Hi openssh dev's, I love an truly appreciate the Socket forwarding feature in OpenSSH 6.7. i use it for forwarding the socket of GnuPG's agent (that handles the secret stuff) to remote machines. Usecase: ====== I am a remote worker and use gnupg agent forwarding to connect to our company infrastructure that makes heavy use of PGP encryption while keeping my key out of the hands of the company on a personal smartcard that is connected to my local system. Problem ===== Now with GnuPG 2.1.13 the socket directory changed from ~/.gnupg to /run/user/<uid>/gnupg on systems where /run/user/<uid> exists, to better accommodate systemd. I now have the problem that my config line: RemoteForward /var/run/user/10118/gnupg/S.gpg-agent /home/aheinecke/.gnupg/S.gpg-agent.extra Does not work if /var/run/user/10118/gnupg/ does not exist. OpenSSH does not create the directory and fails to forward the socket. That it does not exist is the usual case because systemd cleans up this directory on logout if no processes exist that are still accessing it. There are of course workarounds like creating that directory before the agent forwarding connection but they are workarounds and I'd like to have this working smoothly. The gpg-agent forwarding is an awesome feature for us. ( I documented it under https://wiki.gnupg.org/AgentForwarding ) In my opinion OpenSSH should create the parent directories of RemoteForwarded files if possible. Maybe as a configuration option? Do you agree? Or do you think that some other software component in this setup is behaving wrongly? Regards, Andre -- Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
