[opensuse] [opensuse-factory] gpg over ssh: decryption failed: No secret key

newer
[opensuse] who was saying openSUSE...

older
[opensuse] oSC16 - Organizing Team...

Edwin Aponte

21 Mar 2016 21 Mar '16

16:24

Hi, If I try to decrypt a file through an ssh connection (from Ubuntu 12.04) to OS Tumbleweed, I get: gpg --require-secmem -d foo.gpg gpg: AES256 encrypted data gpg: cancelled by user gpg: encrypted with 1 passphrase gpg: decryption failed: No secret key but at no moment I am asked for the password. Previously, I just got a password request in "text format". Has any one seen something similar? Thanks, Edwin. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Show replies by date

John Andersen

21 Mar 21 Mar

17:06

On 03/21/2016 09:24 AM, Edwin Aponte wrote:

...

Hi,

If I try to decrypt a file through an ssh connection (from Ubuntu 12.04) to OS Tumbleweed, I get:

gpg --require-secmem -d foo.gpg

gpg: AES256 encrypted data gpg: cancelled by user gpg: encrypted with 1 passphrase gpg: decryption failed: No secret key

but at no moment I am asked for the password. Previously, I just got a password request in "text format".

Has any one seen something similar?

Thanks, Edwin.

Decrypt through an ssh connection? Does that mean you establish an ssh connection to another machine and then, using a shell from that machine, you try to decrypt a file found on that machine? If your ssh session was established with agent forwarding, it wouldn't need to ask you again for the key for decryption. Agent forwarding sends key requests through your ssh session back to the key agent running on your machine, not the remote machine. https://developer.github.com/guides/using-ssh-agent-forwarding/ I don't have a lot of experience using agent forwarding, as I believe the current consensus is that there is a certain risk involved in using it. https://heipei.github.io/2015/02/26/SSH-Agent-Forwarding-considered-harmful/ -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Edwin Aponte

19:18

Thanks for your reply, On 21/03/16 17:06, John Andersen wrote:

...

On 03/21/2016 09:24 AM, Edwin Aponte wrote:

...
Hi,

If I try to decrypt a file through an ssh connection (from Ubuntu 12.04) to OS Tumbleweed, I get:

gpg --require-secmem -d foo.gpg

gpg: AES256 encrypted data gpg: cancelled by user gpg: encrypted with 1 passphrase gpg: decryption failed: No secret key

but at no moment I am asked for the password. Previously, I just got a password request in "text format".

Has any one seen something similar?

Thanks, Edwin.

Decrypt through an ssh connection? Does that mean you establish an ssh connection to another machine and then, using a shell from that machine, you try to decrypt a file found on that machine?

yes, that's what I mean.

...

If your ssh session was established with agent forwarding, it wouldn't need to ask you again for the key for decryption. Agent forwarding sends key requests through your ssh session back to the key agent running on your machine, not the remote machine.

AllowAgentForwarding yes was commented on my /etc/ssh/sshd_config. I uncommented it and restarted the sshd service but I still don't have the SSH_AUTH_SOCK variable set (over ssh). If I ssh to the server and run:

...

echo "$SSH_AUTH_SOCK"

~> ssh-agent SSH_AUTH_SOCK=/tmp/ssh-nyBh7XOJFZOx/agent.9920; export SSH_AUTH_SOCK; SSH_AGENT_PID=9921; export SSH_AGENT_PID; echo Agent pid 9921;

...

https://developer.github.com/guides/using-ssh-agent-forwarding/

I don't have a lot of experience using agent forwarding, as I believe the current consensus is that there is a certain risk involved in using it. https://heipei.github.io/2015/02/26/SSH-Agent-Forwarding-considered-harmful/

Thank you, I will learn more about ProxyCommand, I did not know it before. Thanks. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

John Andersen

23:04

On 03/21/2016 12:18 PM, Edwin Aponte wrote:

...

