diff options
| author | drduh <github@duh.to> | 2024-03-25 18:09:30 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-03-25 18:09:30 +0000 |
| commit | c1199cbcf8c7693b4a661fd86b0394ce66c96004 (patch) | |
| tree | c7f77b126e8a8ed1085c867e23b898eba82e0d26 | |
| parent | Merge remote-tracking branch 'origin' (diff) | |
| parent | Fix broken 'SSH agent forwarding' internal links (diff) | |
| download | YubiKey-Guide-c1199cbcf8c7693b4a661fd86b0394ce66c96004.tar.gz | |
Merge pull request #430 from wstephenson/master
Fix broken 'SSH agent forwarding' internal links
| -rw-r--r-- | README.md | 6 |
1 files changed, 3 insertions, 3 deletions
@@ -1288,7 +1288,7 @@ See the [WSL agent architecture](media/schema_gpg.png) illustration for an overv **Note** GnuPG forwarding for cryptographic operations is not supported. See [vuori/weasel-pageant](https://github.com/vuori/weasel-pageant) for more information. -One way to forward is just `ssh -A` (still need to eval weasel to setup local ssh-agent), and only relies on OpenSSH. In this track, `ForwardAgent` and `AllowAgentForwarding` in ssh/sshd config may be involved. However, when using ssh socket forwarding, do not enable `ForwardAgent` in ssh config. See [SSH Agent Forwarding](#remote-machines-ssh-agent-forwarding) for more information. This requires Ubuntu 16.04 or newer for WSL and Kleopatra. +One way to forward is just `ssh -A` (still need to eval weasel to setup local ssh-agent), and only relies on OpenSSH. In this track, `ForwardAgent` and `AllowAgentForwarding` in ssh/sshd config may be involved. However, when using ssh socket forwarding, do not enable `ForwardAgent` in ssh config. See [SSH Agent Forwarding](#ssh-agent-forwarding) for more information. This requires Ubuntu 16.04 or newer for WSL and Kleopatra. Download [vuori/weasel-pageant](https://github.com/vuori/weasel-pageant). @@ -1358,9 +1358,9 @@ set -x SSH_AUTH_SOCK (gpgconf --list-dirs agent-ssh-socket) gpgconf --launch gpg-agent ``` -When using `ForwardAgent` for ssh-agent forwarding, `SSH_AUTH_SOCK` only needs to be set on the *local* host, where YubiKey is connected. On the *remote* host, `ssh` will set `SSH_AUTH_SOCK` to something like `/tmp/ssh-mXzCzYT2Np/agent.7541` upon connection. Do **not** set `SSH_AUTH_SOCK` on the remote host - doing so will break [SSH Agent Forwarding](#remote-machines-ssh-agent-forwarding). +When using `ForwardAgent` for ssh-agent forwarding, `SSH_AUTH_SOCK` only needs to be set on the *local* host, where YubiKey is connected. On the *remote* host, `ssh` will set `SSH_AUTH_SOCK` to something like `/tmp/ssh-mXzCzYT2Np/agent.7541` upon connection. Do **not** set `SSH_AUTH_SOCK` on the remote host - doing so will break [SSH Agent Forwarding](#ssh-agent-forwarding). -For `S.gpg-agent.ssh` (see [SSH Agent Forwarding](#remote-machines-ssh-agent-forwarding) for more info), `SSH_AUTH_SOCK` should also be set on the *remote*. However, `GPG_TTY` should not be set on the *remote*, explanation specified in that section. +For `S.gpg-agent.ssh` (see [SSH Agent Forwarding](#ssh-agent-forwarding) for more info), `SSH_AUTH_SOCK` should also be set on the *remote*. However, `GPG_TTY` should not be set on the *remote*, explanation specified in that section. ### Copy public key |