A shell script to properly configure GNOME to play nice with a Yubikey. This script allows you to use your Yubikey for GPG and SSH while leaving passwords and PK11 for GNOME keyring (Ubuntu 15.04-17.10) Copied from hyper3xpl0iter@github I just modified the deb source locations since the country mirrors of archive.ubuntu.org do not contain vivid anymore. Download it here CAVE: The removal of the new versions of gpg and so on also removes gnome-control-center so a sudo apt-get -y install gnome-control-center has to be done afterwards.
Start by installing the xdotool package On Debian/Ubuntu/etc simply run: sudo apt-get install xdotool keepass2 Next find out where the keepass2 executable is installed on your system The easiest way to do this is to run: which keepass2 On my system this returns /usr/bin/keepass2 This file is actually not the program itself but a script that bootstraps the program. So to find out where the real executable run:
There are lots of reports that Ubuntu 17.10 hangs with a black screen if reboot is issued. Some users report they need to press Alt+F7 to go further, some users report it only takes a looong time to go through the reboot sequence. I could confirm both issues, luckily there is help! Edit /etc/default/grub and remove quiet and splash from GRUB_CMDLINE_LINUX_DEFAULT. Issue a sudo update-grub and reboot.
After a recent apt-get update && apt-get dist-upgrade which also updated gpg-agent my smart cards (and therefore ssh auth for my servers) stopped to work. A ps aux|grep gpg-agent revealed that it´s now started with --supervised instead of the options given by me. Even a pkill gpg-agent and eval $(gpg-agent --options) didn´t help. A quick search in google found out that developers changed the start up but I did not want to dig any deeper and edit scripts or whatsoever again…
It looks like my journey to find a linux distribution where gpg and ssh authentication with a gpg smartcard works right out of the box is finally over. Thanks to Moritz Bartl from torservers.net who pointed me in the direction to Debian testing aka stretch. All I did was sudo aptitude install pcscd pcsc-tools gpgsm gnupg-agent scdaemon -y echo "use-agent" >> ~/.gnupg/gpg.conf echo "enable-ssh-support" >> ~/.gnupg/gpg-agent.conf Commenting out use-ssh-agent in /etc/X11/Xsession.