WIP
GPG Agent ForwardingΒΆ
To sign your commit on remote server you can forward gpg agent via ssh.
Execute on local and remote matchine:
gpgconf --list-dir agent-extra-socket
It will give something like
/run/user/1000/gnupg/S.gpg-agent.extra
.Now you need to modify
/etc/ssh/sshd_config
on remote server and set following setting:StreamLocalBindUnlink yes
Save the file and restart ssh server, e.g.:
sudo service ssh restart
Then on connecting to the server add following arg:
ssh user@domain.example -R /run/user/1000/gnupg/S.gpg-agent.extra:/run/user/1000/gnupg/S.gpg-agent.extra
You can also configure it in
~/.ssh/config
file:Host gpgtunnel HostName domain.example RemoteForward <socket_on_remote_box> <extra_socket_on_local_box>
References: * https://wiki.gnupg.org/AgentForwarding * https://superuser.com/questions/161973/how-can-i-forward-a-gpg-key-via-ssh-agent