AllowAgentForwarding yes was commented on my /etc/ssh/sshd_config. I uncommented it and restarted the sshd service but I still don't have the SSH_AUTH_SOCK variable set (over ssh). If I ssh to the server and run:

I believe you would want to authorize that on your target machine. sshd_config is used for incoming ssh sessions. ssh_config is used for out going ssh sessions, but you can override this with ssh command line switches. however, if the target machine (ubuntu as I understand it) did not have AllowAgentForwarding yes, then nothing you did on the command line of your source machine would have any effect. Also read the notes at the top of the sshd_config regarding the commented out lines. In the Opensuse world, #AllowAgentForwarding yes Documents the default (as shipped) configuration, but also supplies a template for you to change it. So AgentForwarding is set YES by default, and you need not uncomment it. If you wanted to change it to NO, you would have to both uncomment it and set it to NO. But again, this applies to INCOMING connections, so you have to check what ubunto supports Your OUTGOING connections from Opensuse to ubuntu will not have agentforwarding turned on by default unless you over-ride th command line with some swithes. This is so because in ssh_config there exists the line: # ForwardAgent no which documents the default connection setting of no agent forwarding. You need -A to forward agent to target, providing target allows such. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Edwin Aponte

22 Mar 22 Mar

18:39

I have created the following test case: (Ubuntu 12.04) <--ssh--> (OS TW foo.gpg) (Ubuntu 12.04) <--ssh--> (OS Leap 42.1 bar.gpg) I am trying to remotely decrypt foo.gpg (on openSUSE tumbleweed) and bar.gpg (on openSUSE Leap 42.1). If I ssh onto the OS Leap box, and issue: gpg --require-secmem -d bar.gpg I get this in the terminal: http://snag.gy/tOp0l.jpg then I type the password and I can decrypt bar.gpg On the other hand, if I ssh onto the OS TW box, and issue: gpg --require-secmem -d foo.gpg I get: gpg: AES256 encrypted data gpg: cancelled by user gpg: encrypted with 1 passphrase gpg: decryption failed: No secret key Without being asked for the password at any moment. On the Ubuntu box I created ~/.ssh/config with: Host OS_TW_IP ForwardAgent yes and now on OS TW I got defined the environment variable SSH_AUTH_SOCK, which according to https://developer.github.com/guides/using-ssh-agent-forwarding/ means that I got agent forwarding on: echo "$SSH_AUTH_SOCK" /tmp/ssh-sHRBQlHR6o/agent.16681 I did not include OS Leap in ~/.ssh/config and I don't have SSH_AUTH_SOCK defined on it but still I am asked for the password. I have #AllowAgentForwarding yes on /etc/ssh/sshd_config of both OS TW and Leap, and # ForwardAgent no on /etc/ssh/ssh_config of Ubuntu, but, as I said, with cat ~/.ssh/config Host OS_TW_IP ForwardAgent yes Thanks. On 21/03/16 23:04, John Andersen wrote:

...

On 03/21/2016 12:18 PM, Edwin Aponte wrote:

...
AllowAgentForwarding yes was commented on my /etc/ssh/sshd_config. I uncommented it and restarted the sshd service but I still don't have the SSH_AUTH_SOCK variable set (over ssh). If I ssh to the server and run:

I believe you would want to authorize that on your target machine. sshd_config is used for incoming ssh sessions.

ssh_config is used for out going ssh sessions, but you can override this with ssh command line switches.

however, if the target machine (ubuntu as I understand it) did not have AllowAgentForwarding yes, then nothing you did on the command line of your source machine would have any effect.

Also read the notes at the top of the sshd_config regarding the commented out lines. In the Opensuse world,

#AllowAgentForwarding yes

Documents the default (as shipped) configuration, but also supplies a template for you to change it.

So AgentForwarding is set YES by default, and you need not uncomment it. If you wanted to change it to NO, you would have to both uncomment it and set it to NO.

But again, this applies to INCOMING connections, so you have to check what ubunto supports

Your OUTGOING connections from Opensuse to ubuntu will not have agentforwarding turned on by default unless you over-ride th command line with some swithes.

This is so because in ssh_config there exists the line: # ForwardAgent no which documents the default connection setting of no agent forwarding. You need -A to forward agent to target, providing target allows such.

-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Andrei Borzenkov

19:53

22.03.2016 21:39, Edwin Aponte пишет:

...

