gpg agent forwarding (via ssh) totally broken with 2.1 and NFS-mounted $HOME

Werner Koch wk at gnupg.org
Tue Sep 22 09:00:38 CEST 2015


On Mon, 21 Sep 2015 18:49, nix at esperi.org.uk said:

> (It's not that the fs doesn't allow for special files -- it's that it's
> distributed, but the semantics of AF_UNIX socket creation assume that it
> isn't.)

Depends on the file system.  At least some NFS versions don't allow
special files at all.

> Useful! ... though this seems more likely to be *used* if it applied to
> all assuan sockets at once, rather than one at a time.

That would require a lot of changes.  The redirect file approach is
mostly a wrapper and works transparently on the client site.

> It seems to work much better now, though of course only assuan can
> follow these links, so your SSH_AUTH_SOCK has to point at wherever you
> pointed them, as does your ssh agent forwarding.

Right, but you have to set SSH_AUTH_SOCK yourself anyway.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list