gpg-agent mysteriously stopped working - agent on remote system no longer connecting to ssh socket [closed]

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












I am using a yubikey nano on my local system to do encrypt/decrypt/sign on remote systems, plus SSH agent forwarding. I recall this being a bear to setup, but it has worked flawlessly for several months now. Suddenly it broke. My searches all return the same links I read when I set it up, but I am stuck.



SSH agent forwarding inexplicably works. Remote system shows this:



REMOTE:$ ssh-add -L
ssh-rsa blahblah cardno:123


I can login to other servers using SSH from the remote system and it uses the nano for auth (I know this because it requires touch to enable agent signing). I can see logs about the SSH signing in the gpg-agent log on the local system.



However, I can't get GPG sign/encrypt to work at all. If I run the following on the remote system:



REMOTE:$ echo "$(uname -a)" | gpg2 --armor --clearsign --default-key 0x1234
gpg: all values passed to '--default-key' ignored
gpg: no default secret key: No secret key
gpg: [stdin]: clearsign failed: No secret key


In the local gpg-agent log I see no logs about the attempt. If I run this command, I can see log entries in the local gpg-agent log:



REMOTE:$ $ netcat -U /home/user/.gnupg/S.gpg-agent
OK Pleased to meet you
RESET
OK
GETINFO PID
ERR 67109115 Forbidden <GPG Agent>
POOP
ERR 67109139 Unknown IPC command <GPG Agent>


Which results in these logs in the local agent:



2018-01-05 16:38:32 gpg-agent[865] DBG: chan_10 -> OK Pleased to meet you
2018-01-05 16:38:35 gpg-agent[865] DBG: chan_10 <- RESET
2018-01-05 16:38:35 gpg-agent[865] DBG: chan_10 -> OK
2018-01-05 16:38:45 gpg-agent[865] DBG: chan_10 <- GETINFO PID
2018-01-05 16:38:45 gpg-agent[865] DBG: chan_10 -> ERR 67109115 Forbidden <GPG Agent>
2018-01-05 16:39:01 gpg-agent[865] DBG: chan_10 <- POOP
2018-01-05 16:39:01 gpg-agent[865] DBG: chan_10 -> ERR 67109139 Unknown IPC command <GPG Agent>


If I run strace -f -F on gpg-connect-agent on the remote system, it seems to be connecting to a socket in /var/run, but not the one forwarded from the local system in ~/.gnupg/. I have tried removing both sockets, killing all gpg-agent processes and changed the SSH remote forward to go to either the /var/run location or the ~/.gnupg location to no avail. It is possible I screwed these steps up and I will try them again, but I want to know if someone knows the answer, and I would like to have an easy to find post for the next time this breaks.



LOCAL SYSTEM:



Mac OS X 10.11.6
gpg installed with brew
gpg (GnuPG) 2.2.1
libgcrypt 1.8.1


REMOTE SYSTEM:



ubuntu 17.10
gpg (GnuPG) 2.1.15
libgcrypt 1.7.8


EDIT:
Ok, no idea what changed, but I left it alone for a bit and came back and tried to switch the socket again and it now works:



REMOTE:$ $ echo "$(uname -a)" | strace -f -F gpg2 --armor --clearsign --default-key 0x1234
...
a bunch of garbage
...
stat("/run/user/1000/gnupg/S.gpg-agent", st_mode=S_IFSOCK) = 0
socket(AF_UNIX, SOCK_STREAM, 0) = 5


Changing my SSH remote forward to this new location worked. I swear I tried this earlier using the socket path provided by gpgconf --list-dir agent-ssh-socket, without any luck. Probably forgot to kill the existing agent. And by happenstance, I just chanced upon a blogpost reporting that this changed:
https://blog.kylemanna.com/linux/gpg-213-ssh-agent-socket-moved/




linux ssh osx gpg-agent yubikey




share|improve this question














closed as off-topic by B Layer, G-Man, Jeff Schaller, George Vasiliou, jimmij Jan 6 at 14:50


This question appears to be off-topic. The users who voted to close gave this specific reason:


  • "Questions describing a problem that can't be reproduced and seemingly went away on its own (or went away when a typo was fixed) are off-topic as they are unlikely to help future readers." – B Layer, G-Man, Jeff Schaller, George Vasiliou, jimmij
If this question can be reworded to fit the rules in the help center, please edit the question.












