using with su/sudo

NIIBE Yutaka gniibe at
Thu Oct 13 01:27:46 CEST 2016

On 10/13/2016 12:36 AM, John Lane wrote:
> I just wanted to bring this to your attention because I think it is related.

Thank you.  Actually, I have a problem like that, everyday (literally).

> I tried from a sudo with the tty ownership corrected but it didn't work.
> So I ran an agent with some logging and saw this:
> DBG: error calling pinentry: Inappropriate ioctl for device <Pinentry>

Yes, this is the same error for me, too.

In my case, I do:

    $ gpg-connect-agent updatestartuptty /bye

to fix the situation.

My case is that, I configure systemd to start up gpg-agent.  In this
case, gpg frontend works well with its session environment, but ssh
doesn't work.

In this configuration, gpg-agent starts with no env defined, like:

    $ gpg-connect-agent "getinfo std_startup_env" /bye

Then, the command "updatestartuptty" can fix the situation.

I think that gpg-agent is unkind enough (for error message, at least),
it could/should know pinentry doesn't work well with not proper TTY
ownership, no GPG_TTY.

In the case of su/sudo, I would consider automatic fallback to
loopback mode, or argue about file discriptor passing of UNIX domain
socket.  I have no idea how gpg-agent with null std_startup_env can do
for SSH...

More information about the Gnupg-users mailing list