GNU bug report logs - #54950
Connecting to remote guix daemon with encrypted SSH key fails

Package: guix;

Reported by: Arun Isaac <arunisaac <at> systemreboot.net>

Date: Fri, 15 Apr 2022 11:10:01 UTC

Severity: normal

Message #17 received at 54950 <at> debbugs.gnu.org (full text, mbox):

From: Arun Isaac <arunisaac <at> systemreboot.net>
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: 54950 <at> debbugs.gnu.org
Subject: Re: bug#54950: Connecting to remote guix daemon with encrypted SSH
 key fails
Date: Thu, 16 Jun 2022 12:04:30 +0530

Hi Maxim,

I normally use neither OpenSSH's ssh-agent nor gpg-agent's ssh-agent
feature. But, when I do, it works. I didn't run into any pinentry issues
like you described. But, that's only because a passphrase entry is not
required at the time of `guix build'. Passphrase entry is required only
at the time of `ssh-add' when I am adding the key to the ssh-agent. Just
to be clear, here are the exact steps I used to set up gpg-agent.

Enable gpg's ssh-agent feature

$ echo use-agent >> ~/.gnupg/gpg.conf
$ echo enable-ssh-support >> ~/.gnupg/gpg-agent.conf

pkill and restart gpg-agent (command not shown). Then, add the key to
gpg's ssh-agent. A passphrase is prompted at this point.

$ ssh-add ~/.ssh/id_ecdsa

guix build with remote daemon. A passphrase is not prompted at this
point because it was already added into the ssh-agent in the last step.

$ SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent.ssh
GUIX_DAEMON_SOCKET=ssh://foo guix build -v3 hello

So, with an ssh-agent, guix build on a remote daemon works. But, I'd
like it to work without an ssh-agent. Is that possible?

Regards,
Arun

This bug report was last modified 3 years ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #54950 Connecting to remote guix daemon with encrypted SSH key fails

GNU bug report logs - #54950
Connecting to remote guix daemon with encrypted SSH key fails