1
0
mirror of https://github.com/drduh/YubiKey-Guide.git synced 2024-12-23 00:48:57 +00:00

Merge pull request #140 from iMilnb/master

Added a fix for failing ssh / GUI pinentry
This commit is contained in:
drduh 2019-11-13 16:26:01 +00:00 committed by GitHub
commit eed8c3dd8c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -1580,7 +1580,7 @@ pinentry-program /usr/bin/pinentry-curses
**Important** The `cache-ttl` options do **NOT** apply when using a YubiKey as a smartcard as the PIN is [cached by the smartcard itself](https://dev.gnupg.org/T3362). Therefore, in order to clear the PIN from cache (smartcard equivalent to `default-cache-ttl` and `max-cache-ttl`), you need to unplug the YubiKey. **Important** The `cache-ttl` options do **NOT** apply when using a YubiKey as a smartcard as the PIN is [cached by the smartcard itself](https://dev.gnupg.org/T3362). Therefore, in order to clear the PIN from cache (smartcard equivalent to `default-cache-ttl` and `max-cache-ttl`), you need to unplug the YubiKey.
**Tip** Set `pinentry-program /usr/bin/pinentry-gnome3` for a GUI-based prompt. **Tip** Set `pinentry-program /usr/bin/pinentry-gnome3` for a GUI-based prompt. If the _pinentry_ graphical dialog doesn't show and you get this error: `sign_and_send_pubkey: signing failed: agent refused operation`, you probably need to install the `dbus-user-session` package and might have to restart the computer for the `dbus` user session to be fully inherited; this is because behind the scenes, `pinentry` complains about `No $DBUS_SESSION_BUS_ADDRESS found`, falls back to `curses` but doesn't find the expected `tty`.
On macOS, use `brew install pinentry-mac` and adjust the program path to suit. On macOS, use `brew install pinentry-mac` and adjust the program path to suit.