I use gpg-agent
for managing both PGP e SSH identities. The agent is started with a script like this
gpg_agent_env="$XDG_CACHE_HOME/gpg-agent.env"
export GPG_TTY="$(tty)"
if ! ps -U "$USER" -o ucomm | grep -q gpg-agent; then
eval "$({gpg-agent --daemon | tee $gpg_agent_env} 2> /dev/null)"
else
source "$gpg_agent_env" 2> /dev/null
fi
which is sourced whenever I run an interactive shell.
Everything works fine with this setup but there is an issue. Let's say I:
- open a terminal (launching the agent in background) and start working
- after a while open a second terminal
- do an action that requires entering a passphrase in the second terminal
At this point gpg-agent
will start pinentry-curses
prompting a passphrase but it will do this in the first terminal which results in its output mixed with whatever was running (usually a text editor) with no way to resume the program or stop pinentry (it starts using 100% cpu and I have to kill it).
I must be doing something wrong here. Anyone has experienced this?
Update:
I figured out this happens only for a prompt to unlock an SSH key, which looks like this,
while prompts for PGP keys always open on the correct (i.e. current) tty.
Best Answer
The gpg-agent man page explains under the option
--enable-ssh-support
that the ssh agent protocol is not able to provide the name of the tty to the agent, so it defaults to using the original terminal it was started in. Before running the ssh command that requires a passphrase in a new terminal you need to typein the new terminal to update the agent's view of which tty or display to use.