# echo "$SSH_AUTH_SOCK"
/tmp/ssh-j3OzPSWatFUl/agent.2395


Host *.example.com
RemoteForward /home/User/.gnupg/S.gpg-agent /home/User/.gnupg/S.gpg-agent.extra


extra-socket /home/User/.gnupg/S.gpg-agent.extra


# dnf install p11-kit p11-kit-server gnutls-utils libp11


# p11tool --list-tokens
[...]
Token 3:  URL:pkcs11:model=PKCS%2315;manufacturer=EXAMPLE%20COM;serial=10104303570;token=Signature%20PIN%11%2233%20PKI%11Card%00
[...]


# p11-kit server --provider /usr/lib64/pkcs11/opensc-pkcs11.so"pkcs11:model=PKCS%2315;manufacturer=EXAMPLE%20COM;serial=10104303570;token=Signature%20PIN%11%2233 PKI%11Card%00"
P11_KIT_SERVER_ADDRESS=unix:path=/run/user/1000/p11-kit/pkcs11-21564
P11_KIT_SERVER_PID=21564


# ssh tscherf@tiffy systemd-path user-runtime
/run/user/1000


# systemctl --user enable --now p11-kit-client.service


# ls -ld /run/user/1000/p11-kit
drwxr-xr-x. 2 tscherf tscherf 60 Mar 5 11:28 /run/user/1000/p11-kit


# ssh -R /run/user/1000/p11-kit/pkcs11:/run/user/1000/p11-kit/pkcs11-21564 tscherf@tiffy


# ll /run/user/1000/p11-kit/
total 0
srw------- 1 tscherf tscherf 0 Mar 5 11:36 pkcs11


# p11tool --provider /usr/lib64/pkcs11/p11-kit-client.so--list-tokens
Token 0:
URL:pkcs11:model=PKCS%2315;manufacturer=EXAMPLE%20COM;serial=10104303570;token=Signature%20PIN%11%2233%20PKI%11Card%00
[...]


# mkdir .config/pkcs11/modules/
# echo "module:/usr/lib64/pkcs11/p11-kit-client.so" >.config/pkcs11/modules/p11-kit-client.module


# modutil -dbdir /etc/pki/nssdb -add p11-kit-client -libfile /usr/lib64/pkcs11/p11-kit-client.so


# modutil -dbdir /etc/pki/nssdb -list
[...]
3. p11-kit-client library name: /usr/lib64/pkcs11/p11-kit-client.so
   uri: pkcs11:library-manufacturer=OpenSC%20Project;library-description=OpenSC%20smartcard%20framework;library-version=0.17
  slot: 1 slot attached
status: loaded


# ssh -I /usr/lib64/pkcs11/p11-kit-client.so tscherf@kermit