1 Return-Path: <dkg@fifthhorseman.net>
\r
2 X-Original-To: notmuch@notmuchmail.org
\r
3 Delivered-To: notmuch@notmuchmail.org
\r
4 Received: from localhost (localhost [127.0.0.1])
\r
5 by olra.theworths.org (Postfix) with ESMTP id 15E3C431FAF
\r
6 for <notmuch@notmuchmail.org>; Mon, 8 Jul 2013 04:44:37 -0700 (PDT)
\r
7 X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
\r
11 X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none]
\r
13 Received: from olra.theworths.org ([127.0.0.1])
\r
14 by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
\r
15 with ESMTP id cg4Y838DEXKw for <notmuch@notmuchmail.org>;
\r
16 Mon, 8 Jul 2013 04:44:29 -0700 (PDT)
\r
17 Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108])
\r
18 by olra.theworths.org (Postfix) with ESMTP id 35CA0431FAE
\r
19 for <notmuch@notmuchmail.org>; Mon, 8 Jul 2013 04:44:29 -0700 (PDT)
\r
20 Received: from [192.168.13.179] (lair.fifthhorseman.net [108.58.6.98])
\r
21 by che.mayfirst.org (Postfix) with ESMTPSA id 40D68F980;
\r
22 Mon, 8 Jul 2013 07:44:25 -0400 (EDT)
\r
23 Message-ID: <51DAA617.4090308@fifthhorseman.net>
\r
24 Date: Mon, 08 Jul 2013 07:44:23 -0400
\r
25 From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
\r
26 User-Agent: Mozilla/5.0 (X11; Linux x86_64;
\r
27 rv:17.0) Gecko/20130630 Icedove/17.0.7
\r
29 To: Neil Roberts <neil@linux.intel.com>
\r
30 Subject: Re: [PATCH 0/2] Prompting for the GPG password within Emacs
\r
31 References: <1373195672-9338-1-git-send-email-neil@linux.intel.com>
\r
32 <51D9F4E6.1030504@fifthhorseman.net> <87r4f9xqc7.fsf@neilpc.config>
\r
33 In-Reply-To: <87r4f9xqc7.fsf@neilpc.config>
\r
34 X-Enigmail-Version: 1.5.1
\r
35 Content-Type: multipart/signed; micalg=pgp-sha512;
\r
36 protocol="application/pgp-signature";
\r
37 boundary="----enig2PTDHJLRHHSIOUJJPDHBO"
\r
38 Cc: notmuch@notmuchmail.org
\r
39 X-BeenThere: notmuch@notmuchmail.org
\r
40 X-Mailman-Version: 2.1.13
\r
42 List-Id: "Use and development of the notmuch mail system."
\r
43 <notmuch.notmuchmail.org>
\r
44 List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
\r
45 <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
\r
46 List-Archive: <http://notmuchmail.org/pipermail/notmuch>
\r
47 List-Post: <mailto:notmuch@notmuchmail.org>
\r
48 List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
\r
49 List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
\r
50 <mailto:notmuch-request@notmuchmail.org?subject=subscribe>
\r
51 X-List-Received-Date: Mon, 08 Jul 2013 11:44:37 -0000
\r
53 This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
\r
54 ------enig2PTDHJLRHHSIOUJJPDHBO
\r
55 Content-Type: text/plain; charset=UTF-8
\r
56 Content-Transfer-Encoding: quoted-printable
\r
60 On 07/08/2013 07:07 AM, Neil Roberts wrote:
\r
62 > Both machines are trusted personal machines so I can put the keys on
\r
65 cool, this makes it a little bit easier.
\r
67 > I think what would be ideal is if OpenSSH could
\r
68 > support gpg-agent forwarding like it does for ssh-agent.
\r
70 Hm, interesting. I bet we could figure out a way to do this with
\r
71 existing OpenSSH without needing to patch anything, as long as you're
\r
72 willing to use helper utilities like socat.
