pinentry fails with gpg-agent for ssh, but works for gpg

brian saia brnsaia at
Mon Jan 29 20:19:41 CET 2018

On 01/25/2018 03:03 AM, Werner Koch wrote:
>> $ ssh some-host
>> fails to ask for the PIN.
> That is because ssh has no mechanism to tell the ssh-agent (in this case
> gpg-agent) the DISPLAY or tty to use for pinentry.  This the pinentry
> pops up on the tty or X server gpg-agent was initially started.
> Running
>   gpg-connect-agent updatestartuptty /bye
> on your current tty tells gpg-agent to updates its default tty and
> DISPLAY to the one where you run gpg-connect-agent.  ssh will then work
> again.  After you switch back to another terminal you need to do the
> same.  
> I have to use it always when I move from my standalone laptop to the
> Xserver connected to that laptop.  It is a bit annoying and the only
> clean solution would be to enance the the ssh-agent protocol and
> implement that in both, ssh and gpg-agent.

One option could be to add that snippet of code...

  gpg-connect-agent updatestartuptty /bye

to your /.bashrc/ (or equivalent) file. At the very least it might reduce the
number of times you would have to enter it manually.

Another option could be to create a script which calls gpg-connect-agent first
then calls SSH. Something like this:

$cat ~/bin/ssh
#!/usr/bin/env bash
gpg-connect-agent updatestartuptty /bye &>/dev/null
/usr/bin/ssh "$@"

Thank you for your time.
-Brian Saia

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-users mailing list