gpg-agent forwarding

Peter Lebbing peter at
Thu Nov 6 16:09:01 CET 2014

On 06/11/14 15:40, Werner Koch wrote:
> OpenSSH has socket forwarding and that is what I was thinking about.

Sockets other than TCP you mean? Is this something generic that can be
invoked by using the command-line OpenSSH client? I can't find it.

> To avoid that other users connect to a listening socket we use a
> nonce taken from a file - that file is protected by the usual file
> system permissions.

Right, connecting to it was what I was referring to. And since I was
thinking about just using a forwarded TCP connection, the nonce/cookie
needed to be known to gpg running on the server, hence my elaborate
construction. If you include functionality inside the SSH client, this
is obviously not needed. Were you thinking of writing that functionality
for OpenSSH on Linux as well?



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list