From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 50DC713877A for ; Sun, 6 Jul 2014 10:26:09 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 50608E0805; Sun, 6 Jul 2014 10:26:01 +0000 (UTC) Received: from mail-vc0-f171.google.com (mail-vc0-f171.google.com [209.85.220.171]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 3CA8BE07D4 for ; Sun, 6 Jul 2014 10:26:00 +0000 (UTC) Received: by mail-vc0-f171.google.com with SMTP id id10so2884179vcb.16 for ; Sun, 06 Jul 2014 03:25:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=pUStXYXK7PGSi/jJwzUlrvSmrghddavCdFfflAP4Xt4=; b=dJtt3pf+6k3aGr7smGx/Uq2XhzOjM1bK2mo3w8Ifh2gxzw5W2wiVapvcg7B3dWj6rU Clp8kJJHCoN1GlhhckxozGDJiIhxc4cy8DbYHDkGQQUccWqSJ2uHLcew/1foZya+vY24 HP7lFWL2Yee5NGJanWwTezBEVxUBPmw7h7aJ4+KBmb5b3iI3rZSsI9QiE+hoMhjxSVvh EWIneVfVPHTgCBhF1jc206CyZQrWDNT6SO8XUMiPvF5wG4B0kjZibW0wxuKJHKalarvT i26eFOReKofCBSOLA7IlyXVz/ReRnAPeDu+gvZpazvFY/XWtSEIr4HERMnilUV6OTQLF lgwQ== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 X-Received: by 10.52.144.235 with SMTP id sp11mr1094786vdb.25.1404642359296; Sun, 06 Jul 2014 03:25:59 -0700 (PDT) Sender: freemanrich@gmail.com Received: by 10.52.72.19 with HTTP; Sun, 6 Jul 2014 03:25:59 -0700 (PDT) In-Reply-To: References: Date: Sun, 6 Jul 2014 06:25:59 -0400 X-Google-Sender-Auth: mhzaMJhnygehUny1klqCRr4ySLQ Message-ID: Subject: Re: [gentoo-user] How does ssh know to use "pinentry"? From: Rich Freeman To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset=UTF-8 X-Archives-Salt: 18308818-e3f8-4ce7-a9dc-f676bbaa5b78 X-Archives-Hash: fa19520403ec1ec10be2b46ebb64ba1e On Sat, Jul 5, 2014 at 11:42 PM, Chris Stankevitz wrote: > On Sat, Jul 5, 2014 at 7:57 PM, Rich Freeman wrote: >> In any case, I suspect that gpg-agent is actually serving passwords to >> openssh, so the file you want is ~/.gnupg/gpg-agent.conf - it probably >> contains the line "pinentry-program /usr/bin/pinentry". If you trust >> all your X clients you can set the option no-grab in the file which >> will probably allow copy/paste/etc to work with the entry window. > > Rich, > > Thank you, I will give that a shot. FYI I discovered: > > declare -x GPG_AGENT_INFO="/tmp/gpg-2uVMfE/S.gpg-agent:26095:1" > > When I unset this env variable, ssh stopped trying to use pinentry to > acquire my passphrase. However, I still do not understand how that > variable got set or how/why ssh behaves differently when it is set. You might want to read up on ssh-agent/gpg-agent in general to understand what its for. The short version is that these programs are designed to cache the password for your ssh/gpg private keys so that if you repeatedly use gpg or ssh you don't have to type it every time. If an agent isn't running ssh/gpg will just prompt for a key each time, and forget it when the program terminates. If the agent is running then this environment variable is used to communicate that to ssh/gpg and then the program asks the agent for the key, and it prompts you to enter it if it isn't cached. They are designed to be secure (run in locked memory, etc). Typically they are launched from a bash profile, or an X11 startup script. KDE/Gnome look like they have it in their default scripts. Just grep -r gpg-agent /etc and you'll find where it is being loaded if you didn't add them to your own startup scripts in /home. Using gpg-agent is considered a best practice in general, so I wouldn't go getting rid of it unless it is really causing you problems. You haven't mentioned what issue you're actually having with it/pinentry/etc. Rich