Page MenuHome GnuPG

agent confirm default
Closed, DuplicatePublic

Description

When using gpg-agent for ssh with pinentry-gtk2 and confirmation requested, the
dialog box that comes up to confirm your connection request has the "Deny"
button selected as the default. In order to accept, one must either alt-tab, or
arrow, or use the mouse to select "Accept".

I think that either "Accept" should be the default, or this should be
configurable.

The reason why I think "Accept" should be the default is because this is how
ssh-agent does it. If you switch from ssh-agent to gpg-agent, your defaults
change... It is also particularly annoying to have "Deny" as the default if you
do a significant amount of ssh connections (as I do). It is already a trade-off
between additional security and additional annoyance to have the confirm option
enabled, but I think that having the "Deny" option as the default discourages
people from using this option too much.

Some may disagree with me that ssh-agent does it wrong, and gpg-agent is doing
it right by having "Deny" as the default, and I can respect that disagreement.
That is why I would suggest that this default be an option that can be
configured. From my brief look at the code involved, it is not written to have
an option:

int agent_get_confirmation (ctrl_t ctrl, const char *desc, const char *ok, const
char *notokay, int with_cancel);

err = agent_get_confirmation (ctrl, prompt, L_("Allow"), L_("Deny"), 1);

having an option would give flexibility for those who disagree about which
option should be the default.