using with su/sudo
John Lane
gnupg at jelmail.com
Wed Oct 12 17:36:30 CEST 2016
>
> I created a ticket at the bug tracker.
>
> https://bugs.gnupg.org/gnupg/issue2739
>
>
> With the situation of gpg-agent's allow-loopback-pinentry is default
> now, perhaps, it would be the best (from the user's viewpoint) that
> gpg-agent automatically fallbacks to loopback mode.
>
> On window system, I think it doesn't work either...
>
I just wanted to bring this to your attention because I think it is related.
If you try to use "ssh-add" from within a sudo/su session to add a SSH
private key to the gpg-agent (with all other GnuPG SSH configuration
requirements satisfied), the request fails with an error:
$ ssh-add ~/.ssh/private.key
Enter passphrase for /home/alice/private.key:
Could not add identity "/home/alice/.ssh/private.key": agent refused
operation
I did some investigation and I think it is the pinentry problem again.
First, I tried the same from a non-su terminal and it worked: the agent
pops up a pinentry dialog to request a passphrase for its copy of the
private key (as explained in the gpg manual, chapter 2).
I tried from a sudo with the tty ownership corrected but it didn't work.
So I ran an agent with some logging and saw this:
DBG: error calling pinentry: Inappropriate ioctl for device <Pinentry>
More information about the Gnupg-users
mailing list