I forgot to mention, another thing in place on the server's sshd configuration is:
StreamLocalBindUnlink yes On Tue, Aug 9, 2022 at 10:29 AM James A. Robinson <jim.robin...@gmail.com> wrote: > Hi folks, > > I've got two Fedora 36 machines I use in my office: a laptop that I log > into using the keyboard and monitor and a server that I ssh into from the > laptop. I have my GnuPG private keys on the laptop, and the public keys on > both the laptop and the server. Additionally, I've got my laptop > ~/.ssh/config set up with a directive: > > RemoteForward /run/user/1000/gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg- > agent > > and when I ssh into the server using 'ssh -v' I see in the output the > following: > > debug1: remote forward success for: listen > /run/user/1000/gnupg/S.gpg-agent:-2, > connect /run/user/1000/gnupg/S.gpg-agent:-2 > > Now at this point I'm under the impression that if gpg were to be called > on the server, and it talks to the socket, it should be triggering my > gpg-agent on my laptop. This seems to work as long as the gpg-agent on the > server doesn't start up. If the gpg-agent on the server does start it > complains about no private keys (which makes sense, since the server > doesn't have the private keys). > > I've read that systemctl is managing the sockets on Fedora 36, and that I > can prevent gpg-agent from starting on the server by 'mask'ing the handlers > for the sockets. So, on the server, there are /dev/null links in place: > > lrwxrwxrwx. 1 root root 9 Jul 28 10:30 > /etc/systemd/user/gpg-agent-browser.socket > -> /dev/null > lrwxrwxrwx. 1 root root 9 Jul 28 10:30 > /etc/systemd/user/gpg-agent-extra.socket > -> /dev/null > lrwxrwxrwx. 1 root root 9 Jul 28 10:30 /etc/systemd/user/gpg-agent.service > -> /dev/null > lrwxrwxrwx. 1 root root 9 Jul 28 10:30 /etc/systemd/user/gpg-agent.socket > -> /dev/null > lrwxrwxrwx. 1 root root 9 Jul 28 10:30 /etc/systemd/user/gpg-agent-ssh.socket > -> /dev/null > lrwxrwxrwx. 1 root root 9 Aug 8 09:16 > /etc/systemd/user/sockets.target.wants/gpg-agent.socket > -> /dev/null > > Sometimes I am able to call gpg w/ any problem and other times gpg is > starting up gpg-agent and then failing because of the lack of private keys > on the server machine. Is there some other thing I should have been doing > to tell systemctl to stop trying to handle the sockets itself? Should I be > reconfiguring gpg to use different sockets than ones that systemctl is > trying to manage? > > Jim > > > >
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
