jsauer/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
dotfiles/gnupg/.local/bin/gssh
Jens Sauer 15222b77b8 gnupg: Add gpg-agent over SSH wrapper 
gpg-agent forwarding over SSH, the remote SSH server needs to enable
"StreamLocalBindUnlink yes" in the global /etc/ssh/sshd_config. It may
happen that this file is not adjustable by the user.

The wrapper 'gssh' detects the correct socket and enables gpg-agent
forwarding when the user explicit wants to forward the gpg-agent.

See more: https://wiki.gnupg.org/AgentForwarding and
The code was written by Callan Bryant: https://github.com/naggie/dotfiles
thanks for sharing under MIT License.
2020-11-24 14:24:47 +01:00

41 lines
1.3 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/sh
echo "Preparing host for forwarded GPG agent..." >&2
# prepare remote for agent forwarding, get socket
# Remove the socket in this pre-command as an alternative to requiring
# StreamLocalBindUnlink to be set on the remote SSH server.
# Find the path of the agent socket remotely to avoid manual configuration
# client side. The location of the socket varies per version of GPG,
# username, and host OS.
remote_socket=$(cat <<'EOF' | command ssh -T "$@" bash
set -e
socket=$(gpgconf --list-dirs | grep agent-socket | cut -f 2 -d :)
# killing agent works over socket, which might be dangling, so time it out.
timeout -k 2 1 gpgconf --kill gpg-agent || true
test -S $socket && rm $socket
echo $socket
EOF
)
if [ ! $? -eq 0 ]; then
echo "Problem with remote GPG. use ssh -A $@ for ssh with agent forwarding only." >&2
return
fi
if [ "$SSH_CONNECTION" ]; then
# agent on this host is forwarded, allow chaining
local_socket=$(gpgconf --list-dirs | grep agent-socket | cut -f 2 -d :)
else
# agent on this host is running locally, use special remote socket
local_socket=$(gpgconf --list-dirs | grep agent-extra-socket | cut -f 2 -d :)
fi
if [ ! -S $local_socket ]; then
echo "Could not find suitable local GPG agent socket" 2>&1
return
fi
echo "Connecting..." >&2
ssh -A -R $remote_socket:$local_socket "$@"
Reference in New Issue View Git Blame Copy Permalink