Hi Kevin, Kevin Gallagher: > Hi all, > > I've tried to get this working to no avail. I've consulted past postings > to this list as well as various online references. Some people seem to > have got this to work, but most seem to have trouble. I would appreciate > any guidance or help anyone can offer. > > I want my gpg-agent to be shared with another host, specifically a > Vagrant/VirtualBox virtual machine, via Unix socket forwarding, which is > a feature that arrived with OpenSSH 6.7. I can get my gpg-agent's socket > forwarded, and I can talk to it with gpg-connect-agent, and even obtain > a list of keygrips for the keys residing on the local machine. However, > the forwarded gpg-agent socket does not seem to interface with the GPG > CLI utility, i.e. running `gpg2 --use-agent --list-keys` shows nothing.
Have you considered adding the debug flag to the command (--debug-level
expert)?
>
> This is important because I'm in the process of developing a
> deterministic build environment for a project, and many of us prefer to
> use smartcards or YubiKeys, so copying our secret keys into the VM is
> not an option. The ability to forward the local gpg-agent into the VM
> for signing operations would be very convenient.
>
> GPG version on host: 2.1.15 (Debian stretch)
> GPG version on VM: 2.0.26 (Debian jessie)
> Setting some environment variables in the VM does not help:
>
> GPG_AGENT_INFO=/home/vagrant/.gnupg/S.gpg-agent:0:1
> GPG_SOCK=/home/vagrant/.gnupg/S.gpg-agent
> GPG_TTY=/dev/pts/1
And if you'd try to add this to the VM's .bashrc file via ssh/scp
(assuming that the Vagrant's VM is headless and has a bash)
if [ -f "${HOME}/.gpg-agent-info" ]; then
. "${HOME}/.gpg-agent-info"
export GPG_AGENT_INFO
export SSH_AUTH_SOCK
export SSH_AGENT_PID
fi
Wouldn't that start the "target shell" (forcibly) with the agent being
fired up and all ready for sshing?
Cheers
Stephan
0x4218732B.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
