[HELP] pinentry-curses breaks SSH auth, but pinentry-mac works fine?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Jun 30 23:26:27 CEST 2017


Hi Ryan--

On Fri 2017-06-30 11:54:46 +0800, Ryan Lue wrote:
> But for some reason, it just doesn't work with `pinentry-curses`: SSH
> (GPG) key authentication fails silently, and the server falls back to
> password authentication. (I have made sure to set `$GPG_TTY`, so
> `pinentry-curses` works just fine for everything else, just not SSH
> authentication. For instance, I can `echo hello | gpg -s` and I'll get
> the pinentry password prompt in the terminal.)

setting GPG_TTY only works for clients that know to interpret it and to
pass its value along to gpg-agent.

when ssh is speaking to gpg-agent, it's using the ssh-agent protocol,
which has no mechanism for passing this info to the agent.

as a result, the agent (which *isn't* running attached to the current
tty) can't tell pinentry which tty to use.

have you tried doing this:

    GPG_TTY=$(tty) gpg-connect-agent updatestartuptty /bye

from the current terminal before trying to use ssh?

i consider this a workaround (which isn't satisfactory for easy everyday
use without better integration), but it's probably better than nothing.

please let the list know if that workarund works for you!

regards,

     --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20170630/8b742b13/attachment-0001.sig>


More information about the Gnupg-users mailing list