We are using gpg-agent to provide ssh-agent functionality for the caching the private key passphrases. Some of the keys will be stored in the gpg keyring whilst some services such as ansible uses a standard ssh key. Our ansible scripts run without problems with the standard ssh-agent. When the $SSH_AUTH_SOCK variable is pointer to the gpg-agent ssh socket the script continually prompts for the pass phrase and it always comes back as invalid. Is this some config issue I need to sort out? “ssh-add -L” show keys from the gpg and standard ssh keys (ansible’s one too) are cached so not sure why we getting the repeated prompts
Ansible does not deal with those, it executes an ssh command, use
-vvv to see exactly the ssh command Ansible runs and see if any of
those options need to be tweaked to allow for the gpg agent to
continue working.
It sounds almost like your auth socket isn’t working properly. Meaning the agent is being restarted and is readding the key instead of using the key loaded in the agent once.
It sounds almost like your auth socket isn’t working properly. Meaning the agent is being restarted and is readding the key instead of using the key loaded in the agent once.
Thanks for the reply. I agree with your assessment it has something to do with ansible not being able to reach the SSH_AUTH_SOCKET. I don’t have a gpg-agent.conf file. I have read lots of tutorials that mention the file but on Ubuntu 18.04 the gpg installation does not appear to require it. The only thing I had to do after installation to get ssh to work with the private key in gpg was to run “export SSH_AUTH_SOCK=”/run/user/1000/gnupg/S.gpg-agent.ssh". Maybe I need to change a config for ansible to point to the correct socket as it was using the normal ssh-agent before?