From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id D590513877A for ; Mon, 7 Jul 2014 08:06:48 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A13A9E089D; Mon, 7 Jul 2014 08:06:42 +0000 (UTC) Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com [209.85.212.178]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 75693E0810 for ; Mon, 7 Jul 2014 08:06:41 +0000 (UTC) Received: by mail-wi0-f178.google.com with SMTP id n15so6211891wiw.17 for ; Mon, 07 Jul 2014 01:06:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=df2pQa/iDb4LKPZBgR/nboiQ7L/9uaV5nDyCH57fnOs=; b=m5wx2DNIOEuDwQMJKUZgOTnUZoBN3Tc6qHEQZXYjrHl8ldWpleroK1ZTMTGUyOWQ6q /zMoqsXDfzlmo9MPyd7I0+m+eY9533HNBJXvUZlGt5OcWBZPuI33nH8G61tKyOMRW9ul x75OUVUuK3GuL1FGzlJikl7nVklcVyIvToi9ct97Wq7WXt3JU4zPvdKh2xR85Z/LCNS4 T199gyxRfr37X6xTangWiCH/h913lOoDela9axHiqOQ+kxW5reo+ojnrnZ6YN/hD6k8l 2zdY7u9OVBRRj7fCHpKz8c0t03uo6CX3nzbRZZw60kcJeUl21ECWzptJLUayNWJjjUT/ rtPw== X-Received: by 10.180.91.81 with SMTP id cc17mr73418262wib.17.1404720399848; Mon, 07 Jul 2014 01:06:39 -0700 (PDT) Received: from [192.168.1.44] ([41.85.145.17]) by mx.google.com with ESMTPSA id wu6sm87770838wjb.46.2014.07.07.01.06.38 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 07 Jul 2014 01:06:39 -0700 (PDT) Message-ID: <53BA54DF.8040802@gmail.com> Date: Mon, 07 Jul 2014 10:05:51 +0200 From: Alan McKinnon User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] How does ssh know to use "pinentry"? References: <53B9B279.2070509@gmail.com> In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Archives-Salt: 61da9509-1b08-4143-aadd-d55aca7296b0 X-Archives-Hash: f5fc755c54640bd814c6332da0e92c2c On 07/07/2014 02:40, Chris Stankevitz wrote: > On Sun, Jul 6, 2014 at 1:32 PM, Alan McKinnon wrote: >> Why not do the obvious thing instead? >> >> Run keychain and have it unlock your keys *once* when the workstation >> boots up. ssh then always uses that key as it is unlocked. > > Alan, > > Thank you. FYI, I do not have a problem typing my password 100 times > per day. The only problem I have with "pinentry" is that it doesn't > let me paste. Does keychain allow me to paste? If so, I'll consider > it. However, now that I have killed pinentry from my system I am > happily pasting my passphrase into the ssh console. keychain is a regular terminal app, so paste will always work. On a side note, I always recommend people use a key agent unless there is absolutely no need for one: - typing the same passphrase repeatedly becomes tedious - the largest attack surface for passwords is not cryptographic weaknesses, it's over-the-shoulder attacks (aka shoulder surfing or monitor whoring). It's when people watch what you type over your shoulder, and after entering it for the fifth time most folks stop making sure everyone else in the room is looking away > On another note, from my OP, I am still curious how the ssh software > knows to use /usr/bin/pinentry to fetch my passphrase. In a follow-up > post, I discovered that this mechanism only works if an environment > variable called GPG_AGENT_INFO is set. I doubt the ssh source code > contains the string "/usr/bin/pinentry" or "GPG_AGENT_INFO". I'm not sure how that stuff works (I suspect the presence of magic) :-) I really should read up more about it, considering what kind of software it is. -- Alan McKinnon alan.mckinnon@gmail.com