Help getting gtk or qt pinentry dialog forwarded over ssh connection
Arjun
arjunkc at gmail.com
Mon Jan 24 22:17:40 CET 2022
Hi Werner
I do know that I need to enable ssh X11 forwarding, and have tested it with ForwardX11 and ForwardX11Trusted
on (-X and -Y on the command line). Unfortunately, pin entry always defaults to tty. I fully trust the machine (it's mine). xfd does say "no font to display".
In fact, if I ssh in, and run
/usr/bin/pinentry-gtk-2
getpin
I do get an X11 window to type my pin into. When I type in
getinfo ttyinfo
it does say "gtk-2". However, the logs I attached say that when I run
gpg --decrypt ...
The GETINFO flavor command on pinentry gives
gtk2:curses
This is the reason I'm seeing a curses pinentry when I try to gpg --decrypt something. I don't know how to get my gpg-agent to give me an X11 pinentry.
Best
Arjun
Quoting Werner Koch (2022-01-24 12:19:09)
> On Sun, 23 Jan 2022 21:12, Arjun said:
>
> > I have GPG_TTY=$(tty) set in my .bashrc. However, when I ssh in
> >
> > ssh remote
>
> By default ssh does not allow X forwarding. You need to use an extra
> option to ssh to allow X programs on the remote to work on your (local)
> X-server.
>
> A quick test is to run "xfd" If it runs and tells you no "no font to
> display" you can run X programs (like pinentry-gtk) on the remote box.
>
> If you do not fully trust the remote machine (and only then you should
> use X forwarding), you may still use gpg/gpgsm on the remote box: See
>
> https://wiki.gnupg.org/AgentForwarding
>
>
> Salam-Shalom,
>
> Werner
>
>
> --
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list