Signing back into the Community for the first time? You'll need to reset your password to access your account.  Find out more.

Forum Discussion

senekor's avatar
senekor
New Contributor
2 years ago

Sign git commits with ssh-key while ssh'd into a server?

I have recently setup git-commit-signing with 1password, which is nice. Unfortunately, I cannot create and sign commits when I'm ssh'd into a server, since it doesn't have 1password installed. The...
SSH
rellek's avatar
rellek
Occasional Contributor
2 years ago

senekor
so here's my setup. My client machine is a MacBook. But I don't think this actually matters because the client is set up by 1Password automatically. I don't think I did anything to it.

On my client, the ~/.gitconfig looks a little like this:
```

This is Git's per-user configuration file.

[user]

Please adapt and uncomment the following lines:

    name = MyNameOn GitHub
    email = the-email-you-use-on-github@example.com
    signingkey = ssh-ed25519 <public key>

[gpg]
format = ssh
[gpg "ssh"]
program = /Applications/1Password.app/Contents/MacOS/op-ssh-sign
[commit]
gpgsign = true
```

My dev box (I ssh into) has the following ~/.gitconfig:
```

This is Git's per-user configuration file.

[user]

Please adapt and uncomment the following lines:

    name = MyNameOn GitHub
    email = the-email-you-use-on-github@example.com
    signingkey = ssh-ed25519 <public key>

[gpg]
format = ssh
[commit]
gpgsign = true
```

Except the program = /..... it is essentially the same as on my client. I copy-pasted the lines.

The final step (I believe) was to adjust the ssh config on my client. ~/.ssh/config:

Host localdev
ForwardAgent yes

localdev being the hostname of my dev box.

You should try ssh -T git@github.com first on your client and then on your remote host to see if you are greeted by their server.
Client:

macbook:~ rellek$ ssh -T git@github.com
Hi <user>! You've successfully authenticated, but GitHub does not provide shell access.
macbook:~ rellek$

Remote host:

root@localdev:~# ssh -T git@github.com
Hi <user>! You've successfully authenticated, but GitHub does not provide shell access.
root@localdev:~#

You #do# #not# #need# 1Password on your remove host. At all. This is what ForwardAgent yes does for you. If it is unsure how to connect itself to a host, it gives your local machine a shot and asks there. And on your local machine, 1Password kicks in and (hopefully) has the correct answer.

HOWEVER. Please be aware that the admin of the remote host #can# disallow agent forwarding. In which case it would not work (obviously). On Linux, that would be the option AllowAgentForwarding in /etc/ssh/sshd_config. (If it is commented, i.e. has a # in front of it), it means that it uses the default value (which is yes). Commented options are in the sshd_config file for your information to show you what the defaults are.

Anyway if the ssh -T git@github.com works on both your client and the remote host, that means that github (using ssh) works as well.

Hope that helps you.