  • I found the solution. I don't seem to have enough fake internet points to do anything further. Should I just delete the question? It has enough debugging pointers that it might be of use to someone in the future.
    – lopass
    Jan 6 at 4:06










  • I put it up for a close vote.
    – B Layer
    Jan 6 at 4:17














up vote
1
down vote

favorite












I am using a yubikey nano on my local system to do encrypt/decrypt/sign on remote systems, plus SSH agent forwarding. I recall this being a bear to setup, but it has worked flawlessly for several months now. Suddenly it broke. My searches all return the same links I read when I set it up, but I am stuck.



SSH agent forwarding inexplicably works. Remote system shows this:



REMOTE:$ ssh-add -L
ssh-rsa blahblah cardno:123


I can login to other servers using SSH from the remote system and it uses the nano for auth (I know this because it requires touch to enable agent signing). I can see logs about the SSH signing in the gpg-agent log on the local system.



However, I can't get GPG sign/encrypt to work at all. If I run the following on the remote system:



REMOTE:$ echo "$(uname -a)" | gpg2 --armor --clearsign --default-key 0x1234
gpg: all values passed to '--default-key' ignored
gpg: no default secret key: No secret key
gpg: [stdin]: clearsign failed: No secret key


In the local gpg-agent log I see no logs about the attempt. If I run this command, I can see log entries in the local gpg-agent log:



REMOTE:$ $ netcat -U /home/user/.gnupg/S.gpg-agent
OK Pleased to meet you
RESET
OK
GETINFO PID
ERR 67109115 Forbidden <GPG Agent>
POOP
ERR 67109139 Unknown IPC command <GPG Agent>


Which results in these logs in the local agent:



2018-01-05 16:38:32 gpg-agent[865] DBG: chan_10 -> OK Pleased to meet you
2018-01-05 16:38:35 gpg-agent[865] DBG: chan_10 <- RESET
2018-01-05 16:38:35 gpg-agent[865] DBG: chan_10 -> OK
2018-01-05 16:38:45 gpg-agent[865] DBG: chan_10 <- GETINFO PID
2018-01-05 16:38:45 gpg-agent[865] DBG: chan_10 -> ERR 67109115 Forbidden <GPG Agent>
2018-01-05 16:39:01 gpg-agent[865] DBG: chan_10 <- POOP
2018-01-05 16:39:01 gpg-agent[865] DBG: chan_10 -> ERR 67109139 Unknown IPC command <GPG Agent>


If I run strace -f -F on gpg-connect-agent on the remote system, it seems to be connecting to a socket in /var/run, but not the one forwarded from the local system in ~/.gnupg/. I have tried removing both sockets, killing all gpg-agent processes and changed the SSH remote forward to go to either the /var/run location or the ~/.gnupg location to no avail. It is possible I screwed these steps up and I will try them again, but I want to know if someone knows the answer, and I would like to have an easy to find post for the next time this breaks.



LOCAL SYSTEM:



Mac OS X 10.11.6
gpg installed with brew
gpg (GnuPG) 2.2.1
libgcrypt 1.8.1


REMOTE SYSTEM:



ubuntu 17.10
gpg (GnuPG) 2.1.15
libgcrypt 1.7.8


EDIT:
Ok, no idea what changed, but I left it alone for a bit and came back and tried to switch the socket again and it now works:



REMOTE:$ $ echo "$(uname -a)" | strace -f -F gpg2 --armor --clearsign --default-key 0x1234
...
a bunch of garbage
...
stat("/run/user/1000/gnupg/S.gpg-agent", st_mode=S_IFSOCK) = 0
socket(AF_UNIX, SOCK_STREAM, 0) = 5


Changing my SSH remote forward to this new location worked. I swear I tried this earlier using the socket path provided by gpgconf --list-dir agent-ssh-socket, without any luck. Probably forgot to kill the existing agent. And by happenstance, I just chanced upon a blogpost reporting that this changed:
https://blog.kylemanna.com/linux/gpg-213-ssh-agent-socket-moved/




linux ssh osx gpg-agent yubikey




share|improve this question














closed as off-topic by B Layer, G-Man, Jeff Schaller, George Vasiliou, jimmij Jan 6 at 14:50


This question appears to be off-topic. The users who voted to close gave this specific reason:


  • "Questions describing a problem that can't be reproduced and seemingly went away on its own (or went away when a typo was fixed) are off-topic as they are unlikely to help future readers." – B Layer, G-Man, Jeff Schaller, George Vasiliou, jimmij
If this question can be reworded to fit the rules in the help center, please edit the question.












