meta data for this page
This is an old revision of the document!
gpg-agent forwarding
Search tags: pgp gpg remote gpg-agent gpg-agent forwarding.
Source:
local machine
Public and secret key must be present on local machine
gpg --import usert@example.com-public.asc gpg --import usert@example.com-secret.asc
Get gpg-agent socket paths on local and remote machines:
$ gpgconf--list-dirs agent-extra-socket /run/user/1000/gnupg/S.gpg-agent.extra
$ ssh remote gpgconf --list-dirs agent-socket /run/user/1000/gnupg/S.gpg-agent
Edit SSH user configuration and add sockets forwarding for remote host:
- ~/.ssh/config
- Host remote RemoteForward /run/user/1000/gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg-agent.extra 
remote machine
Public key must be imported on remote machine:
gpg --import usert@example.com-public.asc gpg: key XXXXXXXXXXXXX: public key "User <user@example.com>" imported gpg: Total number processed: 1 gpg: imported: 1
Modify ssh server configuration to enable automatic removal of stale sockets when connecting to the remote machine:
- /etc/ssh/sshd_config
- StreamLocalBindUnlink yes 
and restart sshd:
systemctl restart ssh
usage
On remote machine:
gpg --list-secret-keys
Sign message:
echo TEXT | gpg -s