When there is a "global" SSH agent running in a GUI session, attempting
to use it from a remote SSH session may not work well. For keys that
need a passphrase or confirmation, the prompt will appear on the
graphical display, rather than the remote client's terminal, essentially
preventing the remote client from using those keys.
To resolve this, we need to use a separate SSH agent for remote clients.
At login, the remote client should spawn its own agent, e.g. with `eval
$(ssh-agent)`. Then, the ssh-askpass script will be able to spawn
`pinentry` attached to theh remote client's terminal.
In the specific case of running `tmux` in a remote SSH session, things
get a bit more complicated. Since `tmux` has control of the SSH
client's terminal, attaching `pinentry` to it wreaks havoc and makes
both programs unusable. Thus, we need to spawn `pinentry` _inside_
`tmux`. Since we do not know which TTY the invoker is using, we need to
spawn a new window for the `pinentry` prompt. This of course detaches
the `pinentry` process from our stdin/stdout, so we have to used named
pipes to communicate with it.
f03d3a8561