{"type":"rich","version":"1.0","title":"Larvitz :fedora: :redhat: wrote","author_name":"Larvitz :fedora: :redhat: (npub1fj…jaq90)","author_url":"https://yabu.me/npub1fj6u59lnses9xu6xa6ewugrfg2e639lg32r24383525xq3deyuaspjaq90","provider_name":"njump","provider_url":"https://yabu.me","html":"I use the awesome openpgp-card-ssh-agent (https://codeberg.org/openpgp-card/ssh-agent) from nostr:npub18sqssxupnua6tcej3h0q63merrue6gr5qj095mygacr044l5d8qs0529ap to use physical OpenPGP Smartcards for SSH authentication.\n\nSometimes, I want to use my OpenPGP card while working on a remote system.\n\nAn incredibly useful feature for that is SSH forwarding in combination with the agents socket (sockets can be forwarded via SSH just like tcp ports):\n\nSocket location on my workstation: /run/user/1000/openpgp-card/ssh-agent.sock\n\nSocket location on the remote host: $HOME/.tmp/ssh-agent.sock\n\n1. Connecting to the remote server and forwarding the socket:\n\nssh -R /home/username/.tmp/ssh-agent.sock:/run/user/1000/openpgp-card/ssh-agent.sock remote-system.tld\n\n2. Using the Socket on the remote system::\n\nSSH_AUTH_SOCK=$HOME/.tmp/ssh-agent.sock ssh root@some-other-system.tld\n\nWarning: This exposes the socket of opengp-card-ssh-agent to the remote system. Anyone with the neccesary privileges can use the session and access your local Smartcard, too. Use this with caution!\n\n#linux #ssh"}