Hi I am using Arch Linux and gpg (GnuPG) 2.2.27. Trying to do a ssh-support with gpg, This i used along with git ssh public key authetication. For that i created a pubic key from gpg. The command i used is explain below. But when i do git push i am getting error. All the setup and error explain below.
Not getting what exactly i am missing. I gone through blog. and tried troubleshoot, not getting exactly what i am missing
For that i did below changes.
I use xdg directory specification for folder structures.
using the environment.d folder in ~/.config to load all the environment variables for my systemd process.
Attaching the environment variables below.
#GPG_TTY=$(tty)
GPG_TTY=/dev/pts/0
TERM=linux
#PATH="$(/usr/bin/du -L --exclude=.idea --exclude=archive --exclude=__pycache__ $HOME/.local/bin/vbin| /usr/bin/cut -f2 | /usr/bin/tr 'n' ':')$PATH"
PATH="$HOME/.local/bin/vbin/bspwm:/$HOME/.local/bin/vbin:$PATH"
PATH=$PATH:$HOME/.local/share/npm/bin:$HOME/.local/bin/net.downloadhelper.coapp-1.3.0/bin:$HOME/.local/bin
# default programs:
EDITOR="emsc"
VISUAL="${EDITOR}"
TERMINAL="st"
BROWSER="firefox"
FILE="lf"
STATUSBAR="polybar"
#Other program settings
VCONFIG=${HOME}/.config/vconfig
VBIN=${HOME}/.local/bin/vbin
SUDO_ASKPASS=${VBIN}/dmenupass
ORGPATH=${HOME}/Org
#XDG CONFIG MOVEMENTS
XDG_CONFIG_HOME=${HOME}/.config
XDG_DATA_HOME=${HOME}/.local/share
XDG_CACHE_HOME=${HOME}/.cache
GNUPGHOME=${XDG_DATA_HOME}/gnupg
IPYTHONDIR=${XDG_CONFIG_HOME}/jupyter
JUPYTER_CONFIG_DIR=${XDG_CONFIG_HOME}/jupyter
ZDOTDIR=${XDG_CONFIG_HOME}/.config/zsh
NPM_CONFIG_USERCONFIG=$XDG_CONFIG_HOME/npm/config
LESSKEY=${XDG_CONFIG_HOME}/less/lesskey
GTK2_RC_FILES=${XDG_CONFIG_HOME}/gtk-2.0/gtkrc
_JAVA_OPTIONS=-Djava.util.prefs.userRoot=${XDG_CONFIG_HOME}/java
ANDROID_SDK_HOME=${XDG_CONFIG_HOME}/android
ADB_VENDOR_KEY=${XDG_CONFIG_HOME}/android
WINEPREFIX=${XDG_DATA_HOME}/wineprefixes/default
HISTFILE=${XDG_DATA_HOME}/zsh/history
_Z_DATA=${XDG_DATA_HOME}/.z
GOPATH=${XDG_DATA_HOME}/go
GNUPGHOME=${XDG_DATA_HOME}/gnupg
PASSWORD_STORE_DIR=${XDG_DATA_HOME}/pass
VSCODE_PORTABLE=${XDG_DATA_HOME}/vscode
ANDROID_AVD_HOME=${XDG_DATA_HOME}/android
ANDROID_EMULATOR_HOME=${XDG_DATA_HOME}/android
NUGET_PACKAGES=${XDG_CACHE_HOME}/NuGetPackages
PYLINTHOME=${XDG_CACHE_HOME}/pylint
LESSHISTFILE=${XDG_CACHE_HOME}/less/history
CUDA_CACHE_PATH=${XDG_CACHE_HOME}/nv
SSH_AUTH_SOCK="${XDG_RUNTIME_DIR}/gnupg/S.gpg-agent.ssh"
CM_SELECTIONS="clipboard"
CM_DEBUG=0
CM_OUTPUT_CLIP=0
CM_MAX_CLIPS=100
