using with su/sudo

John Lane gnupg at jelmail.com
Wed Oct 12 17:36:30 CEST 2016


> 
> I created a ticket at the bug tracker.
> 
>     https://bugs.gnupg.org/gnupg/issue2739
> 
> 
> With the situation of gpg-agent's allow-loopback-pinentry is default
> now, perhaps, it would be the best (from the user's viewpoint) that
> gpg-agent automatically fallbacks to loopback mode.
> 
> On window system, I think it doesn't work either...
> 

I just wanted to bring this to your attention because I think it is related.

If you try to use "ssh-add" from within a sudo/su session to add a SSH
private key to the gpg-agent (with all other GnuPG SSH configuration
requirements satisfied), the request fails with an error:

$ ssh-add ~/.ssh/private.key
Enter passphrase for /home/alice/private.key:
Could not add identity "/home/alice/.ssh/private.key": agent refused
operation

I did some investigation and I think it is the pinentry problem again.

First, I tried the same from a non-su terminal and it worked: the agent
pops up a pinentry dialog to request a passphrase for its copy of the
private key (as explained in the gpg manual, chapter 2).

I tried from a sudo with the tty ownership corrected but it didn't work.

So I ran an agent with some logging and saw this:


DBG: error calling pinentry: Inappropriate ioctl for device <Pinentry>




More information about the Gnupg-users mailing list