You are not logged in.

#1 2021-01-03 12:26:17

tsdh
Member
From: Germany
Registered: 2014-01-07
Posts: 55

[SOLVED] pinentry password prompt broken inside tmux sessions

On some virtual server, several tools such as mbsync read their authentication data for GPG-encrypted files such as ~/.authinfo.gpg.  When accessing them first, gnupg will spawn the configured pinentry program to read my passphrase in order to decrypt the file.  That works fine in general but recently started failing and behaving weird when inside a tmux session.

A minimal recipe to trigger that is:

$ tmux # fire up a new tmux session
$ gpg --decrypt --for-your-eyes-only .authinfo.gpg # decrypt pgp encrypted file

When doing that, I get the ncurses pinentry prompt as usual.  After typing some characters of the password (or even just waiting a bit), tmux exits with [server exited unexpectedly] and I'm back at the non-tmux shell prompt. When I type there, it'll sometimes come out as the char I've type or as *, i.e., the password thingy is still active. When hitting RET, the password dialog re-appears. Typing again causes the same behavior.

When I hit RET followed by possibly "tmux a", I can get back into my tmux session where of course the gpg command has failed to read the password.

A screencast showing the issue is here: https://www.tsdh.org/tmux-gnupg-password-breakage.mp4

As said, the gpg command and password prompt works without issues when executing it at a tty directly, i.e., not inside tmux.  The broken behavior also stays the same when using pinentry-tty instead of pinentry-curses.

This problem started occurring very recently, so it's probably caused by some package update.  The server runs an up-to-date Arch install with pinentry 1.1.0-5, gnupg 2.2.25-1, and tmux 3.1_c-1.

Last edited by tsdh (2021-01-05 15:18:58)

Offline

#2 2021-01-03 17:42:21

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 29,148
Website

Re: [SOLVED] pinentry password prompt broken inside tmux sessions

What is the TERM in tmux? And what other environment variables are set in those sessions?


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#3 2021-01-03 18:10:59

tsdh
Member
From: Germany
Registered: 2014-01-07
Posts: 55

Re: [SOLVED] pinentry password prompt broken inside tmux sessions

Output of env after ssh-ing into the machine with no tmux session started (IP addresses redacted):

CVS_RSH=ssh
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
EDITOR=et
GPG_TTY=/dev/pts/0
HG=/usr/bin/hg
HOME=/home/horn
LANG=en_US.UTF-8
LOGNAME=horn
MAIL=/var/spool/mail/horn
MOTD_SHOWN=pam
MOZ_DBUS_REMOTE=1
MOZ_ENABLE_WAYLAND=1
PATH=/home/horn/.local/bin:/home/horn/bin:/home/horn/Repos/utils:/home/horn/.cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl
PWD=/home/horn
RUST_SRC_PATH=/home/horn/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/src
SHELL=/bin/fish
SHLVL=1
SSH_AUTH_SOCK=/home/horn/.gnupg/S.gpg-agent.ssh
SSH_CLIENT=111.111.111.111 43354 22
SSH_CONNECTION=111.111.111.111 43354 222.222.222.222 22
SSH_TTY=/dev/pts/0
STARSHIP_SESSION_KEY=knxqwb6MTgjx1y6D
STARSHIP_SHELL=fish
TERM=alacritty
TERMINAL=alacritty
USER=horn
VISUAL=ec
XDG_RUNTIME_DIR=/run/user/1000
XDG_SESSION_CLASS=user
XDG_SESSION_ID=4
XDG_SESSION_TYPE=tty
_JAVA_AWT_WM_NONREPARENTING=1

env output in a fresh tmux session:

CVS_RSH=ssh
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
EDITOR=et
GPG_TTY=/dev/pts/0
HG=/usr/bin/hg
HOME=/home/horn
LANG=en_US.UTF-8
LOGNAME=horn
MAIL=/var/spool/mail/horn
MOTD_SHOWN=pam
MOZ_DBUS_REMOTE=1
MOZ_ENABLE_WAYLAND=1
PATH=/home/horn/.local/bin:/home/horn/bin:/home/horn/Repos/utils:/home/horn/.cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl
PWD=/home/horn
RUST_SRC_PATH=/home/horn/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/src
SHELL=/bin/fish
SHLVL=2
SSH_AUTH_SOCK=/home/horn/.gnupg/S.gpg-agent.ssh
SSH_CLIENT=111.111.111.111 43354 22
SSH_CONNECTION=111.111.111.111 43354 222.222.222.222 22
SSH_TTY=/dev/pts/0
STARSHIP_SESSION_KEY=9J5ol4eIfgA7LFRU
STARSHIP_SHELL=fish
TERM=screen-256color
TERMINAL=alacritty
TMUX=/tmp/tmux-1000/default,7116,0
TMUX_PANE=%0
USER=horn
VISUAL=ec
XDG_RUNTIME_DIR=/run/user/1000
XDG_SESSION_CLASS=user
XDG_SESSION_ID=4
XDG_SESSION_TYPE=tty
_JAVA_AWT_WM_NONREPARENTING=1

Offline

#4 2021-01-03 20:43:00

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 29,148
Website

Re: [SOLVED] pinentry password prompt broken inside tmux sessions

I can't reproduce: tmux 3.1_c-1 gnupg 2.2.25-1 My term is tmux-256-color


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#5 2021-01-04 17:10:01

tsdh
Member
From: Germany
Registered: 2014-01-07
Posts: 55

Re: [SOLVED] pinentry password prompt broken inside tmux sessions

I've created a ~/.tmux.conf with

set -g default-terminal "tmux-256color"

and then TERM is set to that value (like yours), but still the problem persists...

Offline

#6 2021-01-04 18:02:20

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 29,148
Website

Re: [SOLVED] pinentry password prompt broken inside tmux sessions

And if you run ssh in a plain bash session (without fish/starship etc)? Otherwise, I cant see anything obvious.


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#7 2021-01-04 18:52:40

tsdh
Member
From: Germany
Registered: 2014-01-07
Posts: 55

Re: [SOLVED] pinentry password prompt broken inside tmux sessions

Even when I start bash instead of fish locally, ssh to the virtual server (which starts fish), start bash there, invoke tmux (which starts fish), start bash in the tmux session, and then do the command spawning the pinentry prompt, I get the very same problem. :-(

Offline

#8 2021-01-04 18:56:28

tsdh
Member
From: Germany
Registered: 2014-01-07
Posts: 55

Re: [SOLVED] pinentry password prompt broken inside tmux sessions

Oh, I have a workaround!  When I use mosh instead of ssh, it works as expected (or as it has worked before).  So it might actually be a problem with openssh 8.4p1-2?

Offline

#9 2021-01-04 19:21:08

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 29,148
Website

Re: [SOLVED] pinentry password prompt broken inside tmux sessions

I'm running the same version, and it works fine. Change the shell on your server to make sure it is not fish related.


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#10 2021-01-04 20:48:00

tsdh
Member
From: Germany
Registered: 2014-01-07
Posts: 55

Re: [SOLVED] pinentry password prompt broken inside tmux sessions

Hm, indeed, the pinentry prompt also works fine when changing my login shell to bash on the server.  I'll check if it also works when just disabling starship tomorrow.  (But I'm sure it did work for a long time with both fish and starship but of course it is possible that some update broke it.)

Offline

#11 2021-01-04 20:50:57

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 17,582

Re: [SOLVED] pinentry password prompt broken inside tmux sessions

Just to add more information,  When at my system, running tmux in a bash shell in a terminal window, I get a normal popup pineenry dialog.   Today, at work, I ssh in and run tmux and the dialog pops up as an tui style.  Here, $TERM == 'screen'


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#12 2021-01-05 06:06:39

tsdh
Member
From: Germany
Registered: 2014-01-07
Posts: 55

Re: [SOLVED] pinentry password prompt broken inside tmux sessions

@ewaller: Yes, pinentry usually chooses between TUI (pinentry-tty) and popup-style (pinentry-curses) depending on availability and configuration.  Both fail for me in the same way when using my normal fish-as-login-shell configuration.

@jasonwryan: I have tried disabling the starship prompt but that didn't help either.  So it might be some issue with fish (which apparently is only a problem for ssh but not mosh).  I think I'll ask on the fish mailing list.  Thanks a lot for your help!

Offline

#13 2021-01-05 15:15:10

tsdh
Member
From: Germany
Registered: 2014-01-07
Posts: 55

Re: [SOLVED] pinentry password prompt broken inside tmux sessions

I finally found the culprit.  I used to setup the GnuPG agent in ~/.profile including the lines:

GPG_TTY=$(tty)
export GPG_TTY

So after ssh-ing, it was set to /dev/pts/0.  My fish config ensures that ~/.profile isn't sourced more than once so that I don't get duplicates in PATH and friends.  So when starting tmux, tty would return /dev/pts/1 but GPG_TTY was still /dev/pts/0.

I have no clue why it worked with bash (or when connecting with mosh instead of ssh), but now I re-set GPG_TTY to the current tty in my ~/.config/fish/config.fish and pinentry works again.

Offline

Board footer

Powered by FluxBB