In ssh_config
:
Host myremotehost
RemoteForward /home/user/.gnupg/S.gpg-agent /home/user/.gnupg/S.gpg-agent
StreamLocalBindUnlink yes
ForwardX11 no
This will provide a working gpg-agent socket to the remote host.
$ echo foo > foo
$ gpg --clearsign foo
gpg: signing failed: No such file or directory
gpg: foo: clearsign failed: No such file or directory
If ssh-agent
was started on a TTY, and that TTY is still open, pinentry-curses
will be started there instead,
but input would likely not work as intended.
$ echo foo > foo
$ DISPLAY=:0 gpg --clearsign foo
[pinentry-qt is started on the local host.]
Note: you don't need X11 forwarding, as explicited from the config.
It appears scd
is receiving environment data from [remote]gpg
and using that to decide what to start.
# gpg-agent.conf
keep-display