OpenSSH, gpg-agent, and gpg

Werner Koch wk at gnupg.org
Thu Aug 28 20:17:11 CEST 2014


Hi,

I just read at LWN about the forthcoming OpenSSH 6.7:

    Among the new features is support for Unix domain socket
    forwarding. This feature allows a Unix domain socket on the local
    machine to be forward to a remote TCP port, or a remote TCP port to
    be forwarded to a local Unix domain socket—using the same syntax
    that OpenSSH supports for forwarding to TCP ports. For example, a
    remote PostgreSQL database instance could be connected over a secure
    SSH channel to a Unix domain socket on the local machine with ssh
    -L/tmp/foo.sock:mydatabase.net:5432 someserver. It is also possible
    to connect two local Unix domain sockets over an SSH connection.

    Several years ago, this functionality was available in a patch set
    by William Ahern. The last update to Ahern's code, however, was made
    in 2012 for OpenSSH 6.1. The new feature is a reimplementation of
    the same work.

    https://lwn.net/Articles/609321/  (subscriber only for two weeks)

That is a cool thing because it allows us to keep gpg-agent on the
desktop and run gpg on the server without fearing a compromise of the
secret key.  I am waiting for such a feature for quite some time.



Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-devel mailing list