Disable gnome from asking passphrase in GUI when using ssh and gpg from terminal

command-line ssh gnome gnupg 16.10

SSH and GPG use so-called "agents" to cache decrypted private keys, so that users don't have to enter their pass phrases all the time. By default they use the program pinentry to this purpose.

Before we continue let's make sure that an example for a command-line pin entry program is available on your system. In Ubuntu's repository we have pinentry-curses (since forever) and pinentry-tty (since Xenial) but they're not installed by default. You can get it from the package of the same name:

sudo apt install pinentry-curses

Setting a different pin entry program

You can adjust the program used for pin entry by either:

  • (per-user) Setting pinentry-program in your ~/.gnupg/gpg-agent.conf to a command-line pin entry program, e. g.:

    pinentry-program /usr/bin/pinentry-curses

    You need to either restart the agent or have it reload its configuration:

    gpg-connect-agent <<< RELOADAGENT

  • (system-wide) In all common Linux distributions including Ubuntu the default pinentry program is actually a symbolic link to the actual pin entry program. The target of this symbolic link is managed by the update-alternatives system. You can use it to change the link target to a command-line pin entry program:

    sudo update-alternatives --config pinentry

Choosing the pin entry program based on the availability of a terminal

The disadvantage of both of these methods is that you won't be able to use a command-line pin entry if SSH or GPG are invoked from a program running without a terminal, e. g. a graphical SFTP client or a mail user agent. A better way would be to use the graphical pin entry program only when an X server is available and a terminal is unavailable. To this purpose we'll need a small wrapper script that analyses the environment before deferring to the right pin entry program.

Let's assume we have the following executable shell script at ~/.local/bin/my-smart-pinentry:

#!/bin/sh
set -eu

# Configuration -- adjust these to your liking
PINENTRY_TERMINAL='/usr/bin/pinentry-curses'
PINENTRY_X11='/usr/bin/pinentry-x11'

# Action happens below!
if [ -n "${DISPLAY-}" -a -z "${TERM-}" ]; then
    exec "$PINENTRY_X11" "$@"
else
    exec "$PINENTRY_TERMINAL" "$@"
fi

To use this wrapper as the pin entry "program" you can use the per-user method mentioned above. You can also add it to the update-alternatives database.

Related

No input and output sound device. Can't Install Pulseaudio after deletion
Install TP-link TL-WN725N USB wifi driver on Ubuntu 20.04
How do you convert a time.struct_time object into a datetime object?
Automatically open Chrome developer tools when new tab/new window is opened
How to replace multiple patterns at once with sed?
JSON encode MySQL results
jQuery UI: Datepicker set year range dropdown to 100 years
Recommended way to get hostname in Java
How to get only the last part of a path in Python?
How to force a html5 form validation without submitting it via jQuery
Eclipse says: “Workspace in use or cannot be created, chose a different one.” How do I unlock a workspace?
Resolve conflicts using remote changes when pulling from Git remote