From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 7169013877A for ; Sun, 6 Jul 2014 19:10:11 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id F1A34E083A; Sun, 6 Jul 2014 19:10:04 +0000 (UTC) Received: from mail-wg0-f51.google.com (mail-wg0-f51.google.com [74.125.82.51]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id BE006E0835 for ; Sun, 6 Jul 2014 19:10:03 +0000 (UTC) Received: by mail-wg0-f51.google.com with SMTP id x12so3393068wgg.22 for ; Sun, 06 Jul 2014 12:10:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:reply-to:to:subject:date:user-agent:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=sJb8x7Ro6hCzRu0hES68UdGnx6tEuUwmTdzwgSv2XFc=; b=Vnx1d0rtdAwgslmJPrio9UNf/Yjhe6q2ZswmQzhHI+8TKHUNHPCo9PoIbf/lxX5hYN XxpjB8/4Y8eqdbQ7mmcGLU/Glqcs6JRxIk1B1oIz5mk9Q0hvKEmBLzsYExlBLQcYwdJA vwRK4YdkDdHaGX9Di2or3k/MImQXkxdnIa3Xp3dvb34MtSUa+c9PatKl473M5VzZd+us eDnDVK1xvUgaljmyw8JxPRb8uXK3WPEGwdO5Jdg93KtNgVSLGC4CFWQz3GWefZW6pWzs KTevuh3a+QecPSAWyVmLgG49KfnG4euNJbN5dicYQ5u9q6hsNmj0Z4oz3McITJ5pHo+H tLsg== X-Received: by 10.181.13.137 with SMTP id ey9mr55042235wid.57.1404673802410; Sun, 06 Jul 2014 12:10:02 -0700 (PDT) Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230]) by mx.google.com with ESMTPSA id ey16sm106026764wid.14.2014.07.06.12.10.00 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 06 Jul 2014 12:10:00 -0700 (PDT) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] How does ssh know to use "pinentry"? Date: Sun, 6 Jul 2014 20:09:19 +0100 User-Agent: KMail/1.13.7 (Linux/3.12.21-gentoo-r1; KDE/4.12.5; x86_64; ; ) References: In-Reply-To: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1842083.kHT8Vp0oTR"; protocol="application/pgp-signature"; micalg=pgp-sha256 Content-Transfer-Encoding: 7bit Message-Id: <201407062009.36913.michaelkintzios@gmail.com> X-Archives-Salt: 3981ba30-e3e1-4b8c-be4d-9a0fa9c5854c X-Archives-Hash: f467673d8cb6bd31a53191b42a794ab8 --nextPart1842083.kHT8Vp0oTR Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Sunday 06 Jul 2014 16:29:03 Chris Stankevitz wrote: > On Sun, Jul 6, 2014 at 3:25 AM, Rich Freeman wrote: > > Typically they are launched from a bash profile, or an X11 startup > > script. KDE/Gnome look like they have it in their default scripts. > > Just grep -r gpg-agent /etc and you'll find where it is being loaded > > if you didn't add them to your own startup scripts in /home. >=20 > Rich, >=20 > Thank you again. My bash history shows ssh-agent being executed in > the past, but I'm still not sure where gpg-agent came from. ssh-agent and gpg-agent are part of ssh and gnupg: $ qfile /usr/bin/gpg-agent app-crypt/gnupg (/usr/bin/gpg-agent) They are usually started by the Desktop Environment startup scripts. I start gpg-agent using ~/.xsession: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D if [ -x /usr/bin/gpg-agent ]; then kill $(ps ux | awk '/gpg-agent/ && !/awk/ {print $2}') >/dev/null 2= >&1 fi if [ -x /usr/bin/gpg-agent ]; then eval "$(/usr/bin/gpg-agent --daemon)" fi =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > Using gpg-agent is considered a best practice in general, so I > > wouldn't go getting rid of it unless it is really causing you > > problems. You haven't mentioned what issue you're actually having > > with it/pinentry/etc. >=20 > FYI pinentry frustrates me because: >=20 > 1. pinentry-gtk and pinentry-qt do not allow me to "paste" my > passphrase. My passphrase is difficult to type. I keep my passphrase > in keepass. >=20 > 2. Supposedly pinentry-curses will let me paste; however, > pinentry-curses doesn't work. > https://www.gnupg.org/documentation/manuals/gnupg/Common-Problems.html > suggests that my problem is a misconfigured GPG_TTY environment > variable. At this point though I'm not even interested in using it > anymore. Interesting - I don't seem to have a GPG_TTY environment variable set up=20 either: $ echo $GPG_TTY $ > At the moment pinentry is no longer installed on my system so these > "problems" should be gone. If/when I understand what is going on, > I'll reinstall them. >=20 > FYI I removed pinentry with: >=20 > tail /etc/portage/package.use > # 2014-07-05 Avoid pinentry > dev-vcs/git -gpg > mail-client/thunderbird -crypt >=20 > tail /etc/portage/package.mask > # 2014-07-05 Avoid password entry program that disallows paste > app-crypt/pinentry I think that the idea of keeping your passphrase in the clipboard is frowne= d=20 upon for security reasons. Not only because of any potential memory leaks,= =20 but because you may inadvertently paste it in GUI fields/areas you were not= =20 meant to: Only a couple of days ago a friend ended up pasting his passphrase on an IM= =20 client for all to see, as he was trying to login into a system ... O_O =2D-=20 Regards, Mick --nextPart1842083.kHT8Vp0oTR Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAABCAAGBQJTuZ7wAAoJELAdA+zwE4Ye6NcH/jIb/R8qiXyMpkmBQF5bQilP cazEmk4UOZ6BQ9gjgbXfcY8R0VXy/aSExFOPU/K0/lfblbBU9YVwXeeJD/KqyeY1 S7pJFTRGggRYaBQn+da9rif2Cxc0shKWODDqM3SXzcowM409q16o6mAnePARv2Kp uJDBV9XwVAuMGJv5EGp6Oz2hVSKduifw4Ds+6GiY26xsJrQHfDS+k3HLBGy9BQ6T w5LRu9h6zggyr6l1CjHOvUvMLx9kowzEdVgSv9TYTWYFWeslqSdeEWtouWg4Fefz V/3JE1djvuTrxTKmi394VHvhn96nezaqG3Qzp+7tcVnEw0xq134P0gr9hoEldWA= =ueS3 -----END PGP SIGNATURE----- --nextPart1842083.kHT8Vp0oTR--