Xfce Forum

Sub domains
 

You are not logged in.

#1 2020-04-20 20:53:57

kuraga
Member
From: Moscow
Registered: 2020-04-20
Posts: 9

Using ssh-agent + gpg-agent + XFCE: keys from GnuPG

I'm trying to use keys from GnuPG (gpg-agent) for SSH/SFTP.

(Used https://opensource.com/article/19/4/gpg-subkeys-ssh.)

For implementing this in Bash, I have in ${HOME}/.bashrc:

export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
gpgconf --launch gpg-agent

and in ${HOME}/.gnupg/gpg-agent.conf:

enable-ssh-support

For Bash, via ssh command, it works: it uses keys from GnuPG.

How do I implement it for Thunar's SFTP?

I use Calculate Linux (Gentoo) and XFCE.

Offline

#2 2020-04-20 22:08:14

eriefisher
Member
From: ON, Canada
Registered: 2008-10-25
Posts: 395

Re: Using ssh-agent + gpg-agent + XFCE: keys from GnuPG


Siduction
Debian Sid
Xfce 4.18

Offline

#3 2020-04-20 22:16:33

ToZ
Administrator
From: Canada
Registered: 2011-06-02
Posts: 10,949

Re: Using ssh-agent + gpg-agent + XFCE: keys from GnuPG

Hello and welcome.

Thunar works for me out of the box once the keys are set up. On the client, I create my key pair, copy my public key to the server's authorized keys list, and viola. The default gpg-agent is running in Xfce (xfce4-session will start it if gnupg is installed).


Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki  |  Community | Contribute ---

Offline

#4 2020-04-22 12:34:50

kuraga
Member
From: Moscow
Registered: 2020-04-20
Posts: 9

Re: Using ssh-agent + gpg-agent + XFCE: keys from GnuPG

Who does start `gpg-agent`? It's started and logs to `${HOME}/.xsession-errors`. But where is it started? I see nothing about it in "Sessions & Startup" XFCE's Settings?

Offline

#5 2020-04-22 18:28:56

ToZ
Administrator
From: Canada
Registered: 2011-06-02
Posts: 10,949

Re: Using ssh-agent + gpg-agent + XFCE: keys from GnuPG


Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki  |  Community | Contribute ---

Offline

#6 2020-04-23 11:06:56

kuraga
Member
From: Moscow
Registered: 2020-04-20
Posts: 9

Re: Using ssh-agent + gpg-agent + XFCE: keys from GnuPG

Ok, thanks! But could it be someone else? Because:

$ xfconf-query -c xfce4-session -p "/startup/ssh-agent/enabled"
false
$ xfconf-query -c xfce4-session -p "/startup/gpg-agent/enabled"
false

but

$ pstree -a | grep gpg
  |-gpg-agent --homedir /home/sasha/.gnupg --use-standard-socket --daemon

(And arguments differ from hardcoded.)

Offline

#7 2020-04-23 11:25:02

ToZ
Administrator
From: Canada
Registered: 2011-06-02
Posts: 10,949

Re: Using ssh-agent + gpg-agent + XFCE: keys from GnuPG

Interesting. Investigating further...

$ pstree -a | grep gpg
  |   |-gpg-agent --supervised
$ systemctl --user status gpg-agent.service 
● gpg-agent.service - GnuPG cryptographic agent and passphrase cache
     Loaded: loaded (/usr/lib/systemd/user/gpg-agent.service; static; vendor pr>
     Active: active (running) since Tue 2020-04-21 20:19:02 EDT; 1 day 10h ago
TriggeredBy: ● gpg-agent.socket
             ● gpg-agent-ssh.socket
             ● gpg-agent-extra.socket
             ● gpg-agent-browser.socket
       Docs: man:gpg-agent(1)
   Main PID: 784 (gpg-agent)
     CGroup: /user.slice/user-1000.slice/user@1000.service/gpg-agent.service
             └─784 /usr/bin/gpg-agent --supervised
$ cat /usr/lib/systemd/user/gpg-agent.service 
[Unit]
Description=GnuPG cryptographic agent and passphrase cache
Documentation=man:gpg-agent(1)
Requires=gpg-agent.socket

[Service]
ExecStart=/usr/bin/gpg-agent --supervised
ExecReload=/usr/bin/gpgconf --reload gpg-agent

So on my system (arch) it is started by a user-based systemd service installed by the gnupg package. Do you have something similar in gentoo?


Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki  |  Community | Contribute ---

Offline

#8 2020-04-23 12:16:07

kuraga
Member
From: Moscow
Registered: 2020-04-20
Posts: 9

Re: Using ssh-agent + gpg-agent + XFCE: keys from GnuPG

Hm. I'm an idiot. I saw it via htop via bash. And as I wrote above, I've written down start of gpg-agent in ${HOME}/.bashrc.

Offline

#9 2020-04-23 12:51:45

kuraga
Member
From: Moscow
Registered: 2020-04-20
Posts: 9

Re: Using ssh-agent + gpg-agent + XFCE: keys from GnuPG

Well, then go to the start.

In bash:

  1. I start gpg-agent.

  2. ssh host then uses GnuPG keys.

  3. I kill Thunar and then start it.

  4. It doesn't use GnuPG keys...

Hm...

Offline

#10 2020-04-23 21:47:38

ToZ
Administrator
From: Canada
Registered: 2011-06-02
Posts: 10,949

Re: Using ssh-agent + gpg-agent + XFCE: keys from GnuPG

kuraga wrote:

[*]I start gpg-agent.[/*]

What happens if you don't? Does a version (the systemd service) one start automatically instead? And if so, does it work with thunar?


Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki  |  Community | Contribute ---

Offline

#11 2020-04-24 08:21:51

kuraga
Member
From: Moscow
Registered: 2020-04-20
Posts: 9

Re: Using ssh-agent + gpg-agent + XFCE: keys from GnuPG

Before I start gpg-agent:

  1. Nobody except XFCE-hardcoded starts gpg-agent on my system.

  2. ssh uses GnuPG if and only if gpg-agent is started (no matter, who started it; but I think enable-ssh-support setting is needed).

  3. Thunar never use GnuPG keys.

Thanks!

Offline

#12 2020-04-24 10:47:08

ToZ
Administrator
From: Canada
Registered: 2011-06-02
Posts: 10,949

Re: Using ssh-agent + gpg-agent + XFCE: keys from GnuPG

I'm not sure what to say. I downloaded the calculate linux xfce iso and fired it up in a VM.

With no config changes, I created and copied over a key (no passphrase):

$ ssh-keygen -t rsa
$ ssh-copy-id toz@10.0.2.2

...and was able to connect via "ssh toz@10.0.2.2" and via thunar with "sftp://toz@10.0.2.2" with no problem and no passwords required.

Do you get any error messages in ~/.xsession-errors when you try with thunar?


Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki  |  Community | Contribute ---

Offline

#13 2020-04-24 10:50:59

kuraga
Member
From: Moscow
Registered: 2020-04-20
Posts: 9

Re: Using ssh-agent + gpg-agent + XFCE: keys from GnuPG

You say about SSH keys. They work for Thunar.

GnuPG keys don't.

I'm willing to write to Thunar's Bugzilla.

Offline

#14 2020-04-24 12:49:26

eriefisher
Member
From: ON, Canada
Registered: 2008-10-25
Posts: 395

Re: Using ssh-agent + gpg-agent + XFCE: keys from GnuPG

As I understand it ssh keys and GPG keys are two different things for two different purposes.

ssh keys provide a "secret handshake" to authorize a connection between you and the server.
Gnupg keys are used to verify an item such as a download or a message or can be used to unlock an encrypted message etc.

I don't know if you can use one in place of the other or if this would even be a good idea.


Siduction
Debian Sid
Xfce 4.18

Offline

#15 2020-04-27 08:02:51

kuraga
Member
From: Moscow
Registered: 2020-04-20
Posts: 9

Re: Using ssh-agent + gpg-agent + XFCE: keys from GnuPG

eriefisher wrote:

As I understand it ssh keys and GPG keys are two different things for two different purposes.

No and yes. Keys' purposes are the same. But:

eriefisher wrote:

ssh keys provide a "secret handshake" to authorize a connection between you and the server.
Gnupg keys are used to verify an item such as a download or a message or can be used to unlock an encrypted message etc.

I don't know if you can use one in place of the other or if this would even be a good idea.

No. ssh-agent and gpg-agent are just "keyrings" here. They store RSA, DSA, etc. public and private keys, both.

Last edited by kuraga (2020-04-27 08:08:20)

Offline

#16 2020-04-27 08:03:57

kuraga
Member
From: Moscow
Registered: 2020-04-20
Posts: 9

Re: Using ssh-agent + gpg-agent + XFCE: keys from GnuPG

I've started an issue on XFCE's bugzilla: https://bugzilla.xfce.org/show_bug.cgi?id=16758

Offline

Board footer

Powered by FluxBB