I use the awesome openpgp-card-ssh-agent (https://codeberg.org/openpgp-card/ssh-agent) from Heiko (npub18sq…29ap) to use physical OpenPGP Smartcards for SSH authentication.
Sometimes, I want to use my OpenPGP card while working on a remote system.
An incredibly useful feature for that is SSH forwarding in combination with the agents socket (sockets can be forwarded via SSH just like tcp ports):
Socket location on my workstation: /run/user/1000/openpgp-card/ssh-agent.sock
Socket location on the remote host: $HOME/.tmp/ssh-agent.sock
1. Connecting to the remote server and forwarding the socket:
ssh -R /home/username/.tmp/ssh-agent.sock:/run/user/1000/openpgp-card/ssh-agent.sock remote-system.tld
2. Using the Socket on the remote system::
SSH_AUTH_SOCK=$HOME/.tmp/ssh-agent.sock ssh root@some-other-system.tld
Warning: This exposes the socket of opengp-card-ssh-agent to the remote system. Anyone with the neccesary privileges can use the session and access your local Smartcard, too. Use this with caution!
#linux #ssh
Larvitz :fedora: :redhat: /
npub1fj…jaq90
2024-06-30 17:40:34
Author Public Key
npub1fj6u59lnses9xu6xa6ewugrfg2e639lg32r24383525xq3deyuaspjaq90Published at
2024-06-30 17:40:34Event JSON
{
"id": "eb37fc25150d6a01e1f892199d1959a9dcd984ad693e8b2e448c4adf452adaf4",
"pubkey": "4cb5ca17f38660537346eeb2ee206942b3a897e88a86aac4f1a2a86045b9273b",
"created_at": 1719769234,
"kind": 1,
"tags": [
[
"p",
"3c01081b819f3ba5e3328dde0d477918f99d2074049e5a6c88ee06fad7f469c1"
],
[
"proxy",
"https://burningboard.net/@Larvitz/112706796537781626",
"web"
],
[
"t",
"ssh"
],
[
"t",
"linux"
],
[
"proxy",
"https://burningboard.net/users/Larvitz/statuses/112706796537781626",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://burningboard.net/users/Larvitz/statuses/112706796537781626",
"pink.momostr"
],
[
"expiration",
"1722361240"
]
],
"content": "I use the awesome openpgp-card-ssh-agent (https://codeberg.org/openpgp-card/ssh-agent) from nostr:npub18sqssxupnua6tcej3h0q63merrue6gr5qj095mygacr044l5d8qs0529ap to use physical OpenPGP Smartcards for SSH authentication.\n\nSometimes, I want to use my OpenPGP card while working on a remote system.\n\nAn incredibly useful feature for that is SSH forwarding in combination with the agents socket (sockets can be forwarded via SSH just like tcp ports):\n\nSocket location on my workstation: /run/user/1000/openpgp-card/ssh-agent.sock\n\nSocket location on the remote host: $HOME/.tmp/ssh-agent.sock\n\n1. Connecting to the remote server and forwarding the socket:\n\nssh -R /home/username/.tmp/ssh-agent.sock:/run/user/1000/openpgp-card/ssh-agent.sock remote-system.tld\n\n2. Using the Socket on the remote system::\n\nSSH_AUTH_SOCK=$HOME/.tmp/ssh-agent.sock ssh root@some-other-system.tld\n\nWarning: This exposes the socket of opengp-card-ssh-agent to the remote system. Anyone with the neccesary privileges can use the session and access your local Smartcard, too. Use this with caution!\n\n#linux #ssh",
"sig": "259e9e22758e43e1b0b93f4619540ff5f80012cbb8f78b8e6e1ab667e6b93c366eb3f61f9a9f9ed7e3a7132e5a646c4009d8ec0d8293ddc6e5286f5dde519f93"
}