meta data for this page
gpg-agent forwarding
Search tags: pgp gpg remote gpg-agent gpg-agent forwarding.
Source:
local machine
Ensure gpg-agent is running:
- ~/.bashrc
# Launch gpg-agent if not started export GPG_TTY="$(tty)" gpgconf --launch gpg-agent
Public and secret key must be present on local machine
gpg --import usert@example.com-public.asc gpg --import usert@example.com-secret.asc
Get gpg-agent socket paths on local and remote machines:
$ gpgconf --list-dirs agent-extra-socket /run/user/1000/gnupg/S.gpg-agent.extra
$ ssh remote gpgconf --list-dirs agent-socket /run/user/1000/gnupg/S.gpg-agent
Edit SSH user configuration and add sockets forwarding for remote host:
- ~/.ssh/config
Host remote RemoteForward /run/user/1000/gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg-agent.extra
remote machine
Public key must be imported on remote machine:
gpg --import usert@example.com-public.asc gpg: key XXXXXXXXXXXXX: public key "User <user@example.com>" imported gpg: Total number processed: 1 gpg: imported: 1
Modify ssh server configuration to enable automatic removal of stale sockets when connecting to the remote machine:
- /etc/ssh/sshd_config
StreamLocalBindUnlink yes
and restart sshd:
systemctl restart ssh
usage
On remote machine:
gpg --list-secret-keys
Sign message:
echo TEXT | gpg -s
Issues
gpg: signing failed: Inappropriate ioctl for device
gpg-agent[2022]: command 'SCD' failed: Forbidden gpg-agent[2022]: command 'KEYINFO' failed: Forbidden gpg-agent[3881]: No $DBUS_SESSION_BUS_ADDRESS found, falling back to curses gpg-agent[3881]: Failed to lookup password for key n/63B10EA3FEB8F818AEC11B943DFF4F7A33E4624D with secret service: Cannot autolaunch D-Bus without X11 $DISPLAY gpg-agent[2022]: failed to unprotect the secret key: Inappropriate ioctl for device gpg-agent[2022]: failed to read the secret key gpg-agent[2022]: command 'PKSIGN' failed: Inappropriate ioctl for device <Pinentry>
Problem with displaying password prompt. Solution (exec on host)
echo "UPDATESTARTUPTTY" | gpg-connect-agent > /dev/null 2>&1