4

I'm trying to use the private key from my openpgp card from my Debian laptop to a RPi. I followed the different hints found on google, in particular:

  • extra-socket in ~/.gnupg/gpg-agent.conf
  • removed it again when founding that this extra socket already will be created in /run/user/<uid>/gnupg
  • forward this socket using ~/.ssh/config

Host homegear HostName homegear RemoteForward ~/.gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg-agent.extra

  • changed the order of the both sockets in the RemoteForward line since I'm always confused which one should be the first one
  • add the following into /etc/ssh/sshd_config of the RPi

StreamLocalBindUnlink yes

  • reload the gpg-agent on the laptop
  • open new ssh connection to RPi

But I always get

Warning: remote port forwarding failed for listen path ~/.gnupg/S.gpg-agent

when connecting to the RPi.

openssh on both laptop and RPi is 7.4 (Debian Stretch), gpg is 2.1.18. Forwarding the agent connect to be used as ssh private key (for connecting to gitlab from RPi) works perfectly, forwarding gpg private key (for signing commits) doesn't. I'm a bit helpless at the moment. Is there anything obviously wrong? Or is there still a problem with forwarding unix domain socket and I need to use the socat workaround?

Thank you!

wollud1969
  • 497
  • 4
  • 13

1 Answers1

0

I've run into exactly the same issue except between two Macs running 10.14.2 and GPG 2.2.11, and the only way I was able to get it to work was to specify the absolute path to the sockets on both ends. :( Having a relative path for either the remote or local socket both failed in various ways, which makes it a bit of a pain if you're connecting as different usernames on various machines.

I was able to work around that by specifying a number of different Match exec blocks in my ~/.ssh/config:

# Source machine is a personal Mac, connecting to another personal Mac on my local network
Match exec "hostname | grep -F .core" Host *.core
    RemoteForward /Users/virtualwolf/.gnupg/S.gpg-agent /Users/virtualwolf/.gnupg/S.gpg-agent.extra

# Source machine is a personal Mac, connecting to my Linux box
Match exec "hostname | grep -F .core" Host <name of the host block for my Linux box>
    RemoteForward /home/virtualwolf/.gnupg/S.gpg-agent /Users/virtualwolf/.gnupg/S.gpg-agent.extra

# Source machine is my work Mac, connecting to my Linux box
Match exec "hostname | grep -F <work machine name>" Host <name of the host block for my Linux box>
    RemoteForward /home/virtualwolf/.gnupg/S.gpg-agent /Users/<work username>/.gnupg/S.gpg-agent.extra

(SSH bits are taken from this answer).

VirtualWolf
  • 653
  • 13
  • 23