From 86e03e6d09e7406be71f982571f7795ccc76f96b Mon Sep 17 00:00:00 2001 From: Brice Gagnage Date: Tue, 4 Dec 2018 15:11:13 +0100 Subject: [PATCH] final draft --- README.md | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 03ebc13..1b3c310 100644 --- a/README.md +++ b/README.md @@ -1402,7 +1402,7 @@ enable-putty-support - Enter `> gpg --card-status`, now you should see your Yubikey's details. - Import your [public key](#export-public-key): `> gpg --import ` - Trust it: [Trust master key](#trust-master-key) -- Retrieve your public key's id: `gpg --list-public-keys` +- Retrieve your public key's id: `> gpg --list-public-keys` - Export the SSH key from GPG: `> gpg --export-ssh-key ` Copy this key to a file for later use. It represents the public SSH key corresponding to the secret key on your YubiKey. You can upload this key to any server you wish to SSH into. @@ -1425,15 +1425,15 @@ The goal here is to make the SSH client inside WSL work together with the Window - Download or clone [weasel-pageant](https://github.com/vuori/weasel-pageant). - Add `eval $(/mnt/c//weasel-pageant -r -a /tmp/S.weasel-pageant)` to your .bashrc or equivalent. **Note**: we use a named socket here so we can use it in the RemoteForward directive of the .ssh/config file. -- Source it `. ~/.bashrc`. -- You should be able to see your SSH key with `ssh-add -l`. +- Source it `$ . ~/.bashrc`. +- You should be able to see your SSH key with `$ ssh-add -l`. - Edit your `~/.ssh/config` file. - For each host you want to use agent forwarding, add: ``` ForwardAgent yes RemoteForward /tmp/S.weasel-pageant ``` -**Note**: the remote ssh socket path can be found by executing `gpgconf --list-dirs agent-ssh-socket` on the host. +**Note**: the remote ssh socket path can be found by executing `$ gpgconf --list-dirs agent-ssh-socket` on the host. ### Remote host configuration - Add to your .bashrc or equivalent: @@ -1446,19 +1446,17 @@ export GPG_TTY=$(tty) AllowAgentForwarding yes StreamLocalBindUnlink yes ``` -- Reload the ssh daemon (e.g. `sudo service sshd reload`). +- Reload the ssh daemon (e.g. `$ sudo service sshd reload`). ### Final test -- Unplug your Yubikey, reboot. -- Log back on Windows, open a WSL console and enter `ssh-add -l`, you should see nothing. +- Unplug your Yubikey, disconnect or reboot. +- Log back on Windows, open a WSL console and enter `$ ssh-add -l`, you should see nothing. - Plug your Yubikey, enter the same command, you should see your ssh key. - Log in to your remote host, you should have the pinentry popup/window asking for your Yubikey pin. -- On your remote host, type `ssh-add -l`. If should see your ssh key, that means your forwarding works ! +- On your remote host, type `$ ssh-add -l`. If you see your ssh key, that means your forwarding works ! **Note**: you can chain the agent forwarding through multiple hosts, you just have to follow the same [protocol](#remote-host-configuration) to configure each host. - - # Troubleshooting - If you don't understand some option - read `man gpg`.