Hi Daniel, Yes, thanks, this absolutely did it! Sorry for not responding earlier — I had intended to write a follow-up blog post that addressed this question, along with that of forwarding the gpg-agent socket over SSH with `ssh -R` (so that you can use your local machine's GPG private keys in a remote session without having to manually copy them to another machine), but figuring out how to do all that with pinentry-curses has proven to be a real pickle.
So while I was originally going to wait until I'd finished that post and send it back your way (as a weird kind of thank-you?), I'm just gonna have to settle for actually saying “thank you” for the time being. So, thanks. —Ryan On 2017 Jun 30, Daniel Kahn Gillmor wrote: > Hi Ryan-- > > On Fri 2017-06-30 11:54:46 +0800, Ryan Lue wrote: > > But for some reason, it just doesn't work with `pinentry-curses`: SSH > > (GPG) key authentication fails silently, and the server falls back to > > password authentication. (I have made sure to set `$GPG_TTY`, so > > `pinentry-curses` works just fine for everything else, just not SSH > > authentication. For instance, I can `echo hello | gpg -s` and I'll get > > the pinentry password prompt in the terminal.) > > setting GPG_TTY only works for clients that know to interpret it and to > pass its value along to gpg-agent. > > when ssh is speaking to gpg-agent, it's using the ssh-agent protocol, > which has no mechanism for passing this info to the agent. > > as a result, the agent (which *isn't* running attached to the current > tty) can't tell pinentry which tty to use. > > have you tried doing this: > > GPG_TTY=$(tty) gpg-connect-agent updatestartuptty /bye > > from the current terminal before trying to use ssh? > > i consider this a workaround (which isn't satisfactory for easy everyday > use without better integration), but it's probably better than nothing. > > please let the list know if that workarund works for you! > > regards, > > --dkg _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
