From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id C02E313877A for ; Sun, 6 Jul 2014 20:33:52 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B31C5E0871; Sun, 6 Jul 2014 20:33:47 +0000 (UTC) Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com [209.85.212.178]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 8F83EE086B for ; Sun, 6 Jul 2014 20:33:46 +0000 (UTC) Received: by mail-wi0-f178.google.com with SMTP id n15so5739064wiw.11 for ; Sun, 06 Jul 2014 13:33:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=G/fvQeRSI9zrhqijMJAv+FqbeTfJewk+41c8O+FS21k=; b=e2CwbVh7Q41ux4P8t7QwO726ZbBPxAxQBIaMupHWduE/37+1y7L42hxMy2evAuoYae ++/6PGZT77teXC6u5vguvNa0AP9b23Bf3BsMnPCezOg+dR8JCmzuFupludLkjL6X7yhb fTBoJcFXBHPtpcRFAiCDf0u6+/LGJsx97aKthZUchiZ+Hvw628q+Us327cEkfE4Nei4A nDVtvrAHAa/uRCkz5y/6Xymz+HLb5vgl625uXOdZSV97pQX0eyQj+qfAvXPccMxVHqsV r8/Oo/ev76YfmTRlsH2UMxyeI9LluNnU4cjek5vkyfm8MD01HetGZ4L5vtoCBsPVX5/Z asGw== X-Received: by 10.180.211.36 with SMTP id mz4mr70290025wic.20.1404678825247; Sun, 06 Jul 2014 13:33:45 -0700 (PDT) Received: from [172.20.0.41] (105-237-170-243.access.mtnbusiness.co.za. [105.237.170.243]) by mx.google.com with ESMTPSA id cd1sm84664436wjc.19.2014.07.06.13.33.43 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 06 Jul 2014 13:33:44 -0700 (PDT) Message-ID: <53B9B279.2070509@gmail.com> Date: Sun, 06 Jul 2014 22:32:57 +0200 From: Alan McKinnon User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] How does ssh know to use "pinentry"? References: In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Archives-Salt: ad735b5a-79e2-46f5-baa8-eab0c5c1a56d X-Archives-Hash: 99921c2c3ad17df2475550459f1e4870 On 06/07/2014 03:41, Chris Stankevitz wrote: > I am trying to ssh into a site using PKI. I have a private key in my > .ssh directory that requires a passphrase. > > ssh is asking me for my passphrase using a terrible program called > "pinentry". It's terrible for a bunch of reasons, and if you are > interested you can just google "pinentry sucks". > > pinentry is on my system because it is a dependency of gpg. gpg is on > my system because I use thunderbird with +crypt (which is the > default). > > Question: > > By what mechanism does ssh know to use the program "pinentry" to > acquire my passphrase? Why not do the obvious thing instead? Run keychain and have it unlock your keys *once* when the workstation boots up. ssh then always uses that key as it is unlocked. I also have pinentry here, for the same reasons you do, and keychain renders it never needing to run -- Alan McKinnon alan.mckinnon@gmail.com