I'm attempting to consolidate my encryption software to GnuPG, and I'm running into a confusing problem.
My primary unit is a headless server, and I exclusively work in tmux. There is no X session, and therefore I've configured gpg-agent to use pinentry-curses. I've configured gpg-agent to be called on login with ssh-agent emulation with this script:
if pgrep -u "${USER}" gpg-agent >/dev/null 2>&1; then
eval `cat $gnupginf`
eval `cut -d= -f1 $gnupginf | xargs echo export`
else
eval `gpg-agent -s --enable-ssh-support --daemon`
fi
I've already added my ssh key to gpg-agent, however when I attempt another ssh session the command hangs.
I've discovered that if I kill gpg-agent and create a new login shell, the agent works as it should (calling pinentry-curses then working like ssh-agent).
If, however, I create another login shell (by, say, popping open another tmux pane) and attempt to ssh, the command hangs and the pinentry-curses window is printed over the contents of the login shell that originally launched the agent.
Further, if I've closed the shell that originally launched the agent, pinentry-curses is called anyway and causes a cpu-crippling infinite loop. (Known bug, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559936.)
In essence, I'd like to know what to change about my setup to make GnuPG agent work as seamlessly as ssh-agent. Thanks for any help!
Best Answer
Turns out this one was incredibly simple. Instead of using that script, I simply removed the "--agents" option from my old keychain launch script (guide here).
This causes the Keychain program to seek out both ssh-agent AND gpg-agent files. Now my encryption system does work quite seamlessly, even while relying on both types of agents.