This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
osx:start [2019/05/23 09:33] robm [GPG with remote forwarding] |
osx:start [2019/05/23 09:36] robm [GPG with remote forwarding] |
||
---|---|---|---|
Line 910: | Line 910: | ||
My (initial) use-case is to allow docker on a remote host to store login my login credentials (so I can push/pull images when working), but not store secrets on that hose. THe default behaviour is to store my password in plain text, which is unacceptable. | My (initial) use-case is to allow docker on a remote host to store login my login credentials (so I can push/pull images when working), but not store secrets on that hose. THe default behaviour is to store my password in plain text, which is unacceptable. | ||
- | So I opted to use [[docker credentials management|https:// | + | So I opted to use [[https:// |
So I want to use GPG agent forwarding to allow '' | So I want to use GPG agent forwarding to allow '' | ||
Line 921: | Line 921: | ||
- Configure SSH to forward agent socket | - Configure SSH to forward agent socket | ||
- Disable systemd stuff which creates (unused) gpg sockets and/or configure SSHd to allow you to delete and recreate those sockets | - Disable systemd stuff which creates (unused) gpg sockets and/or configure SSHd to allow you to delete and recreate those sockets | ||
+ | |||
+ | Gotchas to document: | ||
+ | |||
+ | Invalid ioctl for device means the GPG agent was attempting to open a TTY. The agent lives on my MacBook, but the request comes from a remote system. So the remote system' | ||
https:// | https:// |