Description of problem: I have the following in ~/.gnupg/gpg-agent.conf enable-ssh-support extra-socket ~/.gnupg/S.gpg-agent.extra default-cache-ttl 120 max-cache-ttl 300 But when I login to my GNOME session the --enable-ssh-support switch is not enabled. I also created a local systemd unit file and enabled it for at startup, but also that doesn't do the trick. This probably means that the distribution starts the gpg-agent when I login and ignores the gpg-agent.conf in my home folder. I need the --enable-ssh-support because I use the GPG keys of my Yubikey to use ssh. Version-Release number of selected component (if applicable): gnupg2-2.1.21-2.fc26.x86_64 Steps to Reproduce: 1. Add "enable-ssh-support" to ~/.gnupg/gpg-agent.conf 2. Login again to your GNOME session 3. Check with ps the gpg-agent process, --enable-ssh-support is missing. Expected results: I expect to be able to modify the startup configuration of gpg-agent. But what I've tried so far doesn't work. Except for killing gpg-agent and then start it myself with the correct switches enabled. Additional info: https://www.esev.com/blog/post/2015-01-pgp-ssh-key-on-yubikey-neo/
Is the option really ignored? Why do you expect the --enable-ssh-support being shown in the ps output if you set it in the gpg-agent.conf file? Also if Gnome somehow starts the gpg-agent in a way that the config file settings are ignored, I'd suggest reassigning it to some appropriate Gnome component. I do not personally use Gnome and have no idea about its session start up.
The --enable-ssh-support option is visible in ps when I restart gpg-agent with this local systemd unit-file. [Unit] Description=GnuPG Agent IgnoreOnIsolate=true [Service] Type=forking Environment=SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh ExecStart=/usr/bin/gpg-agent --homedir %h/.gnupg --enable-ssh-support --daemon ExecStartPost=/usr/bin/systemctl --user set-environment SSH_AUTH_SOCK=${SSH_AUTH_SOCK} [Install] WantedBy=default.target After I restart that, it works. I can do a test without a desktop environment, then we can cancel out that causality.
But there you explicitly call it with --enable-ssh-support on the command line.
Using the upstream gpg systemd files is sufficient to get ssh working with the gpg keys on a Yubikey: https://dev.gnupg.org/source/gnupg/browse/master/doc/examples/systemd-user/ After the example systemd files are symlinked to /usr/lib/systemd/user/, they need to be activated with: systemctl --user --global enable gpg-agent.socket systemctl --user --global enable gpg-agent-ssh.socket Then make sure this is included in you .bash_profile: export SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh Then it works as a charm!