Blast you, PinEntry!!!

Following a recent update to my Gentoo installation at work, I found myself pestered by PinEntry acting as my new SSH Authentication Agent. Formerly, I used the normal ssh-agent, as it’s console only and doesn’t steal focus on the terminal window I’m currently working in.

 

Popups Must Die

A quick look at the process-list shows why:

gillespiem@kovacs2 ~ $ ps axu | grep gpg-agent
30847 ?        Ss     0:00 gpg-agent –daemon –enable-ssh-support –write-env-file /home/gillespiem/.cache/gpg-agent-info

 

The GPG-Agent is being run with the –enable-ssh-support flag. Here’s how you can turn it off if you’re using XFCE4:

The script /etc/xdg/xfce4/xinitrc handles chosing the correct authentication agent at line 129:

129 # launch gpg-agent or ssh-agent if enabled.
130 ssh_agent_enabled=`xfconf-query -c xfce4-session -p /startup/ssh-agent/enabled 2> /dev/null`
131 if test “$ssh_agent_enabled” != “false”; then
132     # if the user has pam_ssh installed, it will start ssh-agent for us, but
133     # of course won’t start gpg-agent.  so, if ssh-agent is already running,
134     # but we want gpg-agent (and that’s not running yet) start gpg-agent
135     # without ssh support
136
137     ssh_agent_type=`xfconf-query -c xfce4-session -p /startup/ssh-agent/type 2> /dev/null`
138     if test -z “$ssh_agent_type”; then
139         if which gpg-agent >/dev/null 2>&1; then
140             ssh_agent_type=gpg-agent
141         else
142             ssh_agent_type=ssh-agent
143         fi
144     fi

To pass the first test (line 130), set ssh-agent to be enabled by running this (it only needs to be run once):

xfconf-query -n -t bool -c xfce4-session  -p /startup/ssh-agent/enabled -s true

To pass the second test (line 137), set /startup/ssh-agent/type to … well, pretty much anything will do, as it only tests that it’s a non-zero length string – I’m setting it to “ssh-agent”:

xfconf-query -n -t string -c xfce4-session  -p /startup/ssh-agent/type -s ssh-agent

If you’re currently in XFCE4, kill gpg-agent and restart XFCE. You’ll find when you return, ssh-agent will act as your SSH Authentication Agent, and gpg-agent will handle GPG specific transactions.

2 thoughts on “Blast you, PinEntry!!!”

  1. Hmm — you didn’t actually read the code, did ya?

    You don’t need the first xfconf-query — the test is against “!= false”, so as long as it isn’t positively set to false, you’ll pass the test.

    Then you do actually need the second line set to ssh-agent — sure, to skip the test you need anything, but that value is later used to test whether to actually start ssh-agent. If you set it to x, the script won’t start ssh-agent.

  2. Oh, snap. Yeah, you’re right. No, I didn’t fully read the code – just skimmed it. Good catch.

Leave a Reply

Your email address will not be published. Required fields are marked *