh-support
这时,我重新启动计算机,并检查了环境变量:
At this point I restarted my pc, and checked my environment variables:
> $ echo $GPG_AGENT_INFO
/home/jeroen/.gnupg/S.gpg-agent:0:1
> $ echo $SSH_AUTH_SOCK
/home/jeroen/.gnupg/S.gpg-agent.ssh
只需确保没有其他代理正在运行:
Just to be sure no other agents are running:
> $ ps aux | grep agent
jeroen 5072 0.0 0.0 282604 764 ? Ss Nov24 0:15 /usr/bin/gpg-agent --daemon
jeroen 5265 0.0 0.1 697044 29032 ? Sl Nov24 0:01 /usr/lib/x86_64-linux-gnu/libexec/polkit-kde-authentication-agent-1
jeroen 9574 0.0 0.0 130292 1016 pts/6 S+ 12:15 0:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn agent
到目前为止,一切看起来都不错.因此,让我们看一下我的gpg键:
So far, everything looks good. So let's take a look at my gpg keys:
pub rsa2048/03AB1CB5 2015-06-12 [SC]
uid [ultimate] Jeroen Jacobs <jeroen.jacobs@REDACTED.be>
uid [ultimate] Jeroen Jacobs <jeroen.jacobs@REDACTED.be>
sub rsa2048/014F9774 2015-06-12 [E]
sub rsa2048/0FEF1A6F 2017-11-23 [A]
如您所见,存在一个身份验证子项.确定gpg-agent会选择这个,对吗?
As you can see, an authentication subkey is present. sure gpg-agent would have picked this up, right?
ssh-add -l
The agent has no identities.
好吧,这还没有...已经重新启动了我的电脑,但没有任何影响.我已经阅读了几乎所有关于该主题的教程,并且我认为本书已经完成了所有工作,但是我无法使其正常工作.
Well, it doesn't... Already rebooted my pc again, but doesn't make a difference. I've reading almost any tutorial on the topic, and I think I did everything by the book, but I can't get it to work.
仅在需要时使用gpg2和gpg-agent的版本:
Just in case you need it, the versions of gpg2 and gpg-agent:
> $ gpg2 --version
gpg (GnuPG) 2.1.11
libgcrypt 1.6.5
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
> $ gpg-agent --version
gpg-agent (GnuPG) 2.1.11
libgcrypt 1.6.5
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
推荐答案
将身份验证子项的密钥夹附加到~/.gnupg/sshcontrol文件中.
gpg -K --with-keygrip是列出所有秘密密钥及其密钥夹的命令.
gpg -K --with-keygrip is the command which lists all the secret keys with their keygrips.
这篇关于不能将gpg-agent用作ssh代理的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
