Pinentry fails with gpg-agent and SSH

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

I'm running Fedora 22. I'm trying to setup GnuPG to have my SSH
connections authenticated using my PGP authentication subkey that is
located on my Yubikey Neo.

I have a systemd unit starting the gpg-agent as following:


    /usr/bin/gpg-agent --homedir=%h/.gnupg --daemon --use-standard-socket


And I have enabled SSH support in the configuration:


    enable-ssh-support
    pinentry-program /usr/bin/pinentry-gtk


Other parts of the setup include adding the [keygrip][1] of my key to
the ~/.gnupg/sshcontrol file, adding my [public key][2] to the remote
host and declaring the [environment variables][3].

Globally looking at the various logs the setup wants to work, I can
see that SSH is finding the key but actually failing to sign with it.
If I look at the logs from gpg-agent, I can see that it is failing to
launch the pinentry program and therefore, no requesting for the PIN
code:


    2015-07-22 23:23:28 gpg-agent[6758] DBG: error calling pinentry:
Ioctl() inappropriate for a device <Pinentry>
    2015-07-22 23:23:28 gpg-agent[6758] DBG: chan_8 -> BYE
    2015-07-22 23:23:28 gpg-agent[6758] DBG: chan_7 -> CAN
    2015-07-22 23:23:28 gpg-agent[6758] DBG: chan_7 <- ERR 100663573
The IPC call was canceled <SCD>
    2015-07-22 23:23:28 gpg-agent[6758] smartcard signing failed:
Ioctl() inappropriate for a device
    2015-07-22 23:23:28 gpg-agent[6758] ssh sign request failed:
Ioctl() inappropriate for a device <Pinentry>


What we see here is that when used in combination with SSH, some ioctl
call is failing while calling pinentry. However if I run the
following:


    $ echo "Test" | gpg2 -s


The PIN window is popping up and it's all working fine.

Can you help me understand what's going on with this setup and SSH?


[1]: https://lists.gnupg.org/pipermail/gnupg-users/2012-July/045059.html
[2]: https://lists.gnupg.org/pipermail/gnupg-users/2012-July/045115.html
[3]: https://www.gnupg.org/documentation/manuals/gnupg/Agent-Examples.html#Agent-Examples

___
Jimmy THRASIBULE <thrasibule.jimmy@xxxxxxxxx>
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux