SSH Key Forwarding and local GPG keys
When locally on a machine GPG keys, particularly keys from smart cards or sticks, like OpenPGP Card, Nitrokey or Yubikey, are used, there is certainly something like
SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent.ssh export SSH_AUTH_SOCK
in the profile. This setting takes care to connect ssh for key handling with the gpg-agent.
If you also connect to such a machine using ssh and use agent forwarding to use the key (from a card or stick) from the client machine (the one you are sitting in front of), this setting hurts, since in that case the setting injected by the ssh server needs to be used.
So, it is required to modify the above lines to
if [ "$SSH_CONNECTION" = "" ]; then SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent.ssh export SSH_AUTH_SOCK fi
Now, if you login locally, the variable SSH_CONNECTION
is not set and the additional setting will be applied. If you login via ssh, SSH_CONNECTION
is set and the variable SSH_AUTH_SOCK
will not be changed.