gpg 2.1 gpg-agent over ssh
Ximin Luo
infinity0 at pwned.gg
Sat Mar 28 12:42:49 CET 2015
(back to the list)
No, it doesn't solve it. :(
I am not sure why you think it would solve it... the man page says "Treat input files as text and store them in the OpenPGP canonical text form " which does not have anything to do with X or the lack of it or tty and consoles.
X
On 27/03/15 14:09, Jim Hansson wrote:
> does not using --textmode solve the non-X case?
> But should not the normal case when no DISPLAY variable is defined be --textmode, I think so, this sounds more looks like you have some weird setup, I will try to replicate it tonight.
>
>
> On Fri, Mar 27, 2015 at 1:01 PM, Ximin Luo <infinity0 at pwned.gg <mailto:infinity0 at pwned.gg>> wrote:
>
> On 27/03/15 11:38, Ximin Luo wrote:
> > When running gpg 2.1.2 over SSH with a secret-key operation, the gpg in the ssh client appears to hang.
> >
> > What is actually happening is that the gpg-agent it's connecting to, is running a pinentry that's associated with the display on the desktop session the *gpg-agent* is attached to, rather than the ssh client, and there's no way for the ssh user to reach this.
> >
> > $ pgrep -a gpg-agent
> > 17902 gpg-agent --homedir /home/infinity0/.gnupg --use-standard-socket --daemon
> > $ kill -HUP 17902 # flush all secret keys
> > $ pgrep -af pinentry
> > (exit 1)
> >
> > $ gpg2 -as <<EOF
> > test
> > EOF
> >
> > ^C
> > gpg: signal Interrupt caught ... exiting
> >
> > (exit 130)
> > (exit 130)
> > $ pgrep -af pinentry
> > 22048
> > # this process sticks around and you need to kill it manually
> >
>
> What's worse - if you don't kill this process, subsequent attempts to use secret-key operations (even from the desktop session!) fail because I guess gpg-agent queues up pinentry operations, and it's waiting on this one.
>
> This wouldn't be obvious to most users.
>
> > But physically going back to the desktop session doesn't show a pinentry popup, for some reason.
> >
> > It's unclear the best way to solve this. Thoughts?
> >
>
> A workaround is to use `ssh -X`. I'm not sure if this translates into a solution for the original non-X case.
>
> X
>
> --
> GPG: 4096R/1318EFAC5FBBDBCE
> git://github.com/infinity0/pubkeys.git <http://github.com/infinity0/pubkeys.git>
>
>
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org <mailto:Gnupg-devel at gnupg.org>
> http://lists.gnupg.org/mailman/listinfo/gnupg-devel
>
>
>
>
> --
> // Jim Hansson
> // Tel: 0722019664
> // http://se.linkedin.com/in/jimhansson
> // ===== GPG =====
> // key: 9AA942ED
> // Fingerprint: 6947 5F70 7D4E D55D FCE2
> // 3A1E 0C21 D543 9AA9 42ED
> // ===============
--
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150328/d5a0e351/attachment.sig>
More information about the Gnupg-devel
mailing list