gpg 2.1 gpg-agent over ssh
Ximin Luo
infinity0 at pwned.gg
Fri Mar 27 13:01:18 CET 2015
On 27/03/15 11:38, Ximin Luo wrote:
> When running gpg 2.1.2 over SSH with a secret-key operation, the gpg in the ssh client appears to hang.
>
> What is actually happening is that the gpg-agent it's connecting to, is running a pinentry that's associated with the display on the desktop session the *gpg-agent* is attached to, rather than the ssh client, and there's no way for the ssh user to reach this.
>
> $ pgrep -a gpg-agent
> 17902 gpg-agent --homedir /home/infinity0/.gnupg --use-standard-socket --daemon
> $ kill -HUP 17902 # flush all secret keys
> $ pgrep -af pinentry
> (exit 1)
>
> $ gpg2 -as <<EOF
> test
> EOF
>
> ^C
> gpg: signal Interrupt caught ... exiting
>
> (exit 130)
> (exit 130)
> $ pgrep -af pinentry
> 22048
> # this process sticks around and you need to kill it manually
>
What's worse - if you don't kill this process, subsequent attempts to use secret-key operations (even from the desktop session!) fail because I guess gpg-agent queues up pinentry operations, and it's waiting on this one.
This wouldn't be obvious to most users.
> But physically going back to the desktop session doesn't show a pinentry popup, for some reason.
>
> It's unclear the best way to solve this. Thoughts?
>
A workaround is to use `ssh -X`. I'm not sure if this translates into a solution for the original non-X case.
X
--
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150327/6a861000/attachment.sig>
More information about the Gnupg-devel
mailing list