Larvitz :fedora: :redhat: on Nostr: I use the awesome openpgp-card-ssh-agent ...
I use the awesome openpgp-card-ssh-agent (https://codeberg.org/openpgp-card/ssh-agent) from Heiko (npub18sq…29ap) to use physical OpenPGP Smartcards for SSH authentication.
Sometimes, I want to use my OpenPGP card while working on a remote system.
An incredibly useful feature for that is SSH forwarding in combination with the agents socket (sockets can be forwarded via SSH just like tcp ports):
Socket location on my workstation: /run/user/1000/openpgp-card/ssh-agent.sock
Socket location on the remote host: $HOME/.tmp/ssh-agent.sock
1. Connecting to the remote server and forwarding the socket:
ssh -R /home/username/.tmp/ssh-agent.sock:/run/user/1000/openpgp-card/ssh-agent.sock remote-system.tld
2. Using the Socket on the remote system::
SSH_AUTH_SOCK=$HOME/.tmp/ssh-agent.sock ssh root@some-other-system.tld
Warning: This exposes the socket of opengp-card-ssh-agent to the remote system. Anyone with the neccesary privileges can use the session and access your local Smartcard, too. Use this with caution!
#linux #ssh
Sometimes, I want to use my OpenPGP card while working on a remote system.
An incredibly useful feature for that is SSH forwarding in combination with the agents socket (sockets can be forwarded via SSH just like tcp ports):
Socket location on my workstation: /run/user/1000/openpgp-card/ssh-agent.sock
Socket location on the remote host: $HOME/.tmp/ssh-agent.sock
1. Connecting to the remote server and forwarding the socket:
ssh -R /home/username/.tmp/ssh-agent.sock:/run/user/1000/openpgp-card/ssh-agent.sock remote-system.tld
2. Using the Socket on the remote system::
SSH_AUTH_SOCK=$HOME/.tmp/ssh-agent.sock ssh root@some-other-system.tld
Warning: This exposes the socket of opengp-card-ssh-agent to the remote system. Anyone with the neccesary privileges can use the session and access your local Smartcard, too. Use this with caution!
#linux #ssh