# echo "$SSH_AUTH_SOCK" /tmp/ssh-j3OzPSWatFUl/agent.2395 Host *.example.com RemoteForward /home/User/.gnupg/S.gpg-agent /home/User/.gnupg/S.gpg-agent.extra extra-socket /home/User/.gnupg/S.gpg-agent.extra # dnf install p11-kit p11-kit-server gnutls-utils libp11 # p11tool --list-tokens [...] Token 3: URL:pkcs11:model=PKCS%2315;manufacturer=EXAMPLE%20COM;serial=10104303570;token=Signature%20PIN%11%2233%20PKI%11Card%00 [...] # p11-kit server --provider /usr/lib64/pkcs11/opensc-pkcs11.so"pkcs11:model=PKCS%2315;manufacturer=EXAMPLE%20COM;serial=10104303570;token=Signature%20PIN%11%2233 PKI%11Card%00" P11_KIT_SERVER_ADDRESS=unix:path=/run/user/1000/p11-kit/pkcs11-21564 P11_KIT_SERVER_PID=21564 # ssh tscherf@tiffy systemd-path user-runtime /run/user/1000 # systemctl --user enable --now p11-kit-client.service # ls -ld /run/user/1000/p11-kit drwxr-xr-x. 2 tscherf tscherf 60 Mar 5 11:28 /run/user/1000/p11-kit # ssh -R /run/user/1000/p11-kit/pkcs11:/run/user/1000/p11-kit/pkcs11-21564 tscherf@tiffy # ll /run/user/1000/p11-kit/ total 0 srw------- 1 tscherf tscherf 0 Mar 5 11:36 pkcs11 # p11tool --provider /usr/lib64/pkcs11/p11-kit-client.so--list-tokens Token 0: URL:pkcs11:model=PKCS%2315;manufacturer=EXAMPLE%20COM;serial=10104303570;token=Signature%20PIN%11%2233%20PKI%11Card%00 [...] # mkdir .config/pkcs11/modules/ # echo "module:/usr/lib64/pkcs11/p11-kit-client.so" >.config/pkcs11/modules/p11-kit-client.module # modutil -dbdir /etc/pki/nssdb -add p11-kit-client -libfile /usr/lib64/pkcs11/p11-kit-client.so # modutil -dbdir /etc/pki/nssdb -list [...] 3. p11-kit-client library name: /usr/lib64/pkcs11/p11-kit-client.so uri: pkcs11:library-manufacturer=OpenSC%20Project;library-description=OpenSC%20smartcard%20framework;library-version=0.17 slot: 1 slot attached status: loaded # ssh -I /usr/lib64/pkcs11/p11-kit-client.so tscherf@kermit