Re: gpg-ssh signing with AgentForwarding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,
A colleague of mine was able to figure it out.
https://github.com/maxgoedjen/secretive/issues/405#issuecomment-2475175801
Hope it will help/serve the community

Jordan

On Thu, Nov 7, 2024 at 2:48 AM brian m. carlson
<sandals@xxxxxxxxxxxxxxxxxxxx> wrote:
>
> On 2024-11-07 at 04:16:34, Yarden Bar wrote:
> > Hello Git community,
> > Not sure what search terms I haven't used, but I'll try to describe the use-case
> >
> > On my local machine I have a SSH key, and I use AgentForwarding when I
> > go out and about to other hosts (dev machines)
> > The usual workflow of using the forwarded socket works for pull and push.
> >
> > Where it gets pitch-dark is when I try to use my ssh key to sign git commits.
> > Following is my git config on the remote host:
> > =====================
> > [user]
> >     name = John Doe
> >     email = jdoe@xxxxxxxx
> > # on my local machine(gpg-ssh signing works): signingkey =
> > /Users/jdoe/.ssh/id_ecdsa.pub
> >     signingkey = WHAT_SHOULD_I_PUT_HERE # on my laptop its the path to
> > the public key from Secretive, or just omit it?
>
> I think you want something like this:
>
>   [user]
>       signingkey = "key::ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"
>
> You should use your own key; that's just an example.  Note that you want
> the public key (that is, what's in `id_ecdsa.pub`, not `id_ecdsa`).
>
> Once you have the key in the config file like that, with the "key::"
> prefix, Git will pull from the agent if necessary.  I do that for
> signing commits using GitHub Codespaces, where it's easier to forward
> an SSH agent to the remote system than with GnuPG.
>
> This is documented in the `user.signingKey` entry in `git config
> --help`, but if there's something there that's unclear or you think the
> text could be improved, please say something, and we'll try to get it
> fixed.
> --
> brian m. carlson (they/them or he/him)
> Toronto, Ontario, CA





[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux