[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#54950: Connecting to remote guix daemon with encrypted SSH key fails
From: |
Arun Isaac |
Subject: |
bug#54950: Connecting to remote guix daemon with encrypted SSH key fails |
Date: |
Thu, 16 Jun 2022 12:04:30 +0530 |
Hi Maxim,
I normally use neither OpenSSH's ssh-agent nor gpg-agent's ssh-agent
feature. But, when I do, it works. I didn't run into any pinentry issues
like you described. But, that's only because a passphrase entry is not
required at the time of `guix build'. Passphrase entry is required only
at the time of `ssh-add' when I am adding the key to the ssh-agent. Just
to be clear, here are the exact steps I used to set up gpg-agent.
Enable gpg's ssh-agent feature
$ echo use-agent >> ~/.gnupg/gpg.conf
$ echo enable-ssh-support >> ~/.gnupg/gpg-agent.conf
pkill and restart gpg-agent (command not shown). Then, add the key to
gpg's ssh-agent. A passphrase is prompted at this point.
$ ssh-add ~/.ssh/id_ecdsa
guix build with remote daemon. A passphrase is not prompted at this
point because it was already added into the ssh-agent in the last step.
$ SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent.ssh
GUIX_DAEMON_SOCKET=ssh://foo guix build -v3 hello
So, with an ssh-agent, guix build on a remote daemon works. But, I'd
like it to work without an ssh-agent. Is that possible?
Regards,
Arun