Passphrases for SSH connections not accepted via pinentry

aslam karachiwala aslam at mythicflow.com
Tue Apr 21 02:12:28 CEST 2015


gpg 2.0.22
pinentry 0.9.0

When attempting to establish an SSH connection, either from the command
line or a graphical app like a file manager or an IDE, the pinentry
dialog appears. This dialog...
1. does not allow the passphrase to be pasted, and
2. does not accept the correct passphrase that is typed into the field.

If done from the command line, the following error is reported:

"Agent admitted failure to sign using the key."

The gpg-agent log reports:

2015-04-03 22:33:16 gpg-agent[3928] failed to unprotect the secret key:
Operation cancelled
2015-04-03 22:33:16 gpg-agent[3928] failed to read the secret key

I know the passphrase I enter is correct because it works when entered
into the the graphical app's (e.g., Dolphin, Eclipse IDE) prompt which
appears after pinentry fails three times. This happens with both
pinentry-qt4 and pinentry-gtk-2. I was able to also reproduce it with
gpg 2.0.27 & pinentry-0.9.1, which I built from source.

This behavior started in early 2015. Before that, pinentry would give a
command-line prompt (via pinentry-curses?) if an ssh connection was
initiated from the command line.

[gpg-agent.conf]

###+++--- GPGConf ---+++### Sun 20 Jul 2014 06:18:30 PM EDT
# GPGConf edited this configuration file.
# It will disable options before this marked block, but it will
# never change anything below these lines.

enable-ssh-support
use-standard-socket


##### pinentry program to manage gpg keys.
### for KDE:
pinentry-program /usr/bin/pinentry-qt4
### for Cinnamon/GNOME:
#pinentry-program /usr/bin/pinentry-gtk-2

keep-tty
keep-display

verbose
min-passphrase-len 16
debug-level advanced
log-file /home/aslam/.gnupg/log/gpg-agent.log
default-cache-ttl 1800
max-cache-ttl 36000

[/gpg-agent.conf]

Any thoughts on what's causing this and how to fix it?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 230 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150420/0359fda8/attachment.sig>


More information about the Gnupg-users mailing list