  • I found the solution. I don't seem to have enough fake internet points to do anything further. Should I just delete the question? It has enough debugging pointers that it might be of use to someone in the future.
    – lopass
    Jan 6 at 4:06










  • I put it up for a close vote.
    – B Layer
    Jan 6 at 4:17












up vote
1
down vote

favorite









up vote
1
down vote

favorite











I am using a yubikey nano on my local system to do encrypt/decrypt/sign on remote systems, plus SSH agent forwarding. I recall this being a bear to setup, but it has worked flawlessly for several months now. Suddenly it broke. My searches all return the same links I read when I set it up, but I am stuck.



SSH agent forwarding inexplicably works. Remote system shows this:



REMOTE:$ ssh-add -L
ssh-rsa blahblah cardno:123


I can login to other servers using SSH from the remote system and it uses the nano for auth (I know this because it requires touch to enable agent signing). I can see logs about the SSH signing in the gpg-agent log on the local system.



However, I can't get GPG sign/encrypt to work at all. If I run the following on the remote system:



REMOTE:$ echo "$(uname -a)" | gpg2 --armor --clearsign --default-key 0x1234
gpg: all values passed to '--default-key' ignored
gpg: no default secret key: No secret key
gpg: [stdin]: clearsign failed: No secret key


In the local gpg-agent log I see no logs about the attempt. If I run this command, I can see log entries in the local gpg-agent log:



REMOTE:$ $ netcat -U /home/user/.gnupg/S.gpg-agent
OK Pleased to meet you
RESET
OK
GETINFO PID
ERR 67109115 Forbidden <GPG Agent>
POOP
ERR 67109139 Unknown IPC command <GPG Agent>


Which results in these logs in the local agent:



2018-01-05 16:38:32 gpg-agent[865] DBG: chan_10 -> OK Pleased to meet you
2018-01-05 16:38:35 gpg-agent[865] DBG: chan_10 <- RESET
2018-01-05 16:38:35 gpg-agent[865] DBG: chan_10 -> OK
2018-01-05 16:38:45 gpg-agent[865] DBG: chan_10 <- GETINFO PID
2018-01-05 16:38:45 gpg-agent[865] DBG: chan_10 -> ERR 67109115 Forbidden <GPG Agent>
2018-01-05 16:39:01 gpg-agent[865] DBG: chan_10 <- POOP
2018-01-05 16:39:01 gpg-agent[865] DBG: chan_10 -> ERR 67109139 Unknown IPC command <GPG Agent>


If I run strace -f -F on gpg-connect-agent on the remote system, it seems to be connecting to a socket in /var/run, but not the one forwarded from the local system in ~/.gnupg/. I have tried removing both sockets, killing all gpg-agent processes and changed the SSH remote forward to go to either the /var/run location or the ~/.gnupg location to no avail. It is possible I screwed these steps up and I will try them again, but I want to know if someone knows the answer, and I would like to have an easy to find post for the next time this breaks.



LOCAL SYSTEM:



Mac OS X 10.11.6
gpg installed with brew
gpg (GnuPG) 2.2.1
libgcrypt 1.8.1


REMOTE SYSTEM:



ubuntu 17.10
gpg (GnuPG) 2.1.15
libgcrypt 1.7.8


EDIT:
Ok, no idea what changed, but I left it alone for a bit and came back and tried to switch the socket again and it now works:



REMOTE:$ $ echo "$(uname -a)" | strace -f -F gpg2 --armor --clearsign --default-key 0x1234
...
a bunch of garbage
...
stat("/run/user/1000/gnupg/S.gpg-agent", st_mode=S_IFSOCK) = 0
socket(AF_UNIX, SOCK_STREAM, 0) = 5


Changing my SSH remote forward to this new location worked. I swear I tried this earlier using the socket path provided by gpgconf --list-dir agent-ssh-socket, without any luck. Probably forgot to kill the existing agent. And by happenstance, I just chanced upon a blogpost reporting that this changed:
https://blog.kylemanna.com/linux/gpg-213-ssh-agent-socket-moved/




linux ssh osx gpg-agent yubikey




share|improve this question














I am using a yubikey nano on my local system to do encrypt/decrypt/sign on remote systems, plus SSH agent forwarding. I recall this being a bear to setup, but it has worked flawlessly for several months now. Suddenly it broke. My searches all return the same links I read when I set it up, but I am stuck.



