Enable SSH access using a GPG key for authentication : The agent has no identities
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
First, you can run ssh-add -L to list your public keys and copy it
manually to the remote host. You can also use ssh-copy-id. From this
perspective, nothing has changed.
But `ssh-add -L` says `The agent has no identities.`
Code:
% ssh-add -L
The agent has no identities.
I have tried
Code:
% eval "$(ssh-agent -s)"
Agent pid 26756
% kill -9 26756
% gpg-connect-agent reloadagent /bye
OK
% systemctl --user restart gpg-agent
% systemctl restart ssh
% systemctl restart sshd
% ssh-add -L
The agent has no identities.
If you see `The agent has no identities`, try the steps to restart the
GPG agent from above.
But running the command has a different error.
Code:
% gpg-agent --daemon --write-env-file ~/.gpg-agent-info --enable-ssh-support
gpg-agent[29055]: WARNING: "--write-env-file" is an obsolete option - it has no effect
gpg-agent: a gpg-agent is already running - not starting a new one
I would back up a step or two. Skimming through the article, it looks like ssh-agent should not be involved at all:
Quote:
"When you use SSH, a program called ssh-agent is used to manage the keys. To use a GPG key, you'll use a similar program, gpg-agent, that manages GPG keys. To get gpg-agent to handle requests from SSH, you need to enable support by adding the line enable-ssh-support to the ~/.gnupg/gpg-agent.conf."
In other words, the SSH_AUTH_SOCK environment variable needs to point to the GPG agent not to the SSH agent as you show above. Since the gpg-agent utility is completely different, the mention of ssh-add -L seems to be based on the assumption that you already had keys in the regular SSH agent. If you did not, then the output will be empty.
However, you still need to get the public keys into the remote system but that is not related to either agent.
PS. Which shell are you using? The tutorial assumes Bash but if you are using Zsh or Fish or Oil then the location of the changes will be different.
Last edited by Turbocapitalist; 12-27-2021 at 01:20 AM.
This is a challenging task because of the possible interference by systemd (if present), and the difficulties that GNUpg2 has with using a pinentry program, combined with hidden or misleading error messages. However, there must be other error messages somewhere, it is a matter of finding where to look for them.
Which distro is this on, including version? The reason for asking is that the distros have different logging and while the error messages might be completely vague or downright misleading, knowing the distro will determine where to look for the error messages.
I am using Linux Mint 20.2 and gpg (GnuPG) 2.2.19. However, the problem is solved. I just had to run `ssh-keygen` before running `gpg --full-generate-key --expert` (even though I am using gpg-agent and not ssh-agent). The primary key only allows `Certify`. Subkey allows `Sign Encrypt Authenticate`. Manually writing to ~/.gnupg/sshcontrol and ~/.gnupg/gpg-agent.conf did not work. I had to `enable-ssh-support >> ~/.gnupg/gpg-agent.conf` and `echo 1D9DB03A60DDD3274E34DDDE511CEFF294E5AF8E >> ~/.gnupg/sshcontrol`. Not sure why this weird behavior. But this is what I needed to do to get it working.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.