What is Nostr?
Larvitz :fedora: :redhat: /
npub1fj6…aq90
2024-06-30 17:40:34

Larvitz :fedora: :redhat: on Nostr: I use the awesome openpgp-card-ssh-agent ...

I use the awesome openpgp-card-ssh-agent (https://codeberg.org/openpgp-card/ssh-agent) from Heiko (npub18sq…29ap) to use physical OpenPGP Smartcards for SSH authentication.

Sometimes, I want to use my OpenPGP card while working on a remote system.

An incredibly useful feature for that is SSH forwarding in combination with the agents socket (sockets can be forwarded via SSH just like tcp ports):

Socket location on my workstation: /run/user/1000/openpgp-card/ssh-agent.sock

Socket location on the remote host: $HOME/.tmp/ssh-agent.sock

1. Connecting to the remote server and forwarding the socket:

ssh -R /home/username/.tmp/ssh-agent.sock:/run/user/1000/openpgp-card/ssh-agent.sock remote-system.tld

2. Using the Socket on the remote system::

SSH_AUTH_SOCK=$HOME/.tmp/ssh-agent.sock ssh root@some-other-system.tld

Warning: This exposes the socket of opengp-card-ssh-agent to the remote system. Anyone with the neccesary privileges can use the session and access your local Smartcard, too. Use this with caution!

#linux #ssh
Author Public Key
npub1fj6u59lnses9xu6xa6ewugrfg2e639lg32r24383525xq3deyuaspjaq90