Disable gnome from asking passphrase in GUI when using ssh and gpg from terminal

SSH and GPG use so-called "agents" to cache decrypted private keys, so that users don't have to enter their pass phrases all the time. By default they use the program pinentry to this purpose.

Before we continue let's make sure that an example for a command-line pin entry program is available on your system. In Ubuntu's repository we have pinentry-curses (since forever) and pinentry-tty (since Xenial) but they're not installed by default. You can get it from the package of the same name:

sudo apt install pinentry-curses

Setting a different pin entry program

You can adjust the program used for pin entry by either:

  • (per-user) Setting pinentry-program in your ~/.gnupg/gpg-agent.conf to a command-line pin entry program, e. g.:

    pinentry-program /usr/bin/pinentry-curses
    

    You need to either restart the agent or have it reload its configuration:

    gpg-connect-agent <<< RELOADAGENT
    
  • (system-wide) In all common Linux distributions including Ubuntu the default pinentry program is actually a symbolic link to the actual pin entry program. The target of this symbolic link is managed by the update-alternatives system. You can use it to change the link target to a command-line pin entry program:

    sudo update-alternatives --config pinentry
    

Choosing the pin entry program based on the availability of a terminal

The disadvantage of both of these methods is that you won't be able to use a command-line pin entry if SSH or GPG are invoked from a program running without a terminal, e. g. a graphical SFTP client or a mail user agent. A better way would be to use the graphical pin entry program only when an X server is available and a terminal is unavailable. To this purpose we'll need a small wrapper script that analyses the environment before deferring to the right pin entry program.

Let's assume we have the following executable shell script at ~/.local/bin/my-smart-pinentry:

#!/bin/sh
set -eu

# Configuration -- adjust these to your liking
PINENTRY_TERMINAL='/usr/bin/pinentry-curses'
PINENTRY_X11='/usr/bin/pinentry-x11'

# Action happens below!
if [ -n "${DISPLAY-}" -a -z "${TERM-}" ]; then
    exec "$PINENTRY_X11" "$@"
else
    exec "$PINENTRY_TERMINAL" "$@"
fi

To use this wrapper as the pin entry "program" you can use the per-user method mentioned above. You can also add it to the update-alternatives database.