diff options
author | Zenithal <i@zenithal.me> | 2020-12-03 01:01:36 +0800 |
---|---|---|
committer | Zenithal <i@zenithal.me> | 2020-12-03 01:01:36 +0800 |
commit | 6097e6762cbba92ea272a29266e0edce8e440044 (patch) | |
tree | 7e7006f53921dfa9b3603981eeb141a121ddf022 | |
parent | Add new method for ssh-agent forwarding (diff) | |
download | YubiKey-Guide-6097e6762cbba92ea272a29266e0edce8e440044.tar.gz |
Change note in alter agent section
Different methods have different requirements
-rw-r--r-- | README.md | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -1979,8 +1979,9 @@ export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) gpgconf --launch gpg-agent ``` -Note that `SSH_AUTH_SOCK` normally only needs to be set on the *local* laptop (workstation), where the YubiKey is plugged in. On the *remote* server that we SSH into, `ssh` will automatically set `SSH_AUTH_SOCK` to something like `/tmp/ssh-mXzCzYT2Np/agent.7541` when we connect. We therefore do **NOT** manually set `SSH_AUTH_SOCK` on the server - doing so would break [SSH Agent Forwarding](#remote-machines-gpg-agent-forwarding). +Note that if you use `ForwardAgent` for ssh-agent forwarding, `SSH_AUTH_SOCK` only needs to be set on the *local* laptop (workstation), where the YubiKey is plugged in. On the *remote* server that we SSH into, `ssh` will automatically set `SSH_AUTH_SOCK` to something like `/tmp/ssh-mXzCzYT2Np/agent.7541` when we connect. We therefore do **NOT** manually set `SSH_AUTH_SOCK` on the server - doing so would break [SSH Agent Forwarding](#remote-machines-ssh-agent-forwarding). +If you use `S.gpg-agent.ssh` (see [SSH Agent Forwarding](#remote-machines-ssh-agent-forwarding) for more info), `SSH_AUTH_SOCK` should also be set on the *remote*. However, `GPG_TTY` should not be set on the *remote*, explanation specified in that section. ## Copy public key |