IT notes

To Forward your SSH session if using a Yubikey and gpg-agent:

For example to connect from a MacOS to a Linux VM:

On the client, add this to your ~/.ssh/config

Host foo
    Hostname X.X.X.X
    ForwardAgent yes
    RemoteForward /run/user/1000/gnupg/S.gpg-agent     /Users/monkey/.gnupg/S.gpg-agent.extra
    RemoteForward /run/user/1000/gnupg/S.gpg-agent.ssh /Users/monkey/.gnupg/S.gpg-agent.extra.ssh
                            (remote socket)                  (local socket)

To find the local socket in your mac/client do:

gpgconf --list-dirs agent-extra-socket

To find the remove socket, in the Linux VM, do:

gpgconf --list-dirs agent-socket

In the remote host (the Linux VM) in .bashrc I have:

gpgconf --create-socketdir

If can't login, remove the socket: rm -f /run/user/1000/gnupg/S.gpg-agent, if posible add this to the /etc/ssh/sshd_config: StreamLocalBindUnlink yes

Optional If you do not have root access to the remote machine to edit /etc/ssh/sshd_config, you will need to remove the socket (located at gpgconf --list-dir agent-socket) on the remote machine before forwarding works. For example, rm /run/user/1000/gnupg/S.gpg-agent - https://github.com/drduh/YubiKey-Guide#remote-machines-gpg-agent-forwarding

Add your public key to the remove host:

gpg -a -o pub.key --export your@key

In the remote host import your key and trust it:

gpg --import pub.key
gpg --edit-key KEYID
trust
5
save

You could also use:

ssh -R /run/user/1000/gnupg/S.gpg-agent:/Users/monkey/.gnupg/S.gpg-agent.extra -o "StreamLocalBindUnlink=yes" [email protected]

In the remote host test with something like:

ssh -T [email protected]

Also you could list all your current keys with:

ssh-add -L