mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-30 16:17:02 +01:00
2005-01-27 Moritz Schulte <moritz@g10code.com>
* gpg-agent.texi: Document ssh-agent emulation layer.
This commit is contained in:
Moritz Schulte
parent
0cb7a855ab
commit
8bcf546b14
@ -1,3 +1,7 @@
|
||||
2005-01-27 Moritz Schulte <moritz@g10code.com>
|
||||
|
||||
* gpg-agent.texi: Document ssh-agent emulation layer.
|
||||
|
||||
2005-01-04 Werner Koch <wk@g10code.com>
|
||||
|
||||
* gnupg.texi: Updated to use @copying.
|
||||
|
||||
@ -326,6 +326,37 @@ Ignore requests to change change the current @sc{tty} respective the X
|
||||
window system's @code{DISPLAY} variable. This is useful to lock the
|
||||
pinentry to pop up at the @sc{tty} or display you started the agent.
|
||||
|
||||
@item --ssh-support
|
||||
@itemx --ssh-support
|
||||
@opindex ssh-support
|
||||
@opindex ssh
|
||||
|
||||
Enable emulation of the OpenSSH Agent protocol.
|
||||
|
||||
In this mode of operation, the agent does not only implement the
|
||||
gpg-agent protocol, but also the agent protocol used by OpenSSH
|
||||
(through a seperate socket). Consequently, it should possible to use
|
||||
the gpg-agent as a drop-in replacement for the well known ssh-agent.
|
||||
|
||||
SSH Keys, which are to be used through the agent, need to be added to
|
||||
the gpg-agent initially through the ssh-add utility. When a key is
|
||||
added, ssh-add will ask for the password of the provided key file and
|
||||
send the unprotected key material to the agent; this causes the
|
||||
gpg-agent to ask for a passphrase, which is to be used for encrypting
|
||||
the newly received key and storing it in a gpg-agent specific
|
||||
directory.
|
||||
|
||||
Once, a key has been added to the gpg-agent this way, the gpg-agent
|
||||
will be ready to use the key.
|
||||
|
||||
Note: in case the gpg-agent receives a signature request, the user
|
||||
might need to be prompted for a passphrased, which is necessary for
|
||||
decrypting the stored key. Since the ssh-agent protocol does not
|
||||
contain a mechanism for telling the agent on which display/terminal it
|
||||
is running, gpg-agent's --ssh-support switch implies --keep-display
|
||||
and --keep-tty. This strategy causes the gpg-agent to open a pinentry
|
||||
on the display or on the terminal, on which it (the gpg-agent) was
|
||||
started.
|
||||
|
||||
@end table
|
||||
|
||||
@ -396,6 +427,9 @@ $ eval `gpg-agent --daemon`
|
||||
@node Agent Protocol
|
||||
@section Agent's Assuan Protocol
|
||||
|
||||
Note: this section does only document the protocol, which is used by
|
||||
GnuPG components; it does not deal with the ssh-agent protocol.
|
||||
|
||||
The @command{gpg-agent} should be started by the login shell and set an
|
||||
environment variable to tell clients about the socket to be used.
|
||||
Clients should deny to access an agent with a socket name which does
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user