OpenSSH, gpg-agent, and gpg

Werner Koch wk at
Thu Aug 28 20:17:11 CEST 2014


I just read at LWN about the forthcoming OpenSSH 6.7:

    Among the new features is support for Unix domain socket
    forwarding. This feature allows a Unix domain socket on the local
    machine to be forward to a remote TCP port, or a remote TCP port to
    be forwarded to a local Unix domain socket—using the same syntax
    that OpenSSH supports for forwarding to TCP ports. For example, a
    remote PostgreSQL database instance could be connected over a secure
    SSH channel to a Unix domain socket on the local machine with ssh
    -L/tmp/ someserver. It is also possible
    to connect two local Unix domain sockets over an SSH connection.

    Several years ago, this functionality was available in a patch set
    by William Ahern. The last update to Ahern's code, however, was made
    in 2012 for OpenSSH 6.1. The new feature is a reimplementation of
    the same work.  (subscriber only for two weeks)

That is a cool thing because it allows us to keep gpg-agent on the
desktop and run gpg on the server without fearing a compromise of the
secret key.  I am waiting for such a feature for quite some time.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list