docs: Nitrokey ssh workaround

2024-11-21 22:03:19 +01:00 · 2023-09-01 17:43:25 +02:00 · 2023-09-01 17:43:25 +02:00 · 2d63f4990a
commit 2d63f4990a
parent 5033a9421a
1 changed files with 12 additions and 1 deletions
--- a/yodaTab/nitrokey-ssh-gpg.nix
+++ b/yodaTab/nitrokey-ssh-gpg.nix
@ -40,12 +40,17 @@
  #=> USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
  #=> yoda        2752  0.0  0.0 444812  3040 ?        SLsl 16:09   0:00 /nix/store/lvsbmqy4dmlri22145hbr6799hgbnpnf-gnupg-2.4.0/bin/gpg-agent --supervised --pinentry-program /nix/store/8cvidvpwnwyxixlhqfaa5jlfndh2vir5-pinentry-1.2.1-curses/bin/pinentry

-  # TESTING: Do all of this in one shell!
+  # NITROKEY SSH WORKAROUND (I): Do all of this in one shell!
  # CREDITS: https://unix.stackexchange.com/a/250045/315162
  #
+  # BEFORE: SSH_AUTH_SOCK=/run/user/1000/keyring/ssh
+  # AFTER:  SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent.ssh
+  #
  # systemctl --user stop gpg-agent
  # systemctl --user stop gpg-agent.socket
  # systemctl --user stop gpg-agent-ssh.socket
+  # ps -aux | grep -v grep | grep gpg-agent
+  # => NONE
  # eval $(gpg-agent --daemon --pinentry-program /nix/store/8cvidvpwnwyxixlhqfaa5jlfndh2vir5-pinentry-1.2.1-curses/bin/pinentry --enable-ssh-support --sh)
  # echo $SSH_AUTH_SOCK
  #=> /run/user/1000/gnupg/S.gpg-agent.ssh
@ -54,6 +59,12 @@
  # ssh nas
  #=> Works!

+  # NITROKEY SSH WORKAROUND (II)
+  #
+  # export SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent.ssh
+  # ssh nas
+  #=> Works!
+
  services.udev.packages = [ pkgs.nitrokey-udev-rules ];
  programs = {
    ssh.startAgent = false;