Pinentry fails with gpg-agent and SSH

Jimmy Thrasibule thrasibule.jimmy at
Wed Jul 22 21:41:55 UTC 2015


I'm running Fedora 22. I'm trying to setup GnuPG to have my SSH
connections authenticated using my PGP authentication subkey that is
located on my Yubikey Neo.

I have a systemd unit starting the gpg-agent as following:

    /usr/bin/gpg-agent --homedir=%h/.gnupg --daemon --use-standard-socket

And I have enabled SSH support in the configuration:

    pinentry-program /usr/bin/pinentry-gtk

Other parts of the setup include adding the [keygrip][1] of my key to
the ~/.gnupg/sshcontrol file, adding my [public key][2] to the remote
host and declaring the [environment variables][3].

Globally looking at the various logs the setup wants to work, I can
see that SSH is finding the key but actually failing to sign with it.
If I look at the logs from gpg-agent, I can see that it is failing to
launch the pinentry program and therefore, no requesting for the PIN

    2015-07-22 23:23:28 gpg-agent[6758] DBG: error calling pinentry:
Ioctl() inappropriate for a device <Pinentry>
    2015-07-22 23:23:28 gpg-agent[6758] DBG: chan_8 -> BYE
    2015-07-22 23:23:28 gpg-agent[6758] DBG: chan_7 -> CAN
    2015-07-22 23:23:28 gpg-agent[6758] DBG: chan_7 <- ERR 100663573
The IPC call was canceled <SCD>
    2015-07-22 23:23:28 gpg-agent[6758] smartcard signing failed:
Ioctl() inappropriate for a device
    2015-07-22 23:23:28 gpg-agent[6758] ssh sign request failed:
Ioctl() inappropriate for a device <Pinentry>

What we see here is that when used in combination with SSH, some ioctl
call is failing while calling pinentry. However if I run the

    $ echo "Test" | gpg2 -s

The PIN window is popping up and it's all working fine.

Can you help me understand what's going on with this setup and SSH?


Jimmy THRASIBULE <thrasibule.jimmy at>

More information about the users mailing list