SSH agent forwarding inexplicably works. Remote system shows this:



REMOTE:$ ssh-add -L
ssh-rsa blahblah cardno:123


I can login to other servers using SSH from the remote system and it uses the nano for auth (I know this because it requires touch to enable agent signing). I can see logs about the SSH signing in the gpg-agent log on the local system.



However, I can't get GPG sign/encrypt to work at all. If I run the following on the remote system:



REMOTE:$ echo "$(uname -a)" | gpg2 --armor --clearsign --default-key 0x1234
gpg: all values passed to '--default-key' ignored
gpg: no default secret key: No secret key
gpg: [stdin]: clearsign failed: No secret key


In the local gpg-agent log I see no logs about the attempt. If I run this command, I can see log entries in the local gpg-agent log:



REMOTE:$ $ netcat -U /home/user/.gnupg/S.gpg-agent
OK Pleased to meet you
RESET
OK
GETINFO PID
ERR 67109115 Forbidden <GPG Agent>
POOP
ERR 67109139 Unknown IPC command <GPG Agent>


Which results in these logs in the local agent:



2018-01-05 16:38:32 gpg-agent[865] DBG: chan_10 -> OK Pleased to meet you
2018-01-05 16:38:35 gpg-agent[865] DBG: chan_10 <- RESET
2018-01-05 16:38:35 gpg-agent[865] DBG: chan_10 -> OK
2018-01-05 16:38:45 gpg-agent[865] DBG: chan_10 <- GETINFO PID
2018-01-05 16:38:45 gpg-agent[865] DBG: chan_10 -> ERR 67109115 Forbidden <GPG Agent>
2018-01-05 16:39:01 gpg-agent[865] DBG: chan_10 <- POOP
2018-01-05 16:39:01 gpg-agent[865] DBG: chan_10 -> ERR 67109139 Unknown IPC command <GPG Agent>


If I run strace -f -F on gpg-connect-agent on the remote system, it seems to be connecting to a socket in /var/run, but not the one forwarded from the local system in ~/.gnupg/. I have tried removing both sockets, killing all gpg-agent processes and changed the SSH remote forward to go to either the /var/run location or the ~/.gnupg location to no avail. It is possible I screwed these steps up and I will try them again, but I want to know if someone knows the answer, and I would like to have an easy to find post for the next time this breaks.



LOCAL SYSTEM:



Mac OS X 10.11.6
gpg installed with brew
gpg (GnuPG) 2.2.1
libgcrypt 1.8.1


REMOTE SYSTEM:



ubuntu 17.10
gpg (GnuPG) 2.1.15
libgcrypt 1.7.8


EDIT:
Ok, no idea what changed, but I left it alone for a bit and came back and tried to switch the socket again and it now works:



REMOTE:$ $ echo "$(uname -a)" | strace -f -F gpg2 --armor --clearsign --default-key 0x1234
...
a bunch of garbage
...
stat("/run/user/1000/gnupg/S.gpg-agent", st_mode=S_IFSOCK) = 0
socket(AF_UNIX, SOCK_STREAM, 0) = 5


Changing my SSH remote forward to this new location worked. I swear I tried this earlier using the socket path provided by gpgconf --list-dir agent-ssh-socket, without any luck. Probably forgot to kill the existing agent. And by happenstance, I just chanced upon a blogpost reporting that this changed:
https://blog.kylemanna.com/linux/gpg-213-ssh-agent-socket-moved/





linux ssh osx gpg-agent yubikey





share|improve this question













share|improve this question




share|improve this question








edited Jan 6 at 4:03

























asked Jan 5 at 22:51









lopass

62




62




closed as off-topic by B Layer, G-Man, Jeff Schaller, George Vasiliou, jimmij Jan 6 at 14:50


This question appears to be off-topic. The users who voted to close gave this specific reason:


  • "Questions describing a problem that can't be reproduced and seemingly went away on its own (or went away when a typo was fixed) are off-topic as they are unlikely to help future readers." – B Layer, G-Man, Jeff Schaller, George Vasiliou, jimmij
If this question can be reworded to fit the rules in the help center, please edit the question.




closed as off-topic by B Layer, G-Man, Jeff Schaller, George Vasiliou, jimmij Jan 6 at 14:50


This question appears to be off-topic. The users who voted to close gave this specific reason:


  • "Questions describing a problem that can't be reproduced and seemingly went away on its own (or went away when a typo was fixed) are off-topic as they are unlikely to help future readers." – B Layer, G-Man, Jeff Schaller, George Vasiliou, jimmij
If this question can be reworded to fit the rules in the help center, please edit the question.











