diff options
| author | Moritz Schulte <[email protected]> | 2005-01-26 23:15:42 +0000 |
|---|---|---|
| committer | Moritz Schulte <[email protected]> | 2005-01-26 23:15:42 +0000 |
| commit | 8bcf546b143decc021bb0adb374390230597a406 (patch) | |
| tree | 0f28b44075a2a489b1190c5545082ea51ea53639 | |
| parent | 2005-01-26 Moritz Schulte <[email protected]> (diff) | |
| download | gnupg-8bcf546b143decc021bb0adb374390230597a406.tar.gz gnupg-8bcf546b143decc021bb0adb374390230597a406.zip | |
2005-01-27 Moritz Schulte <[email protected]>
* gpg-agent.texi: Document ssh-agent emulation layer.
Diffstat (limited to '')
| -rw-r--r-- | doc/ChangeLog | 4 | ||||
| -rw-r--r-- | doc/gpg-agent.texi | 34 |
2 files changed, 38 insertions, 0 deletions
diff --git a/doc/ChangeLog b/doc/ChangeLog index 855c3ca38..fa61b0466 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,7 @@ +2005-01-27 Moritz Schulte <[email protected]> + + * gpg-agent.texi: Document ssh-agent emulation layer. + 2005-01-04 Werner Koch <[email protected]> * gnupg.texi: Updated to use @copying. diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 9d2cdfc46..01b4227c6 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -326,6 +326,37 @@ Ignore requests to change change the current @sc{tty} respective the X window system's @code{DISPLAY} variable. This is useful to lock the pinentry to pop up at the @sc{tty} or display you started the agent. +@item --ssh-support +@itemx --ssh-support +@opindex ssh-support +@opindex ssh + +Enable emulation of the OpenSSH Agent protocol. + +In this mode of operation, the agent does not only implement the +gpg-agent protocol, but also the agent protocol used by OpenSSH +(through a seperate socket). Consequently, it should possible to use +the gpg-agent as a drop-in replacement for the well known ssh-agent. + +SSH Keys, which are to be used through the agent, need to be added to +the gpg-agent initially through the ssh-add utility. When a key is +added, ssh-add will ask for the password of the provided key file and +send the unprotected key material to the agent; this causes the +gpg-agent to ask for a passphrase, which is to be used for encrypting +the newly received key and storing it in a gpg-agent specific +directory. + +Once, a key has been added to the gpg-agent this way, the gpg-agent +will be ready to use the key. + +Note: in case the gpg-agent receives a signature request, the user +might need to be prompted for a passphrased, which is necessary for +decrypting the stored key. Since the ssh-agent protocol does not +contain a mechanism for telling the agent on which display/terminal it +is running, gpg-agent's --ssh-support switch implies --keep-display +and --keep-tty. This strategy causes the gpg-agent to open a pinentry +on the display or on the terminal, on which it (the gpg-agent) was +started. @end table @@ -396,6 +427,9 @@ $ eval `gpg-agent --daemon` @node Agent Protocol @section Agent's Assuan Protocol +Note: this section does only document the protocol, which is used by +GnuPG components; it does not deal with the ssh-agent protocol. + The @command{gpg-agent} should be started by the login shell and set an environment variable to tell clients about the socket to be used. Clients should deny to access an agent with a socket name which does |