when using gpg
with gpg-agent
, following sockets are created in my ~/.gnupg
directory:
S.gpg-agent
S.gpg-agent.browser
S.gpg-agent.extra
S.gpg-agent.ssh
I assume, S.gpg-agent
is the standard gpg-agent
socket. But what are the others for?
I am not using gpg with ssh, or gpg with browser.
Where is it configured, that these are created automatically?
Can I disable them ?
I only need the standard S.gpg-agent
I am using gnupg 2.2.12
on Debian Buster.
Best Answer
The
gpg-agent
can have multiple personalities and deliver different services.For example, you can stop having
ssh-agent
running on your box, and usegpg-agent
as a drop in replacement... as long as you use the proper socket,S.gpg-agent.ssh
because it has to implement the proper protocolssh
is expecting to discuss. Why could be that useful? For example, until very recently,ssh
was not able to use keys stored in FIDO2/U2F (like Yubikeys), this was only added in 8.2 released not long ago, which then makes things dead simple as explained in https://blog.snapdragon.cc/2020/02/23/direct-fido2-u2f-support-in-openssh-8-2-on-macos/Before that,
gpg-agent
would be used, becausegpg
has support for the U2F thing as handled like a smartcard. This is one of the canonical documentation on how to do that: https://florin.myip.org/blog/easy-multifactor-authentication-ssh-using-yubikey-neo-tokensNow back to
gpg-agent
, its full manual is at https://www.gnupg.org/documentation/manuals/gnupg/Invoking-GPG_002dAGENT.html#Invoking-GPG_002dAGENTYou can find all options at https://www.gnupg.org/documentation/manuals/gnupg/Agent-Options.html#Agent-Options which can be put in a configuration file, typically
~/.gnupg/gpg-agent.conf
We can learn for example:
.extra
one, we can learn both how to disable it and what it is used for:.ssh
one:So there is no harm in having them even if you don't use them. If you really want to make sure they are not there, you can try to put the following in a gpg-agent configuration file:
I did not test that, the documentation does not speak about
browser-socket
but this older question does: https://askubuntu.com/questions/777900/how-to-configure-gnupgs-s-gpg-agent-socket-location