using with su/sudo
NIIBE Yutaka
gniibe at fsij.org
Thu Oct 13 01:27:46 CEST 2016
On 10/13/2016 12:36 AM, John Lane wrote:
> I just wanted to bring this to your attention because I think it is related.
Thank you. Actually, I have a problem like that, everyday (literally).
> I tried from a sudo with the tty ownership corrected but it didn't work.
>
> So I ran an agent with some logging and saw this:
>
>
> DBG: error calling pinentry: Inappropriate ioctl for device <Pinentry>
Yes, this is the same error for me, too.
In my case, I do:
$ gpg-connect-agent updatestartuptty /bye
to fix the situation.
My case is that, I configure systemd to start up gpg-agent. In this
case, gpg frontend works well with its session environment, but ssh
doesn't work.
In this configuration, gpg-agent starts with no env defined, like:
$ gpg-connect-agent "getinfo std_startup_env" /bye
OK
$
Then, the command "updatestartuptty" can fix the situation.
I think that gpg-agent is unkind enough (for error message, at least),
it could/should know pinentry doesn't work well with not proper TTY
ownership, no GPG_TTY.
In the case of su/sudo, I would consider automatic fallback to
loopback mode, or argue about file discriptor passing of UNIX domain
socket. I have no idea how gpg-agent with null std_startup_env can do
for SSH...
--
More information about the Gnupg-users
mailing list