Thanks for your reply, On 21/03/16 17:06, John Andersen wrote:
On 03/21/2016 09:24 AM, Edwin Aponte wrote:
Hi,
If I try to decrypt a file through an ssh connection (from Ubuntu 12.04) to OS Tumbleweed, I get:
gpg --require-secmem -d foo.gpg
gpg: AES256 encrypted data gpg: cancelled by user gpg: encrypted with 1 passphrase gpg: decryption failed: No secret key
but at no moment I am asked for the password. Previously, I just got a password request in "text format".
Has any one seen something similar?
Thanks, Edwin.
Decrypt through an ssh connection? Does that mean you establish an ssh connection to another machine and then, using a shell from that machine, you try to decrypt a file found on that machine?
yes, that's what I mean.
If your ssh session was established with agent forwarding, it wouldn't need to ask you again for the key for decryption. Agent forwarding sends key requests through your ssh session back to the key agent running on your machine, not the remote machine.
AllowAgentForwarding yes was commented on my /etc/ssh/sshd_config. I uncommented it and restarted the sshd service but I still don't have the SSH_AUTH_SOCK variable set (over ssh). If I ssh to the server and run:
echo "$SSH_AUTH_SOCK"
~> ssh-agent SSH_AUTH_SOCK=/tmp/ssh-nyBh7XOJFZOx/agent.9920; export SSH_AUTH_SOCK; SSH_AGENT_PID=9921; export SSH_AGENT_PID; echo Agent pid 9921;
https://developer.github.com/guides/using-ssh-agent-forwarding/
I don't have a lot of experience using agent forwarding, as I believe the current consensus is that there is a certain risk involved in using it. https://heipei.github.io/2015/02/26/SSH-Agent-Forwarding-considered-harmful/
Thank you, I will learn more about ProxyCommand, I did not know it before. Thanks. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org