diff options
| -rwxr-xr-x | gpg-forward | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/gpg-forward b/gpg-forward new file mode 100755 index 0000000..69ff3db --- /dev/null +++ b/gpg-forward @@ -0,0 +1,56 @@ +#!/usr/bin/env bash +# +# gpg-forward - Forward local gpg-agent socket to remote machine +# +# GPG operations (like git commit signing) require access to a gpg-agent socket. +# When working on a remote machine, we want to use the yubikey connected to our +# local machine. This requires forwarding the local gpg-agent socket to the remote +# machine. +# +# This script establishes ONLY the socket forwarding via ssh, without a terminal. +# Run this in a separate terminal when you need gpg operations to work on the +# remote machine (e.g. when using et/eternal-terminal). +# +if [ -z "$1" ]; then + echo "Usage: gpg-forward [hostname]" + exit 1 +fi + +HOST=$1 + +echo "Forwarding gpg-agent to $HOST..." + +# kill any existing ControlMaster connection +ssh -O exit "$HOST" 2>/dev/null || true + +# first, clean up any stale socket on the remote +ssh -o "ControlMaster=no" "$HOST" "rm -f /run/user/1000/gnupg/S.gpg-agent" + +# -N = no remote commands (no shell) +# -T = disable pseudo-terminal allocation +# -o ExitOnForwardFailure=yes = exit if forwarding fails instead of connecting anyway +# -o StreamLocalBindUnlink=yes = remove existing socket on remote if present +ssh -N -T \ + -o "ExitOnForwardFailure=yes" \ + -o "StreamLocalBindUnlink=yes" \ + -R "/run/user/1000/gnupg/S.gpg-agent:/run/user/1000/gnupg/S.gpg-agent.extra" \ + "$HOST" & + +# capture the ssh process id +SSH_PID=$! + +# wait a moment for connection to establish +sleep 1 + +# check if ssh process is still running (connection succeeded) +if kill -0 $SSH_PID 2>/dev/null; then + echo "Connection established. GPG agent forwarded successfully." + echo "Forwarding will continue until you press Ctrl-C" + # wait for ssh process to exit (when user presses Ctrl-C) + wait $SSH_PID +else + echo "Failed to establish connection!" + exit 1 +fi + +echo "GPG agent forwarding stopped." |