CM_LAUNCHER="rofi"
ANDROID_ADB_SERVER_PORT=8080
LF_ICONS="
di=:
fi=:
ln=:
or=:
ex=:
*.c=:
*.cc=:
*.clj=:
*.coffee=:
*.cpp=:
*.css=:
*.d=:
*.dart=:
*.erl=:
*.exs=:
*.fs=:
*.go=:
*.h=:
*.hh=:
*.hpp=:
*.hs=:
*.html=:
*.java=:
*.jl=:
*.js=:
*.json=:
*.lua=:
*.md=:
*.php=:
*.pl=:
*.pro=:
*.py=:
*.rb=:
*.rs=:
*.scala=:
*.ts=:
*.vim=:
*.cmd=:
*.ps1=:
*.sh=:
*.bash=:
*.zsh=:
*.fish=:
*.tar=:
*.tgz=:
*.arc=:
*.arj=:
*.taz=:
*.lha=:
*.lz4=:
*.lzh=:
*.lzma=:
*.tlz=:
*.txz=:
*.tzo=:
*.t7z=:
*.zip=:
*.z=:
*.dz=:
*.gz=:
*.lrz=:
*.lz=:
*.lzo=:
*.xz=:
*.zst=:
*.tzst=:
*.bz2=:
*.bz=:
*.tbz=:
*.tbz2=:
*.tz=:
*.deb=:
*.rpm=:
*.jar=:
*.war=:
*.ear=:
*.sar=:
*.rar=:
*.alz=:
*.ace=:
*.zoo=:
*.cpio=:
*.7z=:
*.rz=:
*.cab=:
*.wim=:
*.swm=:
*.dwm=:
*.esd=:
*.jpg=:
*.jpeg=:
*.mjpg=:
*.mjpeg=:
*.gif=:
*.bmp=:
*.pbm=:
*.pgm=:
*.ppm=:
*.tga=:
*.xbm=:
*.xpm=:
*.tif=:
*.tiff=:
*.png=:
*.svg=:
*.svgz=:
*.mng=:
*.pcx=:
*.mov=:
*.mpg=:
*.mpeg=:
*.m2v=:
*.mkv=:
*.webm=:
*.ogm=:
*.mp4=:
*.m4v=:
*.mp4v=:
*.vob=:
*.qt=:
*.nuv=:
*.wmv=:
*.asf=:
*.rm=:
*.rmvb=:
*.flc=:
*.avi=:
*.fli=:
*.flv=:
*.gl=:
*.dl=:
*.xcf=:
*.xwd=:
*.yuv=:
*.cgm=:
*.emf=:
*.ogv=:
*.ogx=:
*.aac=:
*.au=:
*.flac=:
*.m4a=:
*.mid=:
*.midi=:
*.mka=:
*.mp3=:
*.mpc=:
*.ogg=:
*.ra=:
*.wav=:
*.oga=:
*.opus=:
*.spx=:
*.xspf=:
*.pdf=:
*.nix=:
"
In the above environment setting , i set the GNUPGHOME=${XDG_DATA_HOME}/gnupg
permision on my GNUPGHOME
total 84K
drwx------ 2 vipin vipin 4.0K Nov 8 18:50 openpgp-revocs.d
drwx------ 2 vipin vipin 4.0K Mar 4 00:22 private-keys-v1.d
-rw------- 1 vipin vipin 105 Mar 5 10:10 gpg-agent.conf
-rw-r--r-- 1 vipin vipin 16K Mar 4 00:23 pubring.kbx
-rw-r--r-- 1 vipin vipin 41 Mar 4 00:41 sshcontrol
-rw-r--r-- 1 vipin vipin 48K Mar 4 00:23 tofu.db
-rw------- 1 vipin vipin 1.3K Nov 8 18:50 trustdb.gpg
The /home/vipin/.local/share/gnupg/gpg-agent.conf file contain below information.
default-cache-ttl 240
enable-ssh-support
pinentry-program /usr/bin/pinentry-gtk-2
pinentry-mode loopback
Pinentry program files and permission
-rwxr-xr-x 1 root root 122 Nov 13 2019 /usr/bin/pinentry
-rwxr-xr-x 1 root root 71K Nov 13 2019 /usr/bin/pinentry-curses
-rwxr-xr-x 1 root root 63K Nov 13 2019 /usr/bin/pinentry-emacs
-rwxr-xr-x 1 root root 79K Nov 13 2019 /usr/bin/pinentry-gnome3
-rwxr-xr-x 1 root root 91K Nov 13 2019 /usr/bin/pinentry-gtk-2
-rwxr-xr-x 1 root root 127K Nov 13 2019 /usr/bin/pinentry-qt
-rwxr-xr-x 1 root root 67K Nov 13 2019 /usr/bin/pinentry-tty
SSH socket, added in the environment variable.
