GnuPG & OpenSSH
Srihari Vijayaraghavan
sriharivijayaraghavan at yahoo.com.au
Tue Aug 21 13:51:32 CEST 2007
--- Werner Koch <wk at gnupg.org> wrote:
> On Mon, 20 Aug 2007 14:10, sriharivijayaraghavan at yahoo.com.au said:
>
> > 1. Is it possible to have only one key pair (public & secret pref. DSA)
> that
> > can be used for both GPG & OpenSSH? (as a sys admin of some interest in
> > cryptography, this is an important question)
>
> Yes. However you want separate keys for separate tasks. Fortunately
> OpenPGP provides just that: There is a primary key for certifying other
> keys (and subkeys) and subkeys for encryption, signing and
> authentication. The authentication key may be used for SSH.
Good. Agreed it's a good idea to maintain a key per task (in fact in OpenSSH
automation side of things having a key pair per task does help a lot).
Question: when I did gpg2 --gen-keys (& ran through with the default
DSA/Elgamal keys), the 'authentication key' (that'd be suitable for SSH
authentication you're referring to) created by default? (or the DSA private
key be suitable for that purpose? I suspect so.)
Then the question is, now for the OpenSSH private key, how to extract/create
the said 'authentication key' that can be stored in ~/.ssh/id_dsa format for
SSH authentication?
(I've worked out the extraction of the SSH compatible public key from the GPG
using gpgkey2ssh tool, so ~/.ssh/id_dsa.pub is taken care of. Alas, gpg2
--