On Tue, 11 Nov 2014 18:35, m...@monaco.cx said: > Does anyone have gpg-agent forwarding working with SSH's recent generic socket > forwarding? Does it still require socat on one end, because I've only been > able > to specify a socket path on the left-hand side of the forwarding > specification
Yes, it works for me. However, I tested it with the current development version of 2.1 which adds an extra features: --extra-socket NAME Also listen on native gpg-agent connections on the given socket. The intended use for this extra socket is to setup a Unix domain socket forwarding from a remote machine to this socket on the local machine. A gpg running on the remote machine may then connect to the local gpg-agent and use its private keys. This allows to decrypt or sign data on a remote machine without exposing the private keys to the remote machine. The documentation on how to use Unix domain sockets with ssh is a bit sparse. You probably want to use "-o StreamLocalBindUnlink=yes" when connecting to the remote host and you have to enable the forwarding features (look for Stream* options). Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users