Forwarding scdaemon over SSH - is it possible?
NIIBE Yutaka
gniibe at fsij.org
Fri Jun 10 01:03:30 CEST 2016
On 06/09/2016 08:09 PM, Michael Fladischer wrote:
> some months ago I bought a Yubikey Neo 4 to store my private key on. It
> works perfect with GnuPG on my local Laptop.
>
> Now I would like to sign some files with my key on a remote server
> (build machine). I'm logged in there over SSH and I tried forwarding the
> unix domain socket from scdaemon over the relatively new
> SSH-unix-domain-socket-forwaring feature like this:
>
> ssh my.server.com -R ~/.gnupg/S.scdaemon:~/.gnupg/S.scdaemon
You don't need to do that. Instead, you need to use forwarding of
gpg-agent's socket. Note that it is gpg-agent which gpg frontend
connects to, and it is gpg-agent which connects to scdaemon.
Once gpg-agent' socket is forwarded, you can access your local
scdaemon, like:
gpg frontend --> [by forwarded socket] --> [by normal socket]
remote your server local gpg-agent local scdaemon
It works for me with Gnuk Token, and I don't think it's hardware
specific.
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160610/0280168c/attachment.sig>
More information about the Gnupg-users
mailing list