gpg can't access secret keys when logged in via ssh instead of desktop
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnupg2 (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
I recently performed a fresh install of 18.04 (Bionic) after preserving my .gnupg directory from my previous 16.04 LTS (Xenial) installation, but now, I can't perform gpg operations that require my secret key unless I'm sitting at the desktop and not logged in via ssh.
If I'm sitting at the gnome desktop environment, I can run gpg commands to decrypt encrypted messages and the popup appears to ask my passphrase, but if I'm connected via ssh, I get errors from gpg-agent and gpg fails to find my secret key without ever asking for my passphrase:
$ ps auxww | grep gpg-agent
jesse 16703 0.0 0.0 21536 1040 pts/4 S+ 12:19 0:00 grep gpg-agent
$ gpg --list-keys
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2019-02-22
/home/jesse/
-------
pub rsa2048 2018-02-22 [SC] [expires: 2019-02-22]
...
uid [ultimate] Jesse Michael <...@...>
uid [ultimate] Jesse Michael <...@...>
sub rsa2048 2018-02-22 [E] [expires: 2019-02-22]
pub rsa2048 2018-02-22 [SC] [expires: 2019-02-22]
...
uid [ultimate] Jesse Michael <...@...>
sub rsa2048 2018-02-22 [E] [expires: 2019-02-22]
pub rsa4096 2017-07-10 [SC] [expires: 2018-07-10]
...
uid [ unknown] ... <...@...>
sub rsa4096 2017-07-10 [E] [expires: 2018-07-10]
$ gpg --export-
gpg: key ...: error receiving key from agent: Operation cancelled - skipped
gpg: key ...: error receiving key from agent: Operation cancelled - skipped
gpg: key ...: error receiving key from agent: Operation cancelled - skipped
gpg: key ...: error receiving key from agent: Operation cancelled - skipped
gpg: WARNING: nothing exported
$ gpg --decrypt somefilename.gpg
gpg: encrypted with 4096-bit RSA key, ID ..., created 2017-07-10
"... <...@...>"
gpg: encrypted with 2048-bit RSA key, ID ..., created 2018-02-22
"Jesse Michael <...@...>"
gpg: public key decryption failed: Operation cancelled
gpg: decryption failed: No secret key
$ ps auxww | grep gpg-agent
jesse 16716 0.0 0.0 100420 3484 ? SLs 12:19 0:00 /usr/bin/gpg-agent --supervised
jesse 16763 0.0 0.0 21536 1092 pts/4 S+ 12:20 0:00 grep gpg-agent
$ lsb_release -rd
Description: Ubuntu 18.04 LTS
Release: 18.04
$ apt-cache policy gpg gnupg2 gpg-agent
gpg:
Installed: 2.2.4-1ubuntu1
Candidate: 2.2.4-1ubuntu1
Version table:
*** 2.2.4-1ubuntu1 500
500 http://
100 /var/lib/
gnupg2:
Installed: 2.2.4-1ubuntu1
Candidate: 2.2.4-1ubuntu1
Version table:
*** 2.2.4-1ubuntu1 500
500 http://
500 http://
100 /var/lib/
gpg-agent:
Installed: 2.2.4-1ubuntu1
Candidate: 2.2.4-1ubuntu1
Version table:
*** 2.2.4-1ubuntu1 500
500 http://
100 /var/lib/
When attempting to decrypt a message, these messages show up in syslog:
Jun 8 15:55:29 wopr systemd[2245]: Started GnuPG cryptographic agent and passphrase cache. 35000001/ gnupg/S. gpg-agent. ssh) 35000001/ gnupg/S. gpg-agent) 35000001/ gnupg/S. gpg-agent. extra) 35000001/ gnupg/S. gpg-agent. browser)
Jun 8 15:55:29 wopr gpg-agent[25712]: gpg-agent (GnuPG) 2.2.4 starting in supervised mode.
Jun 8 15:55:29 wopr gpg-agent[25712]: using fd 3 for ssh socket (/run/user/
Jun 8 15:55:29 wopr gpg-agent[25712]: using fd 4 for std socket (/run/user/
Jun 8 15:55:29 wopr gpg-agent[25712]: using fd 5 for extra socket (/run/user/
Jun 8 15:55:29 wopr gpg-agent[25712]: using fd 6 for browser socket (/run/user/
Jun 8 15:55:29 wopr gpg-agent[25712]: listening on: std=4 extra=5 browser=6 ssh=3
Jun 8 15:55:29 wopr gnome-shell[4354]: remove_mnemonics: assertion 'label != NULL' failed
Jun 8 15:55:29 wopr gnome-shell[4354]: remove_mnemonics: assertion 'label != NULL' failed
Jun 8 15:55:29 wopr gpg-agent[25712]: failed to unprotect the secret key: Operation cancelled
Jun 8 15:55:29 wopr gpg-agent[25712]: failed to read the secret key
Jun 8 15:55:29 wopr gpg-agent[25712]: command 'PKDECRYPT' failed: Operation cancelled <Pinentry>