\r
74 it came up on a blog post i made a while back about forwarding
\r
75 unix-domain sockets over ssh:
\r
77 https://www.debian-administration.org/users/dkg/weblog/68
\r
79 but no one offered an explicit recipe, and my examples there are for
\r
80 forwarding a unix domain socket from the ssh client to the ssh server,
\r
81 which i think is the reverse of what you're proposing.
\r
84 I just did a little test, and got the following to work with a single
\r
85 connection (a bit more tuning and you can probably make it work repeatedl=
\r
88 on the remote server (i'll call it "xxx"), i did:
\r
91 chmod 0700 ~/.sockets
\r
92 export GPG_AGENT_INFO=3D~/.sockets/S.gpg-agent:0:1
\r
94 and on my local machine, i ran the following bash command (this is all
\r
95 one command, sorry about the line wrap):
\r
98 EXEC:'ssh xxx socat UNIX-LISTEN\:.sockets/S.gpg-agent STDIO'
\r
99 UNIX:${GPG_AGENT_INFO%%:*}
\r
101 then on the remote server, i created a secret key, and ran:
\r
103 echo test > test.txt
\r
104 gpg --clearsign test.txt
\r
106 and was prompted by my local graphical gpg-agent.
\r
108 note that this means that any passphrases cached by my local gpg-agent
\r
109 are also visible to the account on the remote server, but in your
\r
110 scenario (you control and trust both machines) that should be OK.
\r
117 ------enig2PTDHJLRHHSIOUJJPDHBO
\r
118 Content-Type: application/pgp-signature; name="signature.asc"
\r
119 Content-Description: OpenPGP digital signature
\r
120 Content-Disposition: attachment; filename="signature.asc"
\r
122 -----BEGIN PGP SIGNATURE-----
\r
123 Version: GnuPG v1.4.12 (GNU/Linux)
\r
124 Comment: Using GnuPG with Icedove - http://www.enigmail.net/
\r
126 iQJ8BAEBCgBmBQJR2qYXXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
\r
127 ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB
\r
128 NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpcVN0P/AlR/q4gBc3ahHcUSM7cyHyS
\r
129 ICR8vcSjcCwSNxpZGFb6gzbMsHg8kzyMPt3ZNxM7Ovts8qdu9OpbFBo17QqgAT31
\r
130 6ipz3yc65MeAdWDSZBbYDDp6pMbWqyMNn/5ShtfNvpCopBft/PpfyFqUB9eJWklj
\r
131 Cd7iNCxbnE6oIrtu2x5lBW54THKfyu7RpAFCNhs7lj1OwlsS+rulhvA4DUzQ68Kq
\r
132 xTVwLoIMrVI8LTs6fA4omooXAnGYVyP430ZRe0fLFfTvbBxTKBKM0NG6Qp0FdH2h
\r
133 frNPYBRARnG2qcawcN1iKGg/iUIO9PfHbb0g0AZt9MfZi4xiwOxEyHqDJ+LJ+liF
\r
134 KYbRzRLTIhwTuzgSjJckZhPixo2kKhkov2evzSaxPzi2yIT6qP5JpdiLQx6v/Ga5
\r
135 oNDK1PJw0fNoFqgEgMvVYXQegkH0OPXCyFCiObKcB/0vbwjdbQHVAoChCDH/5LGc
\r
136 I16Pe8klx0Ovj7BRk0TUcdI7C5itbyBg9XmlZX7iyVlYJblb1LBFuNrg2jXjOkry
\r
137 O/Ex/rrITomwWRupOa1/plIyhl4Qb4K5t0hL7txNlDDGghw4f9RE/zL1GHx3ndrF
\r
138 jxc3GaHXOZN9dR35qsCeEqU/euQtFnC4IjJw9kX0/bzTMU01aqUvDWYxxe4EXZym
\r
139 0rwS8gJ/N10LRIeip0uC
\r
141 -----END PGP SIGNATURE-----
\r
143 ------enig2PTDHJLRHHSIOUJJPDHBO--
\r
projects / notmuch-archives.git / blob