When forwarding my gpg-agent to a remote server I am able to see the my private key listed. Even though I unlocked my key locally I still need to unlock it on the remote machine.
However when I try to unlock on the remote machine it sends a pinentry to my local machine.
When using pinentry-tty or pinentry-curses I am unable to enter my password.
It has some strange behaviour that it receives some keystrokes and some are even shown as plain text.
pinentry --version
pinentry-curses (pinentry) 1.1.0
Local
gpg --version
gpg (GnuPG) 2.2.27
Remote
gpg --version
gpg (GnuPG) 2.2.12
These are my local config files:
gpg-agent.conf
extra-socket /run/users/1000/gnupg/S.gpg-agent.extra
pinentry-program /usr/bin/pinentry-curses
ssh.config
Host remote
HostName <ip-address>
User <username>
RemoteForward /run/users/1000/gnupg/S.gpg-agent /run/users/1000/gnupg/S.gpg-agent.extra
Also on the remote server I added StreamLocalBindUnlink to /etc/ssh/sshd_config.
To 'force' pinentry to show up on a certain terminal locally I had to use the command
gpg-connect-agent updatestartuptty /bye
As soon as I try to sign something on the remote server I get the following screen on my local terminal
┌────────────────────────────────────────────────────────────────┐
│ Note: Request from a remote site. │
│ │
│ Please enter the passphrase to unlock the OpenPGP secret key: │
│ "username <email>" │
│ 256-bit EDDSA key, ID 1234567890, │
│ created 2021-01-01. │
│ │
│ │
│ Passphrase: __________________________________________________ │
│ │
│ <OK> <Cancel> │
└────────────────────────────────────────────────────────────────┘
When I try to enter my password I get the following:
┌────────────────────────────────────────────────────────────────┐
│ Note: Request from a remote site. │
│ │
│ Please enter the passphrase to unlock the OpenPGP secret key: │
│ "username <email>" │
│ 256-bit EDDSA key, ID 1234567890, │
│ created 2021-01-01. │
│ │
│ │
│ Passphrase: *elo w**wd ____________________________________ │
│ │
│ <OK> <Cancel> │
└────────────────────────────────────────────────────────────────┘
When I close out of pinentry I can see part of the plain text on the command line
> elo wd
Same behaviour when I use pinentry-tty.
On my local machine I run Arch Linux but also the same behaviour exists on macos.
For my terminal emulator I use simple terminal and iterm2 respectively.
The remote machine runs Debian Buster.
I would like to keep using pinentry-tty or pinentry-curses.
Also would it be possible to 'unlock' my gpg private key locally and have that forwarded to remote instead of having to unlock it on the remote server?
Edit:
Seems the exact same thing has been asked over 4 years ago!
Intermingled input when using local gpg-agent from remote site
With no answer, unfortunately.
