pinentry ERROR curses.isatty

[hellesvik]

Running Arch Linux, installed ssh-tpm-agent via pacman

I am able to use this successfully without PIN.
However, with a ssh key with a PIN, I try to clone a private, git repo, ssh-tpm-agent throws this error:

agent 13: pinentry: unexpected response: \"S ERROR curses.isatty 83918950 \"

[izvyk]

The same error for me.
Arch linux, ssh-tpm-agent version 0.3.1-1 installed with pacman.

[Foxboron]

I have been unable to reproduce this issue. More details would be appreciated.

[izvyk]

Originally I set it up as explained here, with systemd units. I successfully generated the key pair and added it to the agent. It reported one identity saved. But ssh [email protected], showed me an error saying that agent refused operation. systemctl --user status ssh-tpm-agent.service showed the aforementioned error in the log.
I use fish shell.

I've just tried it anew with just bash and completely empty .ssh folder without any success. Now it seems like it cannot connect to the daemon properly (ssh-add -L reports an identity, but ssh-add -D just halts, so I'm unable to remove that identity). ssh-tpm-keygen --import id_ecdsa is successful though. So ssh [email protected] shows Permission denied (publickey).

Probably I'm missing something or doing something wrong.

[Foxboron]

I'm somewhat certain this is because it's using /usr/bin/pinentry-curses or /usr/bin/pinentry-tty instead of a reasonable GUI alternative.

I suspect however that moving this to the ssh askpass binary would be a better move.

[kniteli]

Also on arch and I had the same problem (actually endeavouros, so I'm on kde). I solved it by uncommenting a line referencing qt in /etc/pinentry/preexec. After that everything worked as expected.

That file is eventually sourced in the /usr/bin/pinentry script, which falls back to curses if you don't have gtk2 available and haven't set up that preexec. I noticed that script will pull from your user config if available so here's probably the most appropriate way to handle this (at least until askpass is sorted out):

mkdir -p "$XDG_CONFIG_HOME/pinentry"
cat /etc/pinentry/preexec  >  "$XDG_CONFIG_HOME/pinentry/preexec"
exec "$EDITOR" "$XDG_CONFIG_HOME/pinentry/preexec" #<-- uncomment one of the two lines in that file

I agree that askpass is the correct tool for this, as depending on a gui as part of a cli-only tool at best limiting on the off chance you need it and actually don't have a wm/desktop.

[Foxboron]

I've written an askpass implementation, but I havent pushed the code to switch all the prompts as it needs a bit more testing.

582683a