Closed reyman closed 2 years ago
Hi. That is a normal behavior because the socket S.gpg-agent.extra is restricted to increase security. If you want to use all commands, try using the local S.gpg-agent socket.
Kind regards.
@Nepochal Hi!
Ok, hum, i'm not sure to correctly config this thing.
I need to remove all the "agent-extra-socket" in local and remote conf, or i need to reroute agent-extra-socket on /run/user/1000/gnupg/S.gpg-agent ?
Rest regards.
Try using
ssh -A -R /run/user/0/gnupg/S.gpg-agent:/run/user/1000/gnupg/S.gpg-agent xxx
to connect to your server. Your local S.gpg-agent socket is capable of all commands.
Nevertheless, you should be aware that using the S.gpg-agent socket is less safe, because the commands are not restricted there.
I don't use nor generally recommend agent forwarding, so please send a PR yourself if there's useful information to add to the guide.
Hi Drdhuh,
Thanks for you fantastic works, it really help me to understand and configure my YUBIKEY to work as i want.
I have some difficulties with this part : https://github.com/drduh/YubiKey-Guide#remote-machines-agent-forwarding
SSH connection using gpg-agent and key created and stored into yubikey (as smartcard) works, so typing
ssh-add -l
on remote after connection works and return4096 SHA256:xxx cardno:xxx (RSA)
. Thanks for that.BUT anything linked to detection of smartcard, like
gpg --smart-status
,gpg --card-edit
don’t work remotly, this is strange or is it a normal behavior ?So, a second question, linked to this first, do you think it could be possible to forward a challenge/response configured on slot 2 by ssh using agent forwarding ?
Connecting using :
or
My ~/.ssh/config for xxx :
I'm using :
locally : gpg (GnuPG) 2.2.12 remotly : gpg (GnuPG) 2.2.20
LOCAL
local agent socket
gpg-agent.conf
REMOTE
agent sockets :
gpg.conf
Remote Nix config
I also post this problem on nix forum : https://discourse.nixos.org/t/yubikey-smartcard-challenge-mode-usable-on-remote-ssh/8936/11
Thanks !