Use pinentry-gtk2 to avoid a missing password prompt when connecting to a remote machine.


The application pinentry opens when you need to provide your password for decrypting your GnuPG key. You can install different interfaces for providing the password via pinentry. There are graphical and non-graphical variants e.g.,

$ dpkg -l | grep pinentry
pinentry-curses
pinentry-gnome3
pinentry-gtk2
pinentry-tty

It makes sense to open a graphical interface when pinentry is called by a graphical program (e.g., when encrypting an email composed in Thunderbird) and a non-graphical interface when pinentry is called by a non-graphical program (e.g., when signing a commit through git commit). That said, this is not default behaviour.

update-alternatives --config pinentry

shows the current variant used when calling pinentry. On newer systems this is pinentry-gnome3, which seems fine but has one caveat: it will always run a graphical interface if a X session is running. This is quite problematic when connecting to a machine that has a X session running remotely. This is indeed an issue with pinentry-gnome3 and can be avoided by using pinentry-gtk2 instead.