gpg agent forwarding (via ssh) totally broken with 2.1 and NFS-mounted $HOME

Werner Koch wk at gnupg.org
Mon Sep 21 15:06:58 CEST 2015


On Mon, 21 Sep 2015 13:44, nix at esperi.org.uk said:

> catastrophically bad effects on agent forwarding when used in
> conjunction with an NFS-mounted $HOME.

I know that it is not yet well documented, but thre is a solution for
remote file systems which do not allow for special files.

You create a plain file ~/.gnupg/S.gpg-agent with this content:

--8<---------------cut here---------------start------------->8---
%Assuan%
socket=NAME
--8<---------------cut here---------------end--------------->8---

Where NAME is the actual socket to use.  No white spaces are allowed,
both lines must be terminated by a single linefeed, and extra lines are
not allowed.  Environment variables are interpreted in NAME if given in
'${VAR}' notation.  No escape characters are defined; if the string '${'
needs be used in file name, an environment variable with that content
may be used.  The length of the redirection file is limited to 511 bytes
which is more than sufficient for any known implementation of Unix
domain sockets.

This works for all GnUPG sockets as long as you use at least
Libassuan 2.2.0


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list