# GPG over SSH with existing X session?

## Tatsh

I have had no luck attempting to use gpg while over SSH while having an existing session already running.

I have a headless server that has no X whatsoever and it always happily shows the GPG ncurses screen for a password. I want to get the same thing to happen on my primary desktop.

Something starts GPG as me (not root), because Thunderbird is able to see it and sign emails. Pinentry-gtk works fine.

Not using X over SSH, and I ssh in:

```
$ gpg -s

gpg: WARNING: server 'gpg-agent' is older than us (2.1.14 < 2.1.15)

gpg: using "1AFD9AFC120C26DD" as default secret key for signing

some text

gpg: signing failed: Inappropriate ioctl for device

�������(�w�!�����¯�2+��MU(I�(�gpg: signing failed: Inappropriate ioctl for device

```

Debug:

```
$ gpg --debug-all

gpg: reading options from '/home/tatsh/.gnupg/gpg.conf'

gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing cardio ipc clock lookup extprog

gpg: DBG: [not enabled in the source] start

gpg: Go ahead and type your message ...

gpg: DBG: iobuf-1.0: open '[stdin]' desc=file_filter(fd) fd=0

gpg: DBG: iobuf-1.0: underflow: buffer size: 8192; still buffered: 0 => space for 8192 bytes

gpg: DBG: iobuf-1.0: underflow: A->FILTER (8192 bytes)

jfjf

gpg: DBG: iobuf-1.0: A->FILTER() returned rc=0 (ok), read 5 bytes

gpg: DBG: armor-filter: control: 5

gpg: DBG: iobuf-1.1: push 'armor_filter'

gpg: DBG: armor-filter: control: 5

gpg: DBG: iobuf chain: 1.1 'armor_filter' filter_eof=0 start=0 len=0

gpg: DBG: iobuf chain: 1.0 'file_filter(fd)' filter_eof=0 start=0 len=5

gpg: DBG: armor-filter: control: 1

gpg: DBG: iobuf-1.1: underflow: buffer size: 8192; still buffered: 0 => space for 8192 bytes

gpg: DBG: iobuf-1.1: underflow: A->FILTER (8192 bytes)

gpg: DBG: armor-filter: control: 3

gpg: DBG: iobuf-1.0: underflow: buffer size: 8192; still buffered: 0 => space for 8192 bytes

gpg: DBG: iobuf-1.0: underflow: A->FILTER (8192 bytes)

gpg: DBG: iobuf-1.0: A->FILTER() returned rc=-1 (EOF), read 0 bytes

gpg: DBG: iobuf-1.0: underflow: buffer size: 8192; still buffered: 0 => space for 8192 bytes

gpg: DBG: iobuf-1.0: underflow: eof (pending eof)

gpg: DBG: iobuf-1.1: A->FILTER() returned rc=-1 (EOF), read 0 bytes

gpg: DBG: armor-filter: control: 2

gpg: no valid OpenPGP data found.

gpg: DBG: iobuf-1.1: pop in underflow (nothing buffered, got EOF)

gpg: DBG: iobuf chain: 1.0 '?' filter_eof=0 start=0 len=0

gpg: processing message failed: Unknown system error

gpg: DBG: iobuf-1.0: close '?'

gpg: DBG: [not enabled in the source] stop

gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0

              outmix=0 getlvl1=0/0 getlvl2=0/0

gpg: secmem usage: 0/65536 bytes in 0 blocks

```

```
$ env | egrep 'GPG|DISPLAY'

GPG_TTY=/dev/pts/2

```

----------

## Princess Nell

It isn't quite clear from your description what exactly your setup is and which commands are being run on one machine. It also looks like you're running 2.1, which I'm not familiar with yet.

```
$ gpg -s

gpg: WARNING: server 'gpg-agent' is older than us (2.1.14 < 2.1.15)

gpg: using "1AFD9AFC120C26DD" as default secret key for signing

some text

gpg: signing failed: Inappropriate ioctl for device

�������(�w�!�����¯�2+��MU(I�(�gpg: signing failed: Inappropriate ioctl for device 

```

GPG_TTY, or so is my understanding, needs to be correct for the current terminal session. If it gets inherited from a remote machine, it's probably wrong. In the above session, does the output of tty match the contents of GPG_TTY?

 *Quote:*   

> Something starts GPG as me (not root), because Thunderbird is able to see it and sign emails. Pinentry-gtk works fine. 

 

In an X session, gpg-agent is launched by whatever is starting the session. Without that, a temporary gpg-agent is launched by gpg itself.

----------