I have created the following test case:

(Ubuntu 12.04) <--ssh--> (OS TW foo.gpg) (Ubuntu 12.04) <--ssh--> (OS Leap 42.1 bar.gpg)

I am trying to remotely decrypt foo.gpg (on openSUSE tumbleweed) and bar.gpg (on openSUSE Leap 42.1).

If I ssh onto the OS Leap box, and issue:

gpg --require-secmem -d bar.gpg

I get this in the terminal: http://snag.gy/tOp0l.jpg then I type the password and I can decrypt bar.gpg

On the other hand, if I ssh onto the OS TW box, and issue:

gpg --require-secmem -d foo.gpg

I get:

gpg: AES256 encrypted data gpg: cancelled by user gpg: encrypted with 1 passphrase gpg: decryption failed: No secret key

Without being asked for the password at any moment.

Could you show env output in both cases? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Bernhard Voelker

23:05

On 03/22/2016 07:39 PM, Edwin Aponte wrote:

...

If I ssh onto the OS Leap box, and issue:

gpg --require-secmem -d bar.gpg

I get this in the terminal: http://snag.gy/tOp0l.jpg then I type the password and I can decrypt bar.gpg

On the other hand, if I ssh onto the OS TW box, and issue:

gpg --require-secmem -d foo.gpg

I get:

gpg: AES256 encrypted data gpg: cancelled by user gpg: encrypted with 1 passphrase gpg: decryption failed: No secret key

Without being asked for the password at any moment.

I'd almost be inclined to rule out the local system and ssh. This is all apples and oranges. Is it possible that you have some differences in ~/.gnupg/* or the environment variables on these systems? And if not, then maybe the same setting might yield different behavior for different gpg versions. Finally, why do you compare the results for 'foo.gpg' on one system, and for 'bar.gpg' on the other? Have a nice day, Berny -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Edwin Aponte

23 Mar 23 Mar

09:34

On 22/03/16 23:05, Bernhard Voelker wrote:

...

On 03/22/2016 07:39 PM, Edwin Aponte wrote:

...
If I ssh onto the OS Leap box, and issue:

gpg --require-secmem -d bar.gpg

I get this in the terminal: http://snag.gy/tOp0l.jpg then I type the password and I can decrypt bar.gpg

On the other hand, if I ssh onto the OS TW box, and issue:

gpg --require-secmem -d foo.gpg

I get:

gpg: AES256 encrypted data gpg: cancelled by user gpg: encrypted with 1 passphrase gpg: decryption failed: No secret key

Without being asked for the password at any moment.

I'd almost be inclined to rule out the local system and ssh. This is all apples and oranges.

Is it possible that you have some differences in ~/.gnupg/* or the environment variables on these systems? And if not, then maybe the same setting might yield different behavior for different gpg versions. There is no difference between ~/gnupg/gpg.conf:

...

