概要
GPG Agent の Forwarding をした時の手順ログ。ほぼ自分用メモ。
1. local machine 側の作業
~/.gnupg/gpg-agent.conf
# 追記
# なくても大丈夫そうだが念のため
extra-socket $HOME/.gnupg/S.gpg-agent.extra
$ gpgconf --reload gpg-agent
$ gpgconf --list-dir agent-extra-socket
/Users/kino-ma/.gnupg/S.gpg-agent.extra # ローカル側のソケット
2. remote machine 側の作業
gpg --export <KEY_ID> | ssh remote gpg --import -
$ gpg --edit-key <KEY_ID>
gpg> trust
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 5
gpg> save
Key not changed so no update needed.
$ gpg -k
権限があれば、以下を追記する。
# /etc/ssh/sshd_config
StreamLocalBindUnlink yes
$ gpgconf --list-dir agent-socket
/run/user/1001/gnupg/S.gpg-agent # リモート側のソケット
3. local machine
~/.ssh/config
Host remote
HostName remote.example.com
RemoteForward <REMOTE_SOCKET> <LOCAL_SOCKET>
ExitOnForwardFailure Yes
local$ ssh remote
remote$ gpg -K
remote$ gpg --sign -a <<< "hello"
うまくいかないとき
systemctl --user mask gpg-agent.service gpg-agent.socket gpg-agent-ssh.socket gpg-agent-extra.socket gpg-agent-browser.socket
や
rm -rf <REMOTE_SOKCET>