Fedora and gpg-agent


While it was quite easy to set up my Fellowship smartcard for SSH logins on Debian GNU/Linux following this instructions I never managed to get it working on Fedora GNU/Linux. At some point of time I just gave up. Today finally I found a solution in an on-line forum.

The problem was that gpg-agent always stopped with the error message:

$ gpg-agent
gpg-agent[2857]: can't connect to `/home/schiesbn/.gnupg/S.gpg-agent': No such file or directory
gpg-agent: no gpg-agent running in this session

By default the gpg-agent on Fedora creates the socket in /tmp instead of in /home/schiesbn/.gnupg. So you have to move it manually over to your home directory once gpg-agent has started.

To do this I use this script:

#!/bin/bash
 
# Decide whether to start gpg-agent daemon.
# Create necessary symbolic link in $HOME/.gnupg/S.gpg-agent
 
SOCKET=S.gpg-agent
PIDOF=`pidof gpg-agent`
RETVAL=$?
 
if [ "$RETVAL" -eq 1 ]; then
	echo "Starting gpg-agent daemon."
	eval `gpg-agent --daemon `
else
	echo "Daemon gpg-agent already running."
fi
 
# Nasty way to find gpg-agent's socket file...
GPG_SOCKET_FILE=`find /tmp/gpg-* -name $SOCKET`
echo "Updating socket file link."
cp -fs $GPG_SOCKET_FILE $HOME/.gnupg/S.gpg-agent

To execute this script during log-in I have added this to my ~/.bashrc:

# GPG-AGENT stuff
GET_TTY=`tty`
export $GET_TTY
$HOME/bin/gpg-agent-start.sh

I still wonder why it works that easy on Debian and on Fedora i need all this scripting. But for the moment I’m just happy that I have found a solution to use my smartcard for SSH login on my Fedora systems.

May 12th, 2009 by Björn
Posted in English |
Tags: , , , ,
3 Comments »You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “Fedora and gpg-agent”

  1. Stian Ellingsen says:
    May 13, 2009 at 12:55 am

    –use-standard-socket seems to be what you’re looking for.

    Here’s my setup, not 100 % tested yet:

    Added in ~/.bash_profile:
    GAIFILE=$HOME/.gpg-agent-info
    if test -f “${GAIFILE}” && kill -0 `cut -d: -f 2 “${GAIFILE}”` 2>/dev/null; then
    eval `cat “${GAIFILE}”`
    eval `cut -d= -f 1 /dev/null 2>&1
    ssh $@

    The extra TTY code is necessary when using different consoles (like e.g. Ctrl+Alt+F2)

    Reply
  2. Stian Ellingsen says:
    May 13, 2009 at 12:58 am

    My code broke completely because of worthless comment filtering.

    Reply
  3. Stian Ellingsen says:
    May 13, 2009 at 1:08 am

    I have added a short description about my setup at https://wiki.fsfe.org/Fellows/stiell/fedora_cryptocard_ssh_setup

    Reply

Leave a Reply