1 |
On 06/07/2014 03:41, Chris Stankevitz wrote: |
2 |
> I am trying to ssh into a site using PKI. I have a private key in my |
3 |
> .ssh directory that requires a passphrase. |
4 |
> |
5 |
> ssh is asking me for my passphrase using a terrible program called |
6 |
> "pinentry". It's terrible for a bunch of reasons, and if you are |
7 |
> interested you can just google "pinentry sucks". |
8 |
> |
9 |
> pinentry is on my system because it is a dependency of gpg. gpg is on |
10 |
> my system because I use thunderbird with +crypt (which is the |
11 |
> default). |
12 |
> |
13 |
> Question: |
14 |
> |
15 |
> By what mechanism does ssh know to use the program "pinentry" to |
16 |
> acquire my passphrase? |
17 |
|
18 |
|
19 |
|
20 |
Why not do the obvious thing instead? |
21 |
|
22 |
Run keychain and have it unlock your keys *once* when the workstation |
23 |
boots up. ssh then always uses that key as it is unlocked. |
24 |
|
25 |
I also have pinentry here, for the same reasons you do, and keychain |
26 |
renders it never needing to run |
27 |
|
28 |
|
29 |
-- |
30 |
Alan McKinnon |
31 |
alan.mckinnon@×××××.com |