Forwarding scdaemon over SSH - is it possible?

NIIBE Yutaka gniibe at
Fri Jun 10 01:03:30 CEST 2016

On 06/09/2016 08:09 PM, Michael Fladischer wrote:
> some months ago I bought a Yubikey Neo 4 to store my private key on. It
> works perfect with GnuPG on my local Laptop.
> Now I would like to sign some files with my key on a remote server
> (build machine). I'm logged in there over SSH and I tried forwarding the
> unix domain socket from scdaemon over the relatively new
> SSH-unix-domain-socket-forwaring feature like this:
> ssh -R ~/.gnupg/S.scdaemon:~/.gnupg/S.scdaemon

You don't need to do that.  Instead, you need to use forwarding of
gpg-agent's socket.  Note that it is gpg-agent which gpg frontend
connects to, and it is gpg-agent which connects to scdaemon.

Once gpg-agent' socket is forwarded, you can access your local
scdaemon, like:

  gpg frontend      --> [by forwarded socket] --> [by normal socket]
  remote your server    local gpg-agent           local scdaemon

It works for me with Gnuk Token, and I don't think it's hardware

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160610/0280168c/attachment.sig>

More information about the Gnupg-users mailing list