[HELP] pinentry-curses breaks SSH auth, but pinentry-mac works fine?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Jun 30 23:26:27 CEST 2017
Hi Ryan--
On Fri 2017-06-30 11:54:46 +0800, Ryan Lue wrote:
> But for some reason, it just doesn't work with `pinentry-curses`: SSH
> (GPG) key authentication fails silently, and the server falls back to
> password authentication. (I have made sure to set `$GPG_TTY`, so
> `pinentry-curses` works just fine for everything else, just not SSH
> authentication. For instance, I can `echo hello | gpg -s` and I'll get
> the pinentry password prompt in the terminal.)
setting GPG_TTY only works for clients that know to interpret it and to
pass its value along to gpg-agent.
when ssh is speaking to gpg-agent, it's using the ssh-agent protocol,
which has no mechanism for passing this info to the agent.
as a result, the agent (which *isn't* running attached to the current
tty) can't tell pinentry which tty to use.
have you tried doing this:
GPG_TTY=$(tty) gpg-connect-agent updatestartuptty /bye
from the current terminal before trying to use ssh?
i consider this a workaround (which isn't satisfactory for easy everyday
use without better integration), but it's probably better than nothing.
please let the list know if that workarund works for you!
regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20170630/8b742b13/attachment-0001.sig>
More information about the Gnupg-users
mailing list