OpenSSH, gpg-agent, and gpg
Werner Koch
wk at gnupg.org
Thu Aug 28 20:17:11 CEST 2014
Hi,
I just read at LWN about the forthcoming OpenSSH 6.7:
Among the new features is support for Unix domain socket
forwarding. This feature allows a Unix domain socket on the local
machine to be forward to a remote TCP port, or a remote TCP port to
be forwarded to a local Unix domain socket—using the same syntax
that OpenSSH supports for forwarding to TCP ports. For example, a
remote PostgreSQL database instance could be connected over a secure
SSH channel to a Unix domain socket on the local machine with ssh
-L/tmp/foo.sock:mydatabase.net:5432 someserver. It is also possible
to connect two local Unix domain sockets over an SSH connection.
Several years ago, this functionality was available in a patch set
by William Ahern. The last update to Ahern's code, however, was made
in 2012 for OpenSSH 6.1. The new feature is a reimplementation of
the same work.
https://lwn.net/Articles/609321/ (subscriber only for two weeks)
That is a cool thing because it allows us to keep gpg-agent on the
desktop and run gpg on the server without fearing a compromise of the
secret key. I am waiting for such a feature for quite some time.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list