Pinentry fails with gpg-agent and SSH

Jimmy Thrasibule thrasibule.jimmy at gmail.com
Sun Jul 26 08:59:28 UTC 2015 

Hi,

I've found the answer on the [GPG Website][1] itself. The agent was
failing to find on which screen to display the Pinentry window. I just
had to put the following in my .*shrc file:


    echo "UPDATESTARTUPTTY" | gpg-connect-agent > /dev/null 2&>1


[1]: https://www.gnupg.org/documentation/manuals/gnupg/Common-Problems.html


__
Jimmy
___
Jimmy THRASIBULE <thrasibule.jimmy at gmail.com>


2015-07-22 23:41 GMT+02:00 Jimmy Thrasibule <thrasibule.jimmy at gmail.com>:
> Hello,
>
> I'm running Fedora 22. I'm trying to setup GnuPG to have my SSH
> connections authenticated using my PGP authentication subkey that is
> located on my Yubikey Neo.
>
> I have a systemd unit starting the gpg-agent as following:
>
>
>     /usr/bin/gpg-agent --homedir=%h/.gnupg --daemon --use-standard-socket
>
>
> And I have enabled SSH support in the configuration:
>
>
>     enable-ssh-support
>     pinentry-program /usr/bin/pinentry-gtk
>
>
> Other parts of the setup include adding the [keygrip][1] of my key to
> the ~/.gnupg/sshcontrol file, adding my [public key][2] to the remote
> host and declaring the [environment variables][3].
>
> Globally looking at the various logs the setup wants to work, I can
> see that SSH is finding the key but actually failing to sign with it.
> If I look at the logs from gpg-agent, I can see that it is failing to
> launch the pinentry program and therefore, no requesting for the PIN
> code:
>
>
>     2015-07-22 23:23:28 gpg-agent[6758] DBG: error calling pinentry:
> Ioctl() inappropriate for a device <Pinentry>
>     2015-07-22 23:23:28 gpg-agent[6758] DBG: chan_8 -> BYE
>     2015-07-22 23:23:28 gpg-agent[6758] DBG: chan_7 -> CAN
>     2015-07-22 23:23:28 gpg-agent[6758] DBG: chan_7 <- ERR 100663573
> The IPC call was canceled <SCD>
>     2015-07-22 23:23:28 gpg-agent[6758] smartcard signing failed:
> Ioctl() inappropriate for a device
>     2015-07-22 23:23:28 gpg-agent[6758] ssh sign request failed:
> Ioctl() inappropriate for a device <Pinentry>
>
>
> What we see here is that when used in combination with SSH, some ioctl
> call is failing while calling pinentry. However if I run the
> following:
>
>
>     $ echo "Test" | gpg2 -s
>
>
> The PIN window is popping up and it's all working fine.
>
> Can you help me understand what's going on with this setup and SSH?
>
>
> [1]: https://lists.gnupg.org/pipermail/gnupg-users/2012-July/045059.html
> [2]: https://lists.gnupg.org/pipermail/gnupg-users/2012-July/045115.html
> [3]: https://www.gnupg.org/documentation/manuals/gnupg/Agent-Examples.html#Agent-Examples
>
> ___
> Jimmy THRASIBULE <thrasibule.jimmy at gmail.com>

More information about the users mailing list