pam-gnupg not unclock my gnugpg

Topic: pam-gnupg not unclock my gnugpg (Read 2137 times) previous topic - next topic

0 Members and 1 Guest are viewing this topic.

pam-gnupg not unclock my gnugpg

04 April 2021, 19:31:49

hello . i am new to artix ..
i used to be archlinux user for 10 years.
now i am artix user .. i installed artix with runit system ... the only problem I got is
i cant unlock my gnupg key . as i searched gnupg is based on systemd

is there any way to unclock when i login ?

Re: pam-gnupg not unclock my gnugpg

Reply #1 – 04 April 2021, 20:57:49

hi, welcome
i guess you need remove in etc/pam.d/system-local-login or in similar file this pam_systemd.so ---> see and read https://github.com/cruegge/pam-gnupg

did you fresh installation or migration? seems as you migrated from arch and you did not clean your pam files in /etc/pam.d from systemd.so (you should replace it by elogind.so or comment).

Re: pam-gnupg not unclock my gnugpg

Reply #2 – 04 April 2021, 22:36:58

i did clean install ....
and i used the larbs installer

Re: pam-gnupg not unclock my gnugpg

Reply #3 – 05 April 2021, 00:15:31

https://archlinux.org/packages/core/x86_64/gnupg/ gnupg have no systemd deps, anf if have it, we replaced it by elogind.
i installed pam-gnupg from AUR and it works fine for me (pam-gnupg does not contains systemd ).
please provide more infos (output from terminal) or some log with error.

Re: pam-gnupg not unclock my gnugpg

Reply #4 – 05 April 2021, 00:35:33

I ulock the pass with the test

i jusr logout

and now login again

i want when i login to my system ( i dont have display manager ) the keying be unlocked ..

Re: pam-gnupg not unclock my gnugpg

Reply #5 – 05 April 2021, 02:07:34

I have it to where when zsh is open/ran after login, no matter if gui or console, it asks for my ssh pass and also once I use gpg it won't ask me again unless I reboot my system.
With oh-my-zsh plugins I use is:

Code: [Select]

git ssh-agent gpg-agent

Re: pam-gnupg not unclock my gnugpg

Reply #6 – 05 April 2021, 16:30:36

the main problem is that i cant ... i think is the settings on /etc/pam but i dont know where

Re: pam-gnupg not unclock my gnugpg

Reply #7 – 05 April 2021, 16:56:42

Set default-cache-ttl and max-cache-ttl in ~/.gnupg/gpg-agent.conf.

With dwm I also suggest pinentry-dmenu (setting pinentry-program) so you can enter passwords through dmenu.

See man gpg-agent for details.

Re: pam-gnupg not unclock my gnugpg

Reply #8 – 05 April 2021, 18:09:37

i know in arch linux working perfectly fine ... but i dont know why in artix not working

Re: pam-gnupg not unclock my gnugpg

Reply #9 – 05 April 2021, 21:06:46

Quote from: jemadux – on 05 April 2021, 18:09:37

i know in arch linux working perfectly fine ... but i dont know why in artix not working

Since 2.1.17, users on machines with systemd will have their gpg-agent process launched automatically by systemd's user session, upon first access of any of the expected gpg-agent sockets (including the ssh socket). systemd will also cleanly tear this process down at session logout.

That is nice function, which you probably used before in archlinux, but it missing here, because no systemd...

...also, you need it manually:

0. not bad idea is set longer interval for GPG - as wrote above - just optional:
GPG can not directly be set to keep the password until restart, but you can change the time it caches the passwords to a very long time, e.g. a year. Add the following lines to $GNUPGHOME/gpg-agent.conf ($GNUPGHOME is usually ~/.gnupg):

Code: [Select]

default-cache-ttl 31536000
max-cache-ttl 31536000

This sets the time for caching passphrases to one year (31536000 seconds). default-cache-ttl is the normal caching time, which is reset when the key is used (so on each use it is cached longer), while max-cache-ttl limits the total time including extensions.

but you still need run gpg-agent as daemon to have same function as in systemd:

1. configure GnuPG to use an agent when appropriate. Edit ~/.gnupg/gpg.conf and add the following line:

Code: [Select]

use-agent

Now the system is almost ready to use the GPG agent. It is neccessary to restart the gpg-agent to take into account of the change in configuration:

Code: [Select]

gpg-connect-agent reloadagent /bye

2.Automatically starting the GPG agent - you can use it as sh script, put the lines in ~/.xinitrc if startx is used to start X.org or ~/.xsession if XDM, GDM, KDM, etc. are used. :

Code: [Select]

if [ -x /usr/bin/gpg-agent ]; then
 eval "$(/usr/bin/gpg-agent --daemon)"
fi

similar for shutdown the agent, if needed:

Code: [Select]

if [ -n "${GPG_AGENT_INFO}" ]; then
  kill $(echo ${GPG_AGENT_INFO} | cut -d':' -f 2) >/dev/null 2>&1
fi

4.You should always add the following lines to your .bashrc or whatever initialization file is used for all shell invocations:

Code: [Select]

GPG_TTY=$(tty)
export GPG_TTY

5. eventually you can set your SSH shh-agent in to .bashrc - if you need - too:

Code: [Select]

if ! pgrep -u "$USER" ssh-agent > /dev/null; then
    ssh-agent > ~/.ssh-agent-thing
fi
if [[ "$SSH_AGENT_PID" == "" ]]; then
    eval "$(<~/.ssh-agent-thing)"
fi