Following a recent update to my Gentoo installation at work, I found myself pestered by PinEntry acting as my new SSH Authentication Agent. Formerly, I used the normal ssh-agent, as it’s console only and doesn’t steal focus on the terminal window I’m currently working in.
A quick look at the process-list shows why:
gillespiem@kovacs2 ~ $ ps axu | grep gpg-agent
30847 ? Ss 0:00 gpg-agent –daemon –enable-ssh-support –write-env-file /home/gillespiem/.cache/gpg-agent-info
The GPG-Agent is being run with the –enable-ssh-support flag. Here’s how you can turn it off if you’re using XFCE4:
The script /etc/xdg/xfce4/xinitrc handles chosing the correct authentication agent at line 129:
129 # launch gpg-agent or ssh-agent if enabled.
130 ssh_agent_enabled=`xfconf-query -c xfce4-session -p /startup/ssh-agent/enabled 2> /dev/null`
131 if test “$ssh_agent_enabled” != “false”; then
132 # if the user has pam_ssh installed, it will start ssh-agent for us, but
133 # of course won’t start gpg-agent. so, if ssh-agent is already running,
134 # but we want gpg-agent (and that’s not running yet) start gpg-agent
135 # without ssh support
136
137 ssh_agent_type=`xfconf-query -c xfce4-session -p /startup/ssh-agent/type 2> /dev/null`
138 if test -z “$ssh_agent_type”; then
139 if which gpg-agent >/dev/null 2>&1; then
140 ssh_agent_type=gpg-agent
141 else
142 ssh_agent_type=ssh-agent
143 fi
144 fi
To pass the first test (line 130), set ssh-agent to be enabled by running this (it only needs to be run once):
xfconf-query -n -t bool -c xfce4-session -p /startup/ssh-agent/enabled -s true
To pass the second test (line 137), set /startup/ssh-agent/type to … well, pretty much anything will do, as it only tests that it’s a non-zero length string – I’m setting it to “ssh-agent”:
xfconf-query -n -t string -c xfce4-session -p /startup/ssh-agent/type -s ssh-agent
If you’re currently in XFCE4, kill gpg-agent and restart XFCE. You’ll find when you return, ssh-agent will act as your SSH Authentication Agent, and gpg-agent will handle GPG specific transactions.
Hmm — you didn’t actually read the code, did ya?
You don’t need the first xfconf-query — the test is against “!= false”, so as long as it isn’t positively set to false, you’ll pass the test.
Then you do actually need the second line set to ssh-agent — sure, to skip the test you need anything, but that value is later used to test whether to actually start ssh-agent. If you set it to x, the script won’t start ssh-agent.
Oh, snap. Yeah, you’re right. No, I didn’t fully read the code – just skimmed it. Good catch.