gpg / gpg-agent -- Can't connect to /root/.gnupg/S.gpg-agent
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
gpg / gpg-agent -- Can't connect to /root/.gnupg/S.gpg-agent
I am having trouble with gpg & gpg-agent. I ran
Code:
gpg --gen-key
And right after I input my name and email, it crashes with the following message:
Quote:
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
can't connect to `/root/.gnupg/S.gpg-agent': No such file or directory
gpg-agent[23478]: command get_passphrase failed: Operation cancelled
gpg: cancelled by user
gpg: Key generation canceled.
Have you tried creating the directory /root/.gnupg using mkdir (and possibly the S.gpg-agent file within it with touch)? The directory permissions should be 0700. Can you post the output of re-running the command once you've done that?
I use GPG, bit not the agent. It turns out that S.gpg-agent is a socket (not a file which is what the touch command creates). The gpg-agent listens to gpg, intercepts requests for passphrases and supplies the info so you don't have to type your passphrase all the time.
You will learn that gpg-agent should be started rather as daemon and only as a single pid. If you start looking the daemon start-up procedure inside your system of course, you won't find it (I didn't and it was Fedora 10). Well, First what I decided to do was to fallow the manual, so I did:
Yes, you don't have the "gpg-agent-start.sh" file yet and there is no word about it in man! Here it is:
Code:
#!/bin/bash
# Decide wether to start gpg-agent daemon.
# Create necessary symbolic link in $HOME/.gnupg/S.gpg-agent
SOCKET=S.gpg-agent
PIDOF=`pidof gpg-agent`
RETVAL=$?
if [ "$RETVAL" -eq 1 ]; then
echo "Starting gpg-agent daemon."
eval `gpg-agent --daemon `
else
echo "Daemon gpg-agent already running."
fi
# Nasty way to find gpg-agent's socket file...
GPG_SOCKET_FILE=`find /tmp/gpg-* -name $SOCKET`
echo "Updating socket file link."
cp -fs $GPG_SOCKET_FILE $HOME/.gnupg/S.gpg-agent
I'm not quite sure if there is a better way to quickly, find a place of a socket file. In my system it is placed randomly in /tmp/gpg-xxxxxxx/S.gpg-agent, where xxxxxxx are random characters.
If anyone know it please write it down...
It's a socket (fifo or named pipe) that gpg-agent uses to communicate. Certain Linux distros use the --no-use-standard-socket option to gpg-agent, causing it to look for this file specifically, instead of creating one automatically with a random name. Which means we need to create it manually.
Just do this:
Code:
# presumably you already have a .gnupg directory, but this won't hurt even if you do
mkdir -p -m 700 ~/.gnupg
# now let's create the socket. The "p" below says make it a "pipe" (aka: fifo or socket)
mknod -m 700 ~/.gnupg/S.gpg-agent p
# And give gpg-agent a whirl:
gpg-agent --daemon
Distribution: CentOS Linux release 7.4.1708 (Core)
Posts: 4
Rep:
.gnupg/S.gpg-agent - No such file or directory
The man page writeup for gpg-agent is pretty good, succinct, addresses the problem and provides a solution:
~~~~~~~~~~~~~~~~~~~
$> man gpg-agent #a daemon to manage secret (private) keys independently
# from any protocol. It is used as a backend for gpg and gpgsm as well
# as for a couple of other utilities.
#Get the necessary information from gpg-agent
gpg-agent --daemon --enable-ssh-support --write-env-file "${HOME}/.gpg-agent-info"
#Create the necessary environment variables
if [ -f "${HOME}/.gpg-agent-info" ]; then
. "${HOME}/.gpg-agent-info"
export GPG_AGENT_INFO
export SSH_AUTH_SOCK
export SSH_AGENT_PID
fi
~~~~~~~~~~~~~~~~~~~~~~~~~~~
I have the same problem and I've tried everything suggested above. Kleopatra Self-test results show all test pass except Gpg-Agent Connectivity. Slackware64 14.1
I ran into the issues last week on my RHEL6 running gnupg2. I had not had the issue running on the RHEL5 server that had been replaced by that. My PuTTY into the servers is launched from an MS Windows laptop and has X11 forwarding enabled.
It was trying that on RHEL6 that gave the errors described. My notes for RHEL5 said it gave me a Text Box to enter the passphrase despite including the --passphrase.
After getting the error and seeing multiple hits in web searches regarding the error including this link I solved the issue. Posting findings in hopes they help others:
1) On my MS Windows laptop I started an X emulator (Exceed in my case but would expect same from others such as Cygwin/X).
With the X11 forwarding on in the PuTTY shell running the above command line gave me an X Window popup on my MS Windows workstation to enter the passphrase. On entering the passphrase I still got a message in PuTTY session but it successfully decrypted.
2) Running "export GPG_TTY=$*tty)" and "unset DISPLAY" in my PuTTY session then running the above command line gave me the Text box to enter the passphrase on RHEL6 as it had previously on RHEL5. On entering the passphrase I still got a message in PuTTY session but it successfully decrypted.
3) Further review showed that in my scripts when using "--passphrase" I was also using "--batch". It turned out it was the lack of the "--batch" that was making it prompt for passphrase. Therefore I amended my command line to:
Using that amended command line I did not have to set GPG_TTY nor did I have to unset DISPLAY. The "--batch" lets it know to do the work without trying to prompt. With the amended command line it successfully decrypted.
Summarizing: All 3 methods above work but when doing it via command line there is no reason not to issue "--batch" unless you want it to prompt you for the passphrase.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.