On Tue, 11 Nov 2014 18:35, m...@monaco.cx said:
> Does anyone have gpg-agent forwarding working with SSH's recent generic socket
> forwarding? Does it still require socat on one end, because I've only been
> able
> to specify a socket path on the left-hand side of the forwarding
> specification
Yes, it works for me. However, I tested it with the current development
version of 2.1 which adds an extra features:
--extra-socket NAME
Also listen on native gpg-agent connections on the given
socket. The intended use for this extra socket is to
setup a Unix domain socket forwarding from a remote
machine to this socket on the local machine. A gpg
running on the remote machine may then connect to the
local gpg-agent and use its private keys. This allows to
decrypt or sign data on a remote machine without exposing
the private keys to the remote machine.
The documentation on how to use Unix domain sockets with ssh is a bit
sparse. You probably want to use "-o StreamLocalBindUnlink=yes" when
connecting to the remote host and you have to enable the forwarding
features (look for Stream* options).
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
