This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
osx:start [2019/02/25 14:40] robm [VPN over SSH] Add instructions for automating via SSH config files |
osx:start [2019/05/22 15:10] robm [GPG with remote forwarding] |
||
---|---|---|---|
Line 756: | Line 756: | ||
===== Automating via SSH configuration files ===== | ===== Automating via SSH configuration files ===== | ||
+ | |||
+ | <note important> | ||
- **As root** on your client system, generate a new SSH keypair to use for VPN. < | - **As root** on your client system, generate a new SSH keypair to use for VPN. < | ||
Line 801: | Line 803: | ||
route delete 10/8 $GATEWAY | route delete 10/8 $GATEWAY | ||
route delete $REMOTE_HOST $GATEWAY | route delete $REMOTE_HOST $GATEWAY | ||
- | ) &</ | + | ) &</ |
- Make the new script executable: < | - Make the new script executable: < | ||
- Test it by running < | - Test it by running < | ||
Line 901: | Line 903: | ||
brew cask install smcfancontrol | brew cask install smcfancontrol | ||
+ | |||
+ | ====== GPG with remote forwarding ====== | ||
+ | |||
+ | Overview (notes to follow, I hope): | ||
+ | |||
+ | - Install GPG locally and create an identity | ||
+ | - Ensure that passphrase challenge (" | ||
+ | - Install GPG on remote, and import public key | ||
+ | - Configure SSH to forward agent socket | ||
+ | - Disable systemd stuff which creates (unused) gpg sockets and/or configure SSHd to allow you to delete and recreate those sockets | ||
+ | |||
+ | https:// | ||
+ | |||
+ | - '' | ||
+ | - Append to '' | ||
+ | source ~/ | ||
+ | export GPG_AGENT_INFO | ||
+ | else | ||
+ | eval $(gpg-agent --daemon --write-env-file ~/ | ||
+ | fi</ | ||
+ | - Create/ | ||
+ | - '' | ||
+ | - '' | ||
+ | - '' | ||
+ | pinentry-program / | ||
+ | default-cache-ttl 600 | ||
+ | max-cache-ttl 7200</ | ||
+ | |||
+ | https:// | ||
+ | |||
+ | Testcase: | ||
+ | |||
+ | < | ||