# Copyright 1998, 1999, 2000, 2001, 2002, 2003, # 2010 Free Software Foundation, Inc. 195a196

With regard to env: openSUSE TW: ========== MODULE_VERSION_STACK=3.2.10 LESSKEY=/etc/lesskey.bin NNTPSERVER=news MPI_INCLUDE=/usr/include/mpich-x86_64 MANPATH=/usr/local/man:/usr/share/man XDG_SESSION_ID=5 HOSTNAME=OS_TW.com XKEYSYMDB=/usr/X11R6/lib/X11/XKeysymDB HOST=OS_TW.com TERM=xterm SHELL=/bin/bash PROFILEREAD=true HISTSIZE=10000 SSH_CLIENT=XXX.XXX.XXX.XXX 44660 XX MORE=-sl SSH_TTY=/dev/pts/1 MPI_PYTHON_SITEARCH=/usr/lib64/python2.7/site-packages/mpi JRE_HOME=/usr/lib64/jvm/jre USER=edwinh LS_COLORS=no=00:fi=00:di=01;34:ln=00;36:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=41;33;01:ex=00;32:*.cmd=00;32:*.exe=01;32:*.com=01;32:*.bat=01;32:*.btm=01;32:*.dll=01;32:*.tar=00;31:*.tbz=00;31:*.tgz=00;31:*.rpm=00;31:*.deb=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.lzma=00;31:*.zip=00;31:*.zoo=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.tb2=00;31:*.tz2=00;31:*.tbz2=00;31:*.xz=00;31:*.avi=01;35:*.bmp=01;35:*.fli=01;35:*.gif=01;35:*.jpg=01;35:*.jpeg=01;35:*.mng=01;35:*.mov=01;35:*.mpg=01;35:*.pcx=01;35:*.pbm=01;35:*.pgm=01;35:*.png=01;35:*.ppm=01;35:*.tga=01;35:*.tif=01;35:*.xbm=01;35:*.xpm=01;35:*.dl=01;35:*.gl=01;35:*.wmv=01;35:*.aiff=00;32:*.au=00;32:*.mid=00;32:*.mp3=00;32:*.ogg=00;32:*.voc=00;32:*.wav=00;32: LD_LIBRARY_PATH=/usr/lib64/mpich/lib XNLSPATH=/usr/share/X11/nls QEMU_AUDIO_DRV=pa HOSTTYPE=x86_64 CONFIG_SITE=/usr/share/site/x86_64-unknown-linux-gnu FROM_HEADER= MPI_LIB=/usr/lib64/mpich/lib PAGER=less CSHEDIT=emacs XDG_CONFIG_DIRS=/etc/xdg LIBGL_DEBUG=quiet MINICOM=-c on MODULE_VERSION=3.2.10 MAIL=/var/mail/edwinh PATH=/home/edwinh/opt/bin:/usr/lib64/mpich/bin:/home/edwinh/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games MPI_BIN=/usr/lib64/mpi/bin CPU=x86_64 JAVA_BINDIR=/usr/lib64/jvm/jre/bin SSH_SENDS_LOCALE=yes MPI_COMPILER=mpi-x86_64 INPUTRC=/home/edwinh/.inputrc PWD=/home/edwinh _LMFILES_=/usr/share/modules/modulefiles/mpi/mpich-x86_64 JAVA_HOME=/usr/lib64/jvm/jre LANG=en_GB.UTF-8 PYTHONSTARTUP=/etc/pythonstart MODULEPATH=/usr/share/modules:/usr/share/Modules/$MODULE_VERSION/modulefiles:/usr/share/modules/modulefiles LOADEDMODULES=mpi/mpich-x86_64 GPG_TTY=/dev/pts/1 AUDIODRIVER=pulseaudio MPI_SYSCONFIG=/etc/mpich-x86_64 QT_SYSTEM_DIR=/usr/share/desktop-data SHLVL=1 HOME=/home/edwinh ALSA_CONFIG_PATH=/etc/alsa-pulse.conf SDL_AUDIODRIVER=pulse LESS_ADVANCED_PREPROCESSOR=no OSTYPE=linux LS_OPTIONS=-N --color=tty -T 0 MPI_SUFFIX=_mpi XCURSOR_THEME=DMZ WINDOWMANAGER=/usr/bin/gnome MPI_MAN=/usr/share/man G_FILENAME_ENCODING=@locale,UTF-8,ISO-8859-15,CP1252 PYTHONPATH=/usr/lib64/python2.7/site-packages/mpi LESS=-M -I -R MACHTYPE=x86_64-suse-linux LOGNAME=edwinh XDG_DATA_DIRS=/usr/share