[pkg-gnupg-maint] Bug#845565: Bug#845565: anything outside the X session

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Dec 6 01:53:36 UTC 2016


Hi Adam, Julien--

On Mon 2016-12-05 18:23:14 -0500, Adam Borowski wrote:
> Same if you have a running X session but try to sign from the console;
> killing the gpg-agent doesn't help.

Please see https://bugs.debian.org/842015 for a very lengthy discussion
of this issue.  I think this is the same thing, so i'm inclined to merge
it in with that bug report (and the other three bug reports already
merged there).

The issue is:

 a) user has a graphical session
 
 b) gpg-agent is running, and knows it is associated with that session

 c) user connects to the same machine over SSH, and shares part of that
    session (e.g. via dbus-user-session), and asks the agent for use of
    secret key material.

 d) if the agent already has the passphrase cached, it continues on its
    way.  if not, the agent needs to prompt the user, so it asks
    pinentry to do that job.

 e) depending on the pinentry installed, pinentry can prompt the user
    via one of three different ways, all of which are passed by gpg to
    gpg-agent via environment variables:
    
      * the terminal in use ($GPG_TTY)
      * the X11 display connected to ($DISPLAY)
      * the d-bus session ($DBUS_SESSION_BUS_ADDRESS)

 f) in the event that the prompting is done via d-bus (pinentry-gnome3's
    default), the prompt is displayed in the graphical session, because
    there is exactly one graphical session in use.


in the scenario where the user only has access to the ssh session,
prompting graphically doesn't help.  however, if the GNOME graphical
session is locked, or the user is not logged in on the graphical
console, then the prompting falls back to the terminal in use.

So I think the problem you're describing is only happening when:

 0) pinentry-gnome3 is the default pinentry on the system, and

 1) dbus-user-session is installed and configured, and

 2) the user is logged into the system via ssh, and

 3) the user is *also* logged into the graphical console, and

 4) the graphical console is not screenlocked.


This is an worrisome way to operate the agent, since it grants access to
your keys to anyone sitting at the unlocked console, but i understand
that it is something that happens in some cases.  Does this describe
your use case, or is there something different?

     --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20161205/b0c9e527/attachment.sig>


More information about the pkg-gnupg-maint mailing list