Why exactly does pinentry fails with gpg-agent and ssh support?
Doron Behar
doron.behar at gmail.com
Sun Jan 21 17:41:54 CET 2018
Hello everyone,
I've recently encountered the problem explained in item #3 here:
https://www.gnupg.org/documentation/manuals/gnupg/Common-Problems.html
and I would like to discuss it.
I use the `systemd` user service provided with Arch Linux and it's
`ExecStart` is:
/usr/bin/gpg-agent --supervised
I followed the recommended instructions on the official website and on
the Arch Linux's wiki
(https://wiki.archlinux.org/index.php/GnuPG#SSH_agent)
I also read the following bugs / threads:
https://unix.stackexchange.com/questions/217737/pinentry-fails-with-gpg-agent-and-ssh
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851440
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854376
As far as I understand, because I use `systemd`'s user service, whenever
I want to unlock an authentication key I need to run the command
`gpg-connect-agent updatestartuptty /bye`.
## My question is this:
The official documentation says:
> SSH has no way to tell the gpg-agent what terminal or X display it is
> running on. So when remotely logging into a box where a gpg-agent with
> SSH support is running, the pinentry will get popped up on whatever
> display the gpg-agent has been started.
Perhaps it would be possible to create some kind of feature request /
patch / merge request for ssh and enabling users to run this command
before connecting to an ssh server?
BTW I encountered a stackoverflow question on the subject that raises
the same problem:
https://stackoverflow.com/questions/32574142/can-i-set-up-a-before-hook-on-certain-ssh-hosts
More information about the Gnupg-users
mailing list