pinentry fails with gpg-agent for ssh, but works for gpg
brian saia
brnsaia at ieee.org
Mon Jan 29 20:19:41 CET 2018
On 01/25/2018 03:03 AM, Werner Koch wrote:
>> $ ssh some-host
>>
>> fails to ask for the PIN.
> That is because ssh has no mechanism to tell the ssh-agent (in this case
> gpg-agent) the DISPLAY or tty to use for pinentry. This the pinentry
> pops up on the tty or X server gpg-agent was initially started.
>
> Running
>
> gpg-connect-agent updatestartuptty /bye
>
> on your current tty tells gpg-agent to updates its default tty and
> DISPLAY to the one where you run gpg-connect-agent. ssh will then work
> again. After you switch back to another terminal you need to do the
> same.
>
> I have to use it always when I move from my standalone laptop to the
> Xserver connected to that laptop. It is a bit annoying and the only
> clean solution would be to enance the the ssh-agent protocol and
> implement that in both, ssh and gpg-agent.
One option could be to add that snippet of code...
gpg-connect-agent updatestartuptty /bye
to your /.bashrc/ (or equivalent) file. At the very least it might reduce the
number of times you would have to enter it manually.
Another option could be to create a script which calls gpg-connect-agent first
then calls SSH. Something like this:
$cat ~/bin/ssh
#!/usr/bin/env bash
gpg-connect-agent updatestartuptty /bye &>/dev/null
/usr/bin/ssh "$@"
--
Thank you for your time.
-Brian Saia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180129/cc17f2ce/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180129/cc17f2ce/attachment.sig>
More information about the Gnupg-users
mailing list