  • I found the solution. I don't seem to have enough fake internet points to do anything further. Should I just delete the question? It has enough debugging pointers that it might be of use to someone in the future.
    – lopass
    Jan 6 at 4:06










  • I put it up for a close vote.
    – B Layer
    Jan 6 at 4:17
















  • I found the solution. I don't seem to have enough fake internet points to do anything further. Should I just delete the question? It has enough debugging pointers that it might be of use to someone in the future.
    – lopass
    Jan 6 at 4:06










  • I put it up for a close vote.
    – B Layer
    Jan 6 at 4:17















I found the solution. I don't seem to have enough fake internet points to do anything further. Should I just delete the question? It has enough debugging pointers that it might be of use to someone in the future.
– lopass
Jan 6 at 4:06




I found the solution. I don't seem to have enough fake internet points to do anything further. Should I just delete the question? It has enough debugging pointers that it might be of use to someone in the future.
– lopass
Jan 6 at 4:06












I put it up for a close vote.
– B Layer
Jan 6 at 4:17




I put it up for a close vote.
– B Layer
Jan 6 at 4:17















active

oldest

votes






















active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes
-

Popular posts from this blog

Peggy Mitchell

Image
EastEnders character This article is about the soap opera character. For the British tennis player, see Peggy Michell. For the author, see Margaret Mitchell. Peggy Mitchell Barbara Windsor as Peggy Mitchell (2008) EastEnders character Portrayed by Jo Warne (1991) Barbara Windsor (1994–2016) Duration 1991, 1994–2010, 2013–2016 First appearance Episode 650 30 April 1991  ( 1991-04-30 ) Last appearance Episode 5286 17 May 2016  ( 2016-05-17 ) (appearance) Episode 5287 19 May 2016 (voiceover) Introduced by Michael Ferguson (1991) Barbara Emile (1994) Louise Berridge (2004) Kate Harwood (2005) Lorraine Newman (2013) Dominic Treadwell-Collins (2014) Spin-off appearances The Mitchells - Naked Truths (1998) Classification Former; regular Profile Other names Peggy Butcher Occupation Barmaid Businesswoman Pub landlady Jo Warne as Peggy Mitchell (1991) Family Family Mitchell Father Jack Martin Mother Lily Martin Sisters Aunt ...
Read more

Palaiologos

Image
Palaiologos Παλαιολόγος Palaeologus, Palaeologue Imperial Family Double-headed eagle with the family cypher Country Byzantine Empire, Duchy of Montferrat (remaining lineage after Empire annexed by Ottomans) Founded 11th century  ( 11th century ) Founder Nikephoros Palaiologos (first known) Final ruler Constantine XI Palaiologos (Byzantine Empire) Margaret Paleologa (Montferrat) Titles Byzantine Emperor Marquess of Montferrat Style(s) "Augustus" "Basileus" "Autokrator" Traditions Greek Orthodoxy (predominantly) Roman Catholicism (remaining lineage in Montferrat) Dissolution 1533  ( 1533 ) Cadet branches Claimants: House of Kastrioti (defunct) House of Rurik (defunct) Palaiologan dynasty Chronology Michael VIII 1259–1282 with Andronikos II as co-emperor, 1261–1282 Andronikos II 1282–1328 with Michael IX (1294–1320) and Andronikos III (1321–1328) as co-emperors Andronikos III 1328–1341 John...
Read more

The Forum (Inglewood, California)

Image
The Forum "LA Forum" Prairie Ave. façade of The Forum in 2014 Full name The Forum, presented by Chase Former names The Forum (1967–1988) Great Western Forum (1988–2003) Address 3900 W. Manchester Blvd Location Inglewood, California Coordinates Coordinates: 33°57′29″N 118°20′31″W  /  33.95806°N 118.34194°W  / 33.95806; -118.34194 Public transit     Downtown Inglewood station Owner The Madison Square Garden Company Operator MSG Entertainment Seating type Reserved Capacity 17,500 Half-bowl: 8,000 Construction Broke ground July 1, 1966  ( 1966-07-01 ) Opened December 30, 1967  ( 1967-12-30 ) Renovated 1988, 2012–2014 Construction cost $16 million Renovation: 2014: $76.5 million Architect Charles Luckman Associates (original) Brisbin Brook Beynon (renovation) Structural engineer Johnson & Nielsen Associates (original) Severud Associates (renovation) Genera...
Read more