meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
sw:gpg:forwarding [2022/10/06 10:25] – created niziaksw:gpg:forwarding [2022/11/26 10:30] (current) niziak
Line 3: Line 3:
 Search tags: ''pgp'' ''gpg'' ''remote'' ''gpg-agent'' ''gpg-agent forwarding''. Search tags: ''pgp'' ''gpg'' ''remote'' ''gpg-agent'' ''gpg-agent forwarding''.
  
-Source: [[https://mlohr.com/gpg-agent-forwarding/|GPG Agent Forwarding by Matthias Lohr]]+Source: 
 +  * [[https://mlohr.com/gpg-agent-forwarding/|GPG Agent Forwarding by Matthias Lohr]] 
 +  * [[https://wiki.gnupg.org/AgentForwarding|Forwarding gpg-agent to a remote system over SSH]]
  
 ===== local machine ===== ===== local machine =====
 +
 +Ensure ''gpg-agent'' is running:
 +<file bash ~/.bashrc>
 +# Launch gpg-agent if not started
 +export GPG_TTY="$(tty)"
 +gpgconf --launch gpg-agent
 +</file>
  
 Public and secret key must be present on local machine Public and secret key must be present on local machine
Line 15: Line 24:
 Get ''gpg-agent'' socket paths on local and **remote** machines: Get ''gpg-agent'' socket paths on local and **remote** machines:
 <code bash> <code bash>
-$ gpgconf--list-dirs agent-extra-socket+$ gpgconf --list-dirs agent-extra-socket
 /run/user/1000/gnupg/S.gpg-agent.extra /run/user/1000/gnupg/S.gpg-agent.extra
 </code> </code>
Line 32: Line 41:
 ===== remote machine ===== ===== remote machine =====
  
-Public key must be imported on remote machine+Public key must be imported on remote machine
 <code bash> <code bash>
 gpg --import usert@example.com-public.asc gpg --import usert@example.com-public.asc
Line 40: Line 50:
 gpg:               imported: 1 gpg:               imported: 1
 </code> </code>
 +
 +
 +Modify ssh server configuration to enable automatic removal of stale sockets when connecting to the remote machine:
 +<file config /etc/ssh/sshd_config>
 +StreamLocalBindUnlink yes
 +</file>
 +
 +and restart sshd: <code bash>systemctl restart ssh</code>
 +
 +
 +===== usage =====
 +
 +On remote machine:
 +<code bash>
 +gpg --list-secret-keys
 +</code>
 +
 +Sign message:
 +<code bash>
 +echo TEXT | gpg -s
 +</code>
 +
 +===== Issues =====
 +
 +''gpg: signing failed: Inappropriate ioctl for device''
 +
 +<code bash>
 +gpg-agent[2022]: command 'SCD' failed: Forbidden
 +gpg-agent[2022]: command 'KEYINFO' failed: Forbidden
 +gpg-agent[3881]: No $DBUS_SESSION_BUS_ADDRESS found, falling back to curses
 +gpg-agent[3881]: Failed to lookup password for key n/63B10EA3FEB8F818AEC11B943DFF4F7A33E4624D with secret service: Cannot autolaunch D-Bus without X11 $DISPLAY
 +gpg-agent[2022]: failed to unprotect the secret key: Inappropriate ioctl for device
 +gpg-agent[2022]: failed to read the secret key
 +gpg-agent[2022]: command 'PKSIGN' failed: Inappropriate ioctl for device <Pinentry>
 +</code>
 +
 +Problem with displaying password prompt.
 +Solution (exec on host)
 +<code bash>
 +echo "UPDATESTARTUPTTY" | gpg-connect-agent > /dev/null 2>&1
 +</code>
 +
 +