Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

gpg-agent forwarding: inappropriate ioctl for device

Tags:

gpg-agent

I'm trying to setup gpg-agent forwarding in order to use pass (https://www.passwordstore.org) via ssh.

gpg version 2.2.9 both on local and remote hosts, installed by instructions: https://gist.github.com/vt0r/a2f8c0bcb1400131ff51

On local machine

$HOME/.gnupg/gpg-agent.conf

extra-socket /home/mickey/.gnupg/S.gpg-agent.remote

Reload agent

echo RELOADAGENT | gpg-connect-agent

Export public key

gpg --export -a mickey > mickey.gpg

Sign test data

echo "test" | gpg2 --encrypt -r mickey > out.gpg

Send public key and signed data

scp *.gpg REMOTE_HOST:

Create ssh session with reverse forwarding

ssh -R /run/user/1002/gnupg/S.gpg-agent:/home/mickey/.gnupg/S.gpg-agent.remote -o "StreamLocalBindUnlink=yes" REMOTE_HOST

On remote machine

Import public key

gpg --import mickey.gpg

Trust this key ultimately

gpg --edit-key mickey

trust 5 quit

Try to decrypt

gpg --decrypt -v out.gpg

Output 
gpg: public key is FED6243A3325C554 gpg: connection to agent is in restricted mode gpg: using subkey FED6243A3325C554 instead of primary key 9E2ED69A02554504 gpg: using subkey FED6243A3325C554 instead of primary key 9E2ED69A02554504 gpg: encrypted with 2048-bit RSA key, ID FED6243A3325C554, created 2018-07-23       "mickey" gpg: public key decryption failed: Inappropriate ioctl for device gpg: decryption failed: No secret key

So, agent socket forwarding is working, seems there are some problems with pinentry program. Could not find anything that worked for me in google.

UPD

Tried to add pinentry-program /usr/bin/pinentry-tty to gpg-agent.conf, new error:

gpg: public key decryption failed: Invalid IPC response gpg: decryption failed: No secret key
like image 750
Michael Zaikin Avatar asked Jul 24 '18 17:07

Michael Zaikin

People also ask

What is inappropriate ioctl for device?

ANSWER: “inappropriate ioctl for device” is the error string for the ENOTTY error. It used to be triggerred primarily by attempts to configure terminal properties (e.g. echo mode) on a file descriptor that was no terminal (but, say, a regular file), hence ENOTTY.

What is GPG agent?

gpg-agent is a daemon to manage secret (private) keys independently from any protocol. It is used as a backend for gpg and gpgsm as well as for a couple of other utilities. The agent is automatically started on demand by gpg , gpgsm , gpgconf , or gpg-connect-agent .

2 Answers

It happens when GPG is confused where to read input from. Simply configuring it to look for input from tty (the terminal connected to standard input) fixes it:

export GPG_TTY=$(tty)
like image 175
user787267 Avatar answered Sep 18 '22 06:09

user787267

This method does not work when you are inside an LXC container. Instead, add this to ~/.gnupg/gpg.conf:

use-agent  pinentry-mode loopback

Then add this to ~/.gnupg/gpg-agent.conf

allow-loopback-pinentry

Then restart the agent with echo RELOADAGENT | gpg-connect-agent.

(source)

like image 39
Gaia Avatar answered Sep 20 '22 06:09

Gaia
Sign in to Comment

Related questions

Signing git commits on macOS keeps asking for passphrase
Avoiding problems with gpg-agent when running from scripts - gpg2
Purpose of gpg-agent in gpg2
Signing commits with Git doesn't ask for my passphrase
gpg-agent not found for homebrew
Disable enter passphrase for each commit
Subversion HTTPS password caching using GPG-Agent?
How do I install and use gpg-agent on Windows?
gpg: error reading symlink '/proc/curproc/file': No such file or directory

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!