How to make remote gpg talk to specific Unix socket (for forwarded local gpg-agent)

[Werner Koch]

On Mon, 16 Jan 2023 07:56, Troy said:

> The problem is that there's already a gpg-agent running at the remote
> (I think started by systemd or the X server), which I don't want to
> disturb.  For my ssh connection, I try to create a new Unix domain

Don't run the gpg-agent for your account.  I put

no-autostart

into ~/.gnupg/common.conf to avoid that any tools on the remote start
the gpg-agent.  Of course you need to disable the systemd stuff to
autostart gpg-agent - using systemd for autostart is deprecated because
it creates races.

iirc, the wiki says that you should put

  StreamLocalBindUnlink yes

into the sshd_config.  I prefer to manually delete the socket using

  ssh remote "rm $(gpgconf -L agent-socket)"

if the connection does not work.  I have this in ~/.ssh/config

Host remote
     RemoteForward /run/user/1042/gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg-agent.extra

(1042 is my uid on remote).

Then you just need to "ssh remote"

> - gpg (GnuPG) 2.2.27

Well, the single common option no-autostart is only available in stable
(since 2.3.8)


Salam-Shalom,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230117/a70fdd59/attachment.sig>