{"id":5596,"date":"2018-03-22T16:09:03","date_gmt":"2018-03-22T14:09:03","guid":{"rendered":"http:\/\/mummila.net\/kommentit\/?p=5596"},"modified":"2018-03-22T16:09:03","modified_gmt":"2018-03-22T14:09:03","slug":"graphical-prompt-pinentry-gnome3-invoked-even-when-connected-via-ssh","status":"publish","type":"post","link":"https:\/\/mummila.net\/kommentit\/2018\/03\/22\/graphical-prompt-pinentry-gnome3-invoked-even-when-connected-via-ssh\/","title":{"rendered":"Graphical prompt (pinentry-gnome3) invoked even when connected via ssh"},"content":{"rendered":"

When I’m connected to my desktop computer via ssh, with the desktop computer’s desktop environment running and unlocked, trying to decrypt a gpg-encrypted file causes gpg-agent to invoke pinentry-gnome3 on the desktop. Assuming I’m physically elsewhere, I’m obviously unable to use the prompt on the desktop to enter the passphrase.<\/p>\n

This happens despite both pinentry-tty and pinentry-curses being present on the desktop (in addition to pinentry-gnome3), and having GPG_TTY point to the correct tty (export GPG_TTY=$(tty)). Under these circumstances I’d expect gpg-agent to gracefully fall back to non-graphical alternatives.<\/p>\n

Granted, I’ve so far only simulated being physically elsewhere by first ssh’ing out of the desktop, then back in again from the other end. If gpg-agent is using some kind of magic to detect that in reality I’m still physically on the desktop, then this report is invalid (although I’d still feel uneasy about such magic).<\/p>\n

== Steps to reproduce ==
\n1. log in to desktop computer A
\n2. use another computer B to ssh in to the desktop computer
\n3. still physically on B, invoke `gpg -d encrypted.gpg` on A (over ssh)<\/p>\n

== What happens ==
\nGraphical passphrase prompt pops up on A, while your ssh terminal on B waits<\/p>\n

== What I expect to happen ==
\nFor a non-graphical passphrase prompt (such as pinentry-tty or pinentry-curses) to appear on B’s ssh terminal<\/p>\n","protected":false},"excerpt":{"rendered":"

Being physically elsewhere, I’m unable to enter the passphrase. I’d expect gpg-agent to gracefully fall back to non-graphical alternatives.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8860],"tags":[3408],"class_list":["post-5596","post","type-post","status-publish","format-standard","hentry","category-vianhallintajarjestelmat","tag-gnupg","sijainti-launchpad"],"_links":{"self":[{"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/posts\/5596","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/comments?post=5596"}],"version-history":[{"count":1,"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/posts\/5596\/revisions"}],"predecessor-version":[{"id":5597,"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/posts\/5596\/revisions\/5597"}],"wp:attachment":[{"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/media?parent=5596"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/categories?post=5596"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/tags?post=5596"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}