SSH_AUTH_SOCK="${XDG_RUNTIME_DIR}/gnupg/S.gpg-agent.ssh"
System service at /home/vipin/.local/share/systemd/user/ and using socket activation to start gpg-agent.service
gpg-agent-browser.socket
gpg-agent.socket
gpg-agent-extra.socket
gpg-agent-ssh.socket
gpg-agent.service
gpg-agent.service
(Unit)
Description=GnuPG cryptographic agent and passphrase cache
Documentation=man:gpg-agent(1)
Requires=gpg-agent.socket
(Service)
ExecStart=/usr/bin/gpg-agent --supervised --enable-ssh-support
ExecReload=/usr/bin/gpgconf --reload gpg-agent
gpg-agent.socket
(Unit)
Description=GnuPG cryptographic agent and passphrase cache
Documentation=man:gpg-agent(1)
(Socket)
ListenStream=%t/gnupg/S.gpg-agent
FileDescriptorName=std
SocketMode=0600
DirectoryMode=0700
(Install)
WantedBy=sockets.target
gpg-agent-ssh.socket
(Unit)
Description=GnuPG cryptographic agent (ssh-agent emulation)
Documentation=man:gpg-agent(1) man:ssh-add(1) man:ssh-agent(1) man:ssh(1)
(Socket)
ListenStream=%t/gnupg/S.gpg-agent.ssh
FileDescriptorName=ssh
Service=gpg-agent.service
SocketMode=0600
DirectoryMode=0700
(Install)
WantedBy=sockets.target
gpg-agent-extra.socket
(Unit)
Description=GnuPG cryptographic agent and passphrase cache (restricted)
Documentation=man:gpg-agent(1)
(Socket)
ListenStream=%t/gnupg/S.gpg-agent.extra
FileDescriptorName=extra
Service=gpg-agent.service
SocketMode=0600
DirectoryMode=0700
(Install)
WantedBy=sockets.target
gpg-agent-browser.socket
(Unit)
Description=GnuPG cryptographic agent and passphrase cache (access for web browsers)
Documentation=man:gpg-agent(1)
(Socket)
ListenStream=%t/gnupg/S.gpg-agent.browser
FileDescriptorName=browser
Service=gpg-agent.service
SocketMode=0600
DirectoryMode=0700
(Install)
WantedBy=sockets.target
After configuring above setting i did a new sub-key in gpg for authenication
Then executed the command and created sshcontrol at /home/vipin/.local/share/gnupg/
gpg --list-keys --with-keygrip
when execute systemctl –user status gpg-agent i can see some error getting trigger
gpg-agent.service - GnuPG cryptographic agent and passphrase cache
Loaded: loaded (/home/vipin/.local/share/systemd/user/gpg-agent.service; static)
Active: inactive (dead) since Fri 2021-03-05 11:06:16 IST; 50min ago
TriggeredBy: ● gpg-agent-ssh.socket
● gpg-agent-extra.socket
● gpg-agent-browser.socket
● gpg-agent.socket
Docs: man:gpg-agent(1)
Process: 7731 ExecStart=/usr/bin/gpg-agent --supervised --enable-ssh-support (code=exited, status=0/SUCCESS)
Main PID: 7731 (code=exited, status=0/SUCCESS)
Mar 05 11:05:07 vipin-pc gpg-agent(7731): listening on: std=6 extra=4 browser=5 ssh=3
Mar 05 11:05:07 vipin-pc gpg-agent(7733): scdaemon(7733): pcsc_establish_context failed: no service (0x8010001d)
Mar 05 11:05:07 vipin-pc gpg-agent(7731): failed to unprotect the secret key: Inappropriate ioctl for device
Mar 05 11:05:07 vipin-pc gpg-agent(7731): failed to read the secret key
Mar 05 11:05:07 vipin-pc gpg-agent(7731): ssh sign request failed: Inappropriate ioctl for device <Pinentry>
Mar 05 11:06:11 vipin-pc gpg-agent(7731): can't connect my own socket: IPC connect call failed
Mar 05 11:06:11 vipin-pc gpg-agent(7731): this process is useless - shutting down
Mar 05 11:06:16 vipin-pc gpg-agent(7731): gpg-agent (GnuPG) 2.2.27 stopped
Mar 05 11:06:16 vipin-pc gpg-agent(7733): scdaemon(7733): scdaemon (GnuPG) 2.2.27 stopped
Mar 05 11:06:16 vipin-pc systemd(573): gpg-agent.service: Succeeded.
But when I tried to do ssh-add -l . I can see connection
4096 SHA256: (none) (RSA) /0.0s
I also did ps -eaf |grep gpg-agent I can see gpg-agent using socket activation.
vipin 12147 573 0 12:00 ? 00:00:00 /usr/bin/gpg-agent --supervised --enable-ssh-support
When I tried to gpg –export-ssh-key VipinBalakrishnan. I am able to see the public key exported.
I used above public key in azuredev apps. So that I can used SSH-
key to authenticate.
After configuring everything. When i tried to
git push
Getting below error
sign_and_send_pubkey: signing failed for RSA "(none)" from agent: agent refused operation
remote: Public key authentication failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
I gone through the Arch wiki link https://wiki.archlinux.org/index.php/GnuPG
I gone through the troubleshoot section. But not getting any clue.
Some blog told it is not identify the tty. For that i executed
export GPG_TTY=$(tty)
gpg-connect-agent updatestartuptty /bye >/dev/null
Output
gpg-connect-agent: no running gpg-agent - starting '/usr/bin/gpg-agent'
gpg-connect-agent: waiting for the agent to come up ... (5s)
gpg-connect-agent: connection to agent established
But the above command create different process of gpg-agent without supervised mode. It is pursing daemon. And the socket will be different.
When i do
ps -eaf |grep gpg-agent I can see it is in daemon mode.
vipin 13327 1 0 12:52 ? 00:00:00 gpg-agent --homedir /home/vipin/.local/share/gnupg --use-standard-socket --daemon