From b44f6131efe1cac4882197d9a42ee1726c77bf00 Mon Sep 17 00:00:00 2001 From: Wheest Date: Mon, 7 Jan 2019 21:58:14 +0000 Subject: [PATCH] Further amendments to Agent Forwarding --- README.md | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 7f7a4c2..bfd0ed5 100644 --- a/README.md +++ b/README.md @@ -1485,11 +1485,17 @@ $ gpgconf --list-dirs agent-socket This should return a path such as `/run/user/1000/gnupg/S.gpg-agent`. -- On your remote machine, edit the file `/etc/ssh/sshd_config`, so that option `StreamLocalBindUnlink` is set to `StreamLocalBindUnlink yes yes` +- On your remote machine, edit the file `/etc/ssh/sshd_config`, so that option `StreamLocalBindUnlink` is set to `StreamLocalBindUnlink yes` -- Agent forwarding should now be possible. +- _(optional)_If you do not have root access to the remote machine to edit `/etc/ssh/sshd_config`, you will need to remove the socket on the remote machine before forwarding works. For example, `rm /run/user/1000/gnupg/S.gpg-agent`. Further information can be found on the [AgentForwarding GNUPG wiki page](https://wiki.gnupg.org/AgentForwarding). -- To enable agent forwarding, add the following to your ssh config file (your agent sockets may be different): +- On your local machine, you need to copy your public keyring to your remote machine + +``` +$ scp .gnupg/pubring.kbx remote:~/.gnupg/ +``` + +- Finally, to enable agent forwarding for a given machine, add the following to your ssh config file (your agent sockets may be different): ``` Host remote @@ -1500,6 +1506,16 @@ Host remote You should then be able to use your YubiKey as if it were connected to the remote machine. +If you're still having problems, it may be necessary to edit your `gpg-agent.conf` file on both your remote and local machines to add the following information. + +``` +enable-ssh-support +pinentry-program /usr/bin/pinentry-curses +default-cache-ttl 60 +max-cache-ttl 120 +extra-socket /run/user/1000/gnupg/S.gpg-agent.extra +``` + # Troubleshooting - If you don't understand some option - read `man gpg`.