SSH_CONNECTION=XXX.XXX.XXX.XXX 44660 XXX.XXX.XXX.XXX XX MPI_HOME=/usr/lib64/mpi MPI_FORTRAN_MOD_DIR=/usr/include/mpich-x86_64 MODULESHOME=/usr/share/Modules/3.2.10 LESSOPEN=lessopen.sh %s XDG_RUNTIME_DIR=/run/user/1000 VDPAU_DRIVER=va_gl NO_AT_BRIDGE=1 LESSCLOSE=lessclose.sh %s %s G_BROKEN_FILENAMES=1 JAVA_ROOT=/usr/lib64/jvm/jre COLORTERM=1 BASH_FUNC_module%%=() { eval `/usr/share/Modules/$MODULE_VERSION/bin/modulecmd bash $*` } _=/usr/bin/env openSUSE LEAP 42.1 =================== LESSKEY=/etc/lesskey.bin NNTPSERVER=news MANPATH=/usr/local/man:/usr/share/man XDG_SESSION_ID=19 HOSTNAME=OS_LEAP.com XKEYSYMDB=/usr/X11R6/lib/X11/XKeysymDB HOST=OS_LEAP.com TERM=xterm SHELL=/bin/bash PROFILEREAD=true HISTSIZE=1000 SSH_CLIENT=XXX.XXX.XXX.XXX 49990 XX MORE=-sl SSH_TTY=/dev/pts/2 JRE_HOME=/usr/lib64/jvm/jre USER=edwinh LS_COLORS=no=00:fi=00:di=01;34:ln=00;36:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=41;33;01:ex=00;32:*.cmd=00;32:*.exe=01;32:*.com=01;32:*.bat=01;32:*.btm=01;32:*.dll=01;32:*.tar=00;31:*.tbz=00;31:*.tgz=00;31:*.rpm=00;31:*.deb=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.lzma=00;31:*.zip=00;31:*.zoo=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.tb2=00;31:*.tz2=00;31:*.tbz2=00;31:*.xz=00;31:*.avi=01;35:*.bmp=01;35:*.fli=01;35:*.gif=01;35:*.jpg=01;35:*.jpeg=01;35:*.mng=01;35:*.mov=01;35:*.mpg=01;35:*.pcx=01;35:*.pbm=01;35:*.pgm=01;35:*.png=01;35:*.ppm=01;35:*.tga=01;35:*.tif=01;35:*.xbm=01;35:*.xpm=01;35:*.dl=01;35:*.gl=01;35:*.wmv=01;35:*.aiff=00;32:*.au=00;32:*.mid=00;32:*.mp3=00;32:*.ogg=00;32:*.voc=00;32:*.wav=00;32: XNLSPATH=/usr/share/X11/nls QEMU_AUDIO_DRV=pa HOSTTYPE=x86_64 CONFIG_SITE=/usr/share/site/x86_64-unknown-linux-gnu FROM_HEADER= PAGER=less CSHEDIT=emacs XDG_CONFIG_DIRS=/etc/xdg LIBGL_DEBUG=quiet MINICOM=-c on MAIL=/var/mail/edwinh PATH=/home/edwinh/opt/bin:/home/edwinh/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games CPU=x86_64 JAVA_BINDIR=/usr/lib64/jvm/jre/bin SSH_SENDS_LOCALE=yes INPUTRC=/home/edwinh/.inputrc PWD=/home/edwinh JAVA_HOME=/usr/lib64/jvm/jre LANG=en_GB.UTF-8 PYTHONSTARTUP=/etc/pythonstart GPG_TTY=/dev/pts/2 AUDIODRIVER=pulseaudio QT_SYSTEM_DIR=/usr/share/desktop-data SHLVL=1 HOME=/home/edwinh ALSA_CONFIG_PATH=/etc/alsa-pulse.conf SDL_AUDIODRIVER=pulse LESS_ADVANCED_PREPROCESSOR=no OSTYPE=linux LS_OPTIONS=-N --color=tty -T 0 XCURSOR_THEME=DMZ WINDOWMANAGER=/usr/bin/gnome G_FILENAME_ENCODING=@locale,UTF-8,ISO-8859-15,CP1252 LESS=-M -I -R MACHTYPE=x86_64-suse-linux LOGNAME=edwinh XDG_DATA_DIRS=/usr/share SSH_CONNECTION=XXX.XXX.XXX.XXX 49990 XXX.XXX.XXX.XXX XXX LESSOPEN=lessopen.sh %s XDG_RUNTIME_DIR=/run/user/1000 VDPAU_DRIVER=va_gl NO_AT_BRIDGE=1 LESSCLOSE=lessclose.sh %s %s G_BROKEN_FILENAMES=1 JAVA_ROOT=/usr/lib64/jvm/jre COLORTERM=1 _=/usr/bin/env

