SSH remote access and GPG keys generation

Hi

My server works operation system openSuSE. Package OpenPGP has installed. This package works both a server console and via a remote access.

I study package OpenPGP with my students in the computer class (15 computers) via remote access, protocol SSH, port 22. All the features and commands gpg2 are workable. There is a little problem with creating keys.

When I type in the remote console:

gpg2 --gen-key

then go interactive mode and answer questions to the program as shown in the following screen:

=================== console ===========================
strekoza:~ # gpg2 --gen-key
gpg (GnuPG) 2.0.19; Copyright (C) 2012 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 56
Key expires at Mon Jun 20 16:06:19 2016 MSK
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.
Real name: Dremu4ii
Email address: dremu4ii@polo.horse.org
Comment: welcome to PGP
You selected this USER-ID:
“Dremu4ii (welcome to PGP) <dremu4ii@polo.horse.org>”
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes…

=================== console ===========================

When I enter the password and the program then hangs. It requiring generate many random numbers. If I run in a nearby console, command that “does nothing”, for example:

ls -la -R /

It helps sometimes if does it 2-3 times, then keys can be created. This helps, but not always.

If I type the command:

gpg2 --gen-key

run directly on the console server, this problem does not occur and the keys will be created.

Tell me, please, what can I do?

If you read the man page gpg2 and the --gen-key option it says that
you need to reference the file doc/DETAILS to see how to properly
use this command.

On my OpenSusE install, this file is found at: /usr/share/doc/packages/gpg2/DETAILS
There is a “Unattended key generation” section in this file that may give you the
answer you are looking for and some examples of how to use the --gen-key option.

Good luck

Dear crubel in the documentation to which you refer is only details and features create of the pair keys. In the specified you documentation don’t contains reply to my question unfortunately.

My question is formulated as follows. **When I try to create the keys on the server over a remote SSH access running command

gpg2 --gen-key

problem arises. The console freezes, keys are not created**.

What can I do?

I’m not sure that I understand the question.

Have you tried using:

ssh -X

to start the ssh connection?

I’m guessing that gpg2 is wanting you to enter a passphrase, and has attempted to open a pinentry dialog. But you are not seeing it over your ssh connection. If that’s the problem, then maybe X-forwarding will fix it. Or maybe there is a way that you can force it to use the “ncurses” pinentry option.

Hello nrickert.

I use to connect to my Linux-server using SSH utility putty.exe (https://en.wikipedia.org/wiki/PuTTY).

My class has some machines running operation system Windows 8.1. These machines are connected via SSH (putty.exe) to my Linux server.

Regards Dremu4ii.

I used to have my students do that. Back then, the server was using gpg 1.x, which would prompt interactively for key etc. But I think “gpg2” needs “gpg-agent” to always be running. So the student needs to start “gpg-agent” in his session.

It might be easier to install gpg1, and change it so that the “gpg” command is “gpg1” or a symlink to “gpg1” instead of a symlink to “gpg2”.

I’ll note that some distros (Ubuntu, Debian for example) are installing both gpg1 and gpg2. Some of the GUI software gives a choice on which to use. For remote command line users, gpg1 is easier to use. I think there’s an openFATE request for opensuse to provide both, but it doesn’t look as if it will happen.

Hi all. Problem running the rngd daemon. Daemon rngd - checks and feeds random data from hardware device to kernel random device.

I type in command prompt as root:

rngd -r /dev/urandom -o /dev/random -b

That is all. The command gpg2 --key-gen succeeds at all client machines now.

Problem solved, thank you all.