On Sat, Jul 5, 2014 at 11:42 PM, Chris Stankevitz <chrisstankev...@gmail.com> wrote: > On Sat, Jul 5, 2014 at 7:57 PM, Rich Freeman <ri...@gentoo.org> wrote: >> In any case, I suspect that gpg-agent is actually serving passwords to >> openssh, so the file you want is ~/.gnupg/gpg-agent.conf - it probably >> contains the line "pinentry-program /usr/bin/pinentry". If you trust >> all your X clients you can set the option no-grab in the file which >> will probably allow copy/paste/etc to work with the entry window. > > Rich, > > Thank you, I will give that a shot. FYI I discovered: > > declare -x GPG_AGENT_INFO="/tmp/gpg-2uVMfE/S.gpg-agent:26095:1" > > When I unset this env variable, ssh stopped trying to use pinentry to > acquire my passphrase. However, I still do not understand how that > variable got set or how/why ssh behaves differently when it is set.
You might want to read up on ssh-agent/gpg-agent in general to understand what its for. The short version is that these programs are designed to cache the password for your ssh/gpg private keys so that if you repeatedly use gpg or ssh you don't have to type it every time. If an agent isn't running ssh/gpg will just prompt for a key each time, and forget it when the program terminates. If the agent is running then this environment variable is used to communicate that to ssh/gpg and then the program asks the agent for the key, and it prompts you to enter it if it isn't cached. They are designed to be secure (run in locked memory, etc). Typically they are launched from a bash profile, or an X11 startup script. KDE/Gnome look like they have it in their default scripts. Just grep -r gpg-agent /etc and you'll find where it is being loaded if you didn't add them to your own startup scripts in /home. Using gpg-agent is considered a best practice in general, so I wouldn't go getting rid of it unless it is really causing you problems. You haven't mentioned what issue you're actually having with it/pinentry/etc. Rich
