Re: Help getting gtk or qt pinentry dialog forwarded over ssh connection
On Sun, 23 Jan 2022 21:12, Arjun said: > I have GPG_TTY=$(tty) set in my .bashrc. However, when I ssh in > > ssh remote By default ssh does not allow X forwarding. You need to use an extra option to ssh to allow X programs on the remote to work on your (local) X-server. A quick test is to run "xfd" If it runs and tells you no "no font to display" you can run X programs (like pinentry-gtk) on the remote box. If you do not fully trust the remote machine (and only then you should use X forwarding), you may still use gpg/gpgsm on the remote box: See https://wiki.gnupg.org/AgentForwarding Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: pgp263iamulti06
Would you be able to suggest the version to use in "portable" mode? GnuPG 1.4, but I'd honestly prefer to run a bootable Linux distro. Portable apps are a monstrous security hazard if they're used on computers beyond your control. USB malware is a very real thing. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Help getting gtk or qt pinentry dialog forwarded over ssh connection
Hi I have a very basic gnupg setup on a remote server, with the following options set for the gpg-agent. Please cc me on the replies since I have not subscribed. #pinentry-program /usr/bin/pinentry-curses #pinentry-program /usr/bin/pinentry-tty #pinentry-program /usr/bin/pinentry-qt #pinentry-program /usr/bin/pinentry-x11 #pinentry-program /usr/bin/pinentry-gnome3 # i have tried all the above pinentry programs pinentry-program /usr/bin/pinentry-gtk-2 allow-loopback-pinentry default-cache-ttl 14400 max-cache-ttl 14400 debug-pinentry debug-level 1024 I have GPG_TTY=$(tty) set in my .bashrc. However, when I ssh in ssh remote gpg-connect-agent updatestartuptty /bye gpg --decrypt I always get a curses pinentry. My gnupg is version 2.2.12 on debian buster. Here is my log. https://pastebin.com/APTRTJ5c DBG: chan_9 -> OK Pleased to meet you, process 15072 DBG: chan_9 <- RESET DBG: chan_9 -> OK DBG: chan_9 <- OPTION ttyname=/dev/pts/1 DBG: chan_9 -> OK DBG: chan_9 <- OPTION ttytype=xterm-256color DBG: chan_9 -> OK DBG: chan_9 <- OPTION display=localhost:11.0 DBG: chan_9 -> OK DBG: chan_9 <- OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/b us DBG: chan_9 -> OK DBG: chan_9 <- OPTION lc-ctype=en_US.UTF-8 DBG: chan_9 -> OK DBG: chan_9 <- OPTION lc-messages=en_US.UTF-8 DBG: chan_9 -> OK DBG: chan_9 <- GETINFO version DBG: chan_9 -> D 2.2.12 DBG: chan_9 -> OK DBG: chan_9 <- OPTION allow-pinentry-notify DBG: chan_9 -> OK DBG: chan_9 <- OPTION agent-awareness=2.1.0 DBG: chan_9 -> OK DBG: chan_9 <- HAVEKEY DBG: chan_9 -> OK DBG: chan_9 <- SETKEY DBG: chan_9 -> OK DBG: chan_9 <- SETKEYDESC Please+enter+the+passphrase+to+unlock+the+OpenPGP+secr et+key: DBG: chan_9 -> OK DBG: chan_9 <- PKDECRYPT DBG: chan_9 -> S INQUIRE_MAXLEN 4096 DBG: chan_9 -> INQUIRE CIPHERTEXT DBG: chan_9 <- [ redacted ] DBG: chan_9 <- END DBG: keygrip: redacted DBG: cipher: redacted DBG: DBG: sed for 30m) DBG: DBG: ed cache key) ... DBG: Jan 23 21:03:04 mediaserver gpg-agent[15798]: starting a new PIN Entry DBG: chan_11 <- OK Pleased to meet you, process 15798 DBG: connection to PIN entry established DBG: chan_11 -> OPTION no-grab DBG: chan_11 <- OK DBG: chan_11 -> OPTION ttyname=/dev/pts/1 DBG: chan_11 <- OK DBG: chan_11 -> OPTION ttytype=xterm-256color DBG: chan_11 <- OK DBG: chan_11 -> OPTION lc-ctype=en_US.UTF-8 DBG: chan_11 <- OK DBG: chan_11 -> OPTION lc-messages=en_US.UTF-8 DBG: chan_11 <- OK DBG: chan_11 -> OPTION allow-external-password-cache DBG: chan_11 <- OK Pleased to meet you, process 15798 DBG: connection to PIN entry established DBG: chan_11 -> OPTION no-grab DBG: chan_11 <- OK DBG: chan_11 -> OPTION ttyname=/dev/pts/1
Re: pgp263iamulti06
from r...@sixdemonbag.org...: ... I wouldn't say "almost definitely" the way I do for DOS, but I'd still say I'd find it a disturbing possibility I'd want to investigate and rule out before I used PGP 2.6.3 in a UNIX environment. Thank you very much for your comments. Would you be able to suggest the version to use in "portable" mode? (a) under Linux? (b) under Windows? tia, PetRoh ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
