Richard North’s Blog

Easier SSH Agent with GPG

Some time back I wrote a guide to set­ting up a Yubikey Neo se­cu­rity de­vice for GPG and SSH au­then­ti­ca­tion. One as­pect I in­cluded was set­ting up GPG Agent on Fish shell, which was a lit­tle fid­dly.

I’ve re­cently dis­cov­ered that this has be­come vastly eas­ier with GPG Agent Autostart ar­riv­ing in a re­cent ver­sion of GPG.

With this change, the only thing needed in fish shell con­fig is the fol­low­ing:

# Start or re-use a gpg-agent.
#
gpgconf --launch gpg-agent

# Ensure that GPG Agent is used as the SSH agent
set -e SSH_AUTH_SOCK
set -U -x SSH_AUTH_SOCK ~/.gnupg/S.gpg-agent.ssh

Basically, this will en­sure that SSH uses GPG Agent’s socket (S.gpg-agent.ssh) rather than the reg­u­lar SSH Agent. Whenever SSH uses the socket to start au­then­ti­ca­tion, GPG and the GPG smart­card (Yubikey) will spring into life to pro­vide the nec­es­sary au­then­ti­ca­tion.

Quite dif­fer­ent from the pre­vi­ous ~30 lines!

← Home