YubiKey-Guide icon indicating copy to clipboard operation
YubiKey-Guide copied to clipboard
verified publisher icon drduh

Better SSH configuration

Open austinhaas opened this issue 4 years ago • 2 comments

Add to .ssh/config:

Match host * exec "gpg-connect-agent UPDATESTARTUPTTY /bye"

Don't add:

gpg-connect-agent updatestartuptty /bye > /dev/null

or

gpgconf --launch gpg-agent

to rc file.

This makes sure pinentry starts on the terminal that is executing the ssh command, not the one where gpg-agent was started, or whichever one you last ran gpg-connect-agent updatestartuptty /bye on. And then you don't need those other startup commands in your rc file, since gpg-connect-agent will run for every ssh command.

Reference: https://bugzilla.mindrot.org/show_bug.cgi?id=2824#c9

austinhaas avatar Dec 27 '21 22:12 austinhaas

Maybe I'm missing something?

gpg-connect-agent: no running gpg-agent - starting '/usr/bin/gpg-agent'
gpg-connect-agent: can't connect to the agent: Permission denied
gpg-connect-agent: error sending standard options: No agent running

drduh avatar Apr 09 '22 18:04 drduh

I found that having gpg-connect-agent updatestartuptty /bye > /dev/null in my ~/.bashrc and also having gpg-connect-agent updatestartuptty /bye > /dev/null in my ~/.ssh/config fixed the issue of the pinentry-ncurses showing up in the wrong terminal.

xanderdunn avatar Apr 20 '22 18:04 xanderdunn

I still haven't been able to get this working as described. If you'd like to include this in the guide as a troubleshooting tip, that would be welcome in a PR.

drduh avatar Dec 26 '22 22:12 drduh