tl;dr: The path for
Now, I had a feeling that since Jessie’s dotfiles are mainly for Debian there might be issues, but I had no idea what it was causing this problem.
~ ❯❯❯ ssh firstname.lastname@example.org
gpg-connect-agent: no running gpg-agent - starting '/usr/local/Cellar/gnupg/2.2.10/bin/gpg-agent'
gpg-connect-agent: waiting for the agent to come up ... (5s)
gpg-connect-agent: connection to agent established
sign_and_send_pubkey: signing failed: agent refused operation
Permission denied (publickey).
Note: She has this awesome bit to add to your
.bashrcwhich makes sure the agent is running before someone runs
ssh. One of many things I copied from her dotfiles
# add alias for ssh to update the tty alias ssh="gpg-connect-agent updatestartuptty /bye >/dev/null; ssh"
What people recommended online from that error was that my key wasn’t getting unlocked and so just doing a simple gpg encrypt/decrypt would fix things. But I’d already tried that and got errors like this:
~ ❯❯❯ echo "test message string" | gpg --encrypt --armor --recipient $KEY_ID | pbcopy
~ ❯❯❯ gpg -d --armor
-----BEGIN PGP MESSAGE-----
-----END PGP MESSAGE-----
gpg: encrypted with 4096-bit RSA key, ID 0xB4D1EC0E456EEAC5, created 2018-10-18
"Chris Portela <email@example.com>"
gpg: public key decryption failed: No pinentry
gpg: decryption failed: No secret key
gpg: signal Interrupt caught ... exiting
But, what caught my eye was
No pinentry. How is that possible? I’d followed the guide and was previously using
pinentry-curses at the end of the guide to make sure I’d done everything correctly. I had switched to using
pinentry-mac, which I’d been having issues getting to actually be used, but I figured it wasn’t that big a deal.
Here was my config for
The problem is that path there was for where
pinentry would be if I were in Linux, but thanks to SIP on macOS Homebrew installs everything in
local/ to the path made everything work again after I ran this command to reload the agent.
gpg-connect-agent reloadagent /bye
Another good way to figure out the path is to use
which and copy the path it gives you
which pinentry-mac | pbcopy
Hope this helped
As usual, I saw this issue everywhere, but very few people “solving” the issue. Many times it’s that
ssh-agent is running at the same time as
gpg-agent, but in my case it was a bad