Hi, On Monday 13 June 2016 15:33:51 David Faure wrote: > On lundi 6 juin 2016 11:39:25 CEST Sandro Knauß wrote: > > you don't need to have the privatekey on the server - We have gpg-agent > > and > > ssh - so you can forward the gpg-agent to the server when doing a release. > > That way the private keymatierial stays safe at your place: > > > > https://www.isi.edu/~calvin/gpgagent.htm > > OK.... this requires OpenSSH >= 6.7, and that's not packaged even for > OpenSuSE Tumbleweed. I grabbed an OpenSSH-7.2 RPM from someone's repo at > http://software.opensuse.org/package/openssh and then I couldn't ssh > anywhere anymore (permission denied) :-). Reverted to OpenSSH_6.6.1p1.
I'm using agent-forwarding through socat for that reason: Here is an example how I connect to <myserver>. The last command is executed after ssh on the server. (while true; do socat TCP-LISTEN:16668,bind=127.0.0.1 UNIX-CONNECT:/home/aheinecke/.gnupg/S.gpg-agent.extra; done) & ssh -R16668:localhost:16668 <myserver> (while true; do socat UNIX-LISTEN:$HOME/.gnupg/S.gpg-agent,unlink-close,unlink-early TCP4:localhost:16668; done) & See also: http://superuser.com/questions/161973/how-can-i-forward-a-gpg-key-via-ssh-agent Where I took this from :-) Regards, Andre -- Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ release-team mailing list [email protected] https://mail.kde.org/mailman/listinfo/release-team