...

Finally, why do you compare the results for 'foo.gpg' on one system, and for 'bar.gpg' on the other?

I have tried several different files, and the same files. I think that both systems should behave different, and if for some reason that changed in the more resent version on TW, why?

...

Have a nice day,

Thanks, and you too. Edwin.

...

Berny

-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Edwin Aponte

09:38

On 23/03/16 09:34, Edwin Aponte wrote:

...

I have tried several different files, and the same files. I think that both systems should behave different, and if for some reason that changed in the more resent version on TW, why?

Sorry, should *not* behave differently -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Andrei Borzenkov

11:09

On Wed, Mar 23, 2016 at 12:34 PM, Edwin Aponte wrote:

...

GPG_TTY=/dev/pts/2

Could you compare permissions on $GPG_TTY in both cases, i.e. id -a ls -l $GPG_TTY getfacl $GPG_TTY -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Edwin Aponte

11:26

On 23/03/16 11:09, Andrei Borzenkov wrote:

...

On Wed, Mar 23, 2016 at 12:34 PM, Edwin Aponte wrote:

...
GPG_TTY=/dev/pts/2

Could you compare permissions on $GPG_TTY in both cases, i.e.

id -a ls -l $GPG_TTY getfacl $GPG_TTY

openSUSE TW =========== edwinh@OS_TW:~> id -a uid=1000(edwinh) gid=1000(edwinh) groups=1000(edwinh),100(users),467(vboxusers) edwinh@OS_TW:~> ls -l $GPG_TTY crw--w---- 1 edwinh tty 136, 1 Mar 23 11:18 /dev/pts/1 edwinh@OS_TW:~> getfacl $GPG_TTY getfacl: Removing leading '/' from absolute path names # file: dev/pts/1 # owner: edwinh # group: tty user::rw- group::-w- other::--- openSUSE Leap 42.1 ================== edwinh@OS_LEAP:~> id -a uid=1000(edwinh) gid=1000(edwinh) groups=1000(edwinh),100(users),479(vboxusers) edwinh@OS_LEAP:~> ls -l $GPG_TTY crw--w---- 1 edwinh tty 136, 2 Mar 23 11:23 /dev/pts/2 edwinh@OS_LEAP:~> getfacl $GPG_TTY getfacl: Removing leading '/' from absolute path names # file: dev/pts/2 # owner: edwinh # group: tty user::rw- group::-w- other::--- Thanks, Edwin. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Edwin Aponte

30 Mar 30 Mar

15:14

Hi, Any further thoughts about this. Can this be considered a bug? Thanks. On 23/03/16 11:26, Edwin Aponte wrote:

...

On 23/03/16 11:09, Andrei Borzenkov wrote:

...
On Wed, Mar 23, 2016 at 12:34 PM, Edwin Aponte wrote:

...
GPG_TTY=/dev/pts/2

Could you compare permissions on $GPG_TTY in both cases, i.e.

id -a ls -l $GPG_TTY getfacl $GPG_TTY

openSUSE TW ===========

edwinh@OS_TW:~> id -a uid=1000(edwinh) gid=1000(edwinh) groups=1000(edwinh),100(users),467(vboxusers) edwinh@OS_TW:~> ls -l $GPG_TTY crw--w---- 1 edwinh tty 136, 1 Mar 23 11:18 /dev/pts/1 edwinh@OS_TW:~> getfacl $GPG_TTY getfacl: Removing leading '/' from absolute path names # file: dev/pts/1 # owner: edwinh # group: tty user::rw- group::-w- other::---

openSUSE Leap 42.1 ==================

edwinh@OS_LEAP:~> id -a uid=1000(edwinh) gid=1000(edwinh) groups=1000(edwinh),100(users),479(vboxusers) edwinh@OS_LEAP:~> ls -l $GPG_TTY crw--w---- 1 edwinh tty 136, 2 Mar 23 11:23 /dev/pts/2 edwinh@OS_LEAP:~> getfacl $GPG_TTY getfacl: Removing leading '/' from absolute path names # file: dev/pts/2 # owner: edwinh # group: tty user::rw- group::-w- other::---

Thanks, Edwin.

-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

3013

Age (days ago)

3022

Last active (days ago)

List overview

Download

11 comments

4 participants

participants (4)

Andrei Borzenkov
Bernhard Voelker
Edwin Aponte
John Andersen