[OFF-TOPIC] gpg-agent, sshd and/or SELinux (was Re: Get the private portion of subkeys)

Marcio Barbado, Jr. marcio.barbado at gmail.com
Tue Apr 2 12:46:48 CEST 2024


Hi, Werner, all.

Please let me take this opportunity to ask you for trustable documentation,
or any other resource, which could help interested users like myself in
providing the gpg-agent with ssh client and daemon errands, on both fresh
and not-so-fresh OS installs. Please consider SELinux contexts if possible.

Regards,

Marcio Barbado, Jr.


On Thu, 28 Mar 2024 at 07:01 Werner Koch via Gnupg-users <
gnupg-users at gnupg.org> wrote:

> On Thu, 28 Mar 2024 08:26, Damien Cassou said:
>
> > Is that a problem? Am I missing something important? It seems this
> > causes me the troubles mentioned at [1].
>
> Your subkeys are all stored on a smartcard.  The primary key is online.
> This is as intended.  If you remove the the primary private key
> (<keygrip>.key)  You should see a '#' mark for the primary key.
>
> > My private master key is symlinked in ~/.gnupg/private-keys-v1.d:
>
> That is intended to work but has not been thoroughly tested.
>
> > [1] https://github.com/pinpox/pgp2ssh/issues/6
>
> That reminds me that we have a function export_secret_ssh_key but it
> will always fail with a not-implemented error ;-).  Noone of the core
> hackers felt a need for it.  For example I have not used anything else
> than gpg-agent based ssh access since 2005.
>
>
> Shalom-Salam,
>
>    Werner
>
>
> --
> The pioneers of a warless world are the youth that
> refuse military service.             - A. Einstein
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20240402/163d5870/attachment.html>


More information about the Gnupg-users mailing list