[libvirt] [PATCH] Pass GPG_TTY env var to the ssh binary
Martin Kletzander
mkletzan at redhat.com
Fri Nov 25 15:22:21 UTC 2016
On Mon, Nov 14, 2016 at 11:13:22AM +0100, Guilhem Moulin wrote:
>Hi Daniel,
>
>On Mon, 14 Nov 2016 at 10:02:55 +0000, Daniel P. Berrange wrote:
>> On Sat, Nov 12, 2016 at 02:19:37PM +0100, Guido Günther wrote:
>>> This came in via the Debian BTS:
>>>
>>> http://bugs.debian.org/43863
>>
>> This seems to be the wrong bug number.
>
>Yup, it's #843863 actually: http://bugs.debian.org/843863
>
>> Can you explain what functional effect a GPG setting has on SSH ?!?!?!?
>
>Quoting myself from the Debian bug #843863:
>
> gpg-agent(1) can emulate the OpenSSH Agent protocol (which provides
> pubkey-authentication using an authentication-capable OpenPGP key,
> in addition to the usual identity files). However for a
> console-based password prompt (such as pinentry-curses) to work, the
> ‘GPG_TTY’ environment variable needs to be set to the current TTY.
>
> Using gpg-agent's ssh-agent implementation is currently not possible
> for SSH remote URIs, because the environment is cleaned before
> calling the ssh(1) binary. The enclosed patches adds ‘GPG_TTY’ to
> the list of environment variables passed to the child.
>
Yeah, I use it as well, without GPG_TTY it fallbacks. We need to pass
it together with SSH_AUTH_SOCK and others.
From me it's an ACK if you fix the bug number.
>Cheers,
>--
>Guilhem.
>--
>libvir-list mailing list
>libvir-list at redhat.com
>https://www.redhat.com/mailman/listinfo/libvir-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20161125/3af9c1b5/attachment-0001.sig>
More information about the libvir-list
mailing list