| 1 |
On 06/07/2014 03:41, Chris Stankevitz wrote: |
| 2 |
> I am trying to ssh into a site using PKI. I have a private key in my |
| 3 |
> .ssh directory that requires a passphrase. |
| 4 |
> |
| 5 |
> ssh is asking me for my passphrase using a terrible program called |
| 6 |
> "pinentry". It's terrible for a bunch of reasons, and if you are |
| 7 |
> interested you can just google "pinentry sucks". |
| 8 |
> |
| 9 |
> pinentry is on my system because it is a dependency of gpg. gpg is on |
| 10 |
> my system because I use thunderbird with +crypt (which is the |
| 11 |
> default). |
| 12 |
> |
| 13 |
> Question: |
| 14 |
> |
| 15 |
> By what mechanism does ssh know to use the program "pinentry" to |
| 16 |
> acquire my passphrase? |
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
Why not do the obvious thing instead? |
| 21 |
|
| 22 |
Run keychain and have it unlock your keys *once* when the workstation |
| 23 |
boots up. ssh then always uses that key as it is unlocked. |
| 24 |
|
| 25 |
I also have pinentry here, for the same reasons you do, and keychain |
| 26 |
renders it never needing to run |
| 27 |
|
| 28 |
|
| 29 |
-- |
| 30 |
Alan McKinnon |
| 31 |
alan.mckinnon@×××××.com |
Archives