Disable gnome from asking passphrase in GUI when using ssh and gpg from terminal
Solution 1
SSH and GPG use so-called "agents" to cache decrypted private keys, so that users don't have to enter their pass phrases all the time. By default they use the program pinentry
to this purpose.
Before we continue let's make sure that an example for a command-line pin entry program is available on your system. In Ubuntu's repository we have pinentry-curses
(since forever) and pinentry-tty
(since Xenial) but they're not installed by default. You can get it from the package of the same name:
sudo apt install pinentry-curses
Setting a different pin entry program
You can adjust the program used for pin entry by either:
-
(per-user) Setting
pinentry-program
in your~/.gnupg/gpg-agent.conf
to a command-line pin entry program, e. g.:pinentry-program /usr/bin/pinentry-curses
You need to either restart the agent or have it reload its configuration:
gpg-connect-agent <<< RELOADAGENT
-
(system-wide) In all common Linux distributions including Ubuntu the default
pinentry
program is actually a symbolic link to the actual pin entry program. The target of this symbolic link is managed by theupdate-alternatives
system. You can use it to change the link target to a command-line pin entry program:sudo update-alternatives --config pinentry
Choosing the pin entry program based on the availability of a terminal
The disadvantage of both of these methods is that you won't be able to use a command-line pin entry if SSH or GPG are invoked from a program running without a terminal, e. g. a graphical SFTP client or a mail user agent. A better way would be to use the graphical pin entry program only when an X server is available and a terminal is unavailable. To this purpose we'll need a small wrapper script that analyses the environment before deferring to the right pin entry program.
Let's assume we have the following executable shell script at ~/.local/bin/my-smart-pinentry
:
#!/bin/sh
set -eu
# Configuration -- adjust these to your liking
PINENTRY_TERMINAL='/usr/bin/pinentry-curses'
PINENTRY_X11='/usr/bin/pinentry-x11'
# Action happens below!
if [ -n "${DISPLAY-}" -a -z "${TERM-}" ]; then
exec "$PINENTRY_X11" "$@"
else
exec "$PINENTRY_TERMINAL" "$@"
fi
To use this wrapper as the pin entry "program" you can use the per-user method mentioned above. You can also add it to the update-alternatives
database.
Solution 2
If anyone will find this question while using newer version like I do then there is much simpler solution. At least the one which works for me with GPG v2.2.19 in (K)ubuntu 20.04 LTS Focal. All I had to add was just --pinentry-mode loopback
and it started to ask for a password in TTY. I didn't have to install anything. For example:
gpg --pinentry-mode loopback --export-secret-keys -a | less
Related videos on Youtube
Starx
Updated on September 18, 2022Comments
-
Starx over 1 year
Ever since I installed Ubuntu Desktop 16.10 Gnome(previously I had 15.10), I have been annoyed with the fact that whenever I try to add an SSH key or import a GPG key using terminal a GUI popup box pops up asking for the passphrase.
With SSH, I work around this issue by starting a new agent on the terminal and then trying to add the key. And finally, it asks me for the passphrase in TTY or not a GUI.
With GPG I just started learning it, so not sure how to workaround.
Is there a way I can disable this and make them ask for the passphrase in TTY when accessed from TTY?
I have read the answers in this question and but it is about ubuntu 12.04 and the top two answers didn't work for me.
-
muru over 7 yearsWhat about the last answer? askubuntu.com/a/806006/158442
-
David Foerster over 7 years@guntbert: OP doesn't want to disable the SSH and/or GPG agent(s). He wants the password dialogue to appear on the terminal instead of in a new X window when the application requesting SSH/GPG key access is running insidea terminal application.
-
David Foerster over 7 years
-
DrBeco over 6 yearsFor a simple gpg decript command use
gpg --pinentry-mode loopback -d criptedfile.txt.gpg -o file.txt
and it will ask passphrase in the command line. No need to reconfigure. -
Thomas Ward over 2 yearsSo, what you're asking is, "How do I disable the GUI prompts and only make it ask in the shell/TTY directly without using any GUI agents?
-