GPG 软件功能挺多,用 gpg-agent
作为 ssh_agent
时发现,虽然在 gpg-agent.conf
设置了密码缓存时间,但是依然经常弹出密码输入框。缓存超时配置对于 ssh 密钥来说不起作用。

翻了一下 Wiki 和文档,发现需要增加针对 ssh 的缓存超时配置。
在 ~/.gnupg/gpg-agent.conf
中加入两行:
1
2
|
default-cache-ttl-ssh 60480000
max-cache-ttl-ssh 60480000
|
完整 gpg-agent.conf
示例,超时时间根据自己需要进行修改:
1
2
3
4
5
6
7
8
|
max-cache-ttl 60480000
default-cache-ttl 60480000
default-cache-ttl-ssh 60480000
max-cache-ttl-ssh 60480000
enable-ssh-support
pinentry-program /usr/local/bin/pinentry-mac
|
改完配置后重启 gpg-agnet
:
1
|
$ gpgconf kill gpg-agent && gpgconf --launch gpg-agent
|
之后就可以缓存输入的 GPG ssh key 密钥,不用重复输密码。
参数解释
选项内容摘自官方文档:
1
2
3
4
5
6
7
8
9
10
11
|
--default-cache-ttl n
Set the time a cache entry is valid to n seconds. The default is 600 seconds. Each time a cache entry is accessed, the entry’s timer is reset. To set an entry’s maximum lifetime, use max-cache-ttl. Note that a cached passphrase may not evicted immediately from memory if no client requests a cache operation. This is due to an internal housekeeping function which is only run every few seconds.
--default-cache-ttl-ssh n
Set the time a cache entry used for SSH keys is valid to n seconds. The default is 1800 seconds. Each time a cache entry is accessed, the entry’s timer is reset. To set an entry’s maximum lifetime, use max-cache-ttl-ssh.
--max-cache-ttl n
Set the maximum time a cache entry is valid to n seconds. After this time a cache entry will be expired even if it has been accessed recently or has been set using gpg-preset-passphrase. The default is 2 hours (7200 seconds).
--max-cache-ttl-ssh n
Set the maximum time a cache entry used for SSH keys is valid to n seconds. After this time a cache entry will be expired even if it has been accessed recently or has been set using gpg-preset-passphrase. The default is 2 hours (7200 seconds).
|
*-cache-ttl
和 *-cache-ttl-ssh
两类参数分别控制 GPG key 本身和用作 ssh 连接的 key。这也就解释了为什么设置 default-cache-ttl
和 max-cache-ttl
之后,每次用 GPG ssh key 的时候依然会超时而要重新输入密码。
参考资料
- https://wiki.archlinux.org/index.php/GnuPG#Cache_passwords
- Agent Options (Using the GNU Privacy Guard)
文章作者
xNathan
上次更新
2019-09-22
许可协议

本作品采用知识共享署名-非商业性使用-禁止演绎 4.0 国际许可协议进行许可。