On Tue, 11 Nov 2014 18:35, m...@monaco.cx said:
> Does anyone have gpg-agent forwarding working with SSH's recent generic socket
> forwarding? Does it still require socat on one end, because I've only been 
> able
> to specify a socket path on the left-hand side of the forwarding
> specification

Yes, it works for me.  However, I tested it with the current development
version of 2.1 which adds an extra features:

   --extra-socket NAME
          Also listen on native gpg-agent connections on the given
          socket.  The intended use for this extra socket is to
          setup a Unix domain socket forwarding from a remote
          machine to this socket on the local machine.  A gpg
          running on the remote machine may then connect to the
          local gpg-agent and use its private keys.  This allows to
          decrypt or sign data on a remote machine without exposing
          the private keys to the remote machine.

The documentation on how to use Unix domain sockets with ssh is a bit
sparse.  You probably want to use "-o StreamLocalBindUnlink=yes" when
connecting to the remote host and you have to enable the forwarding
features (look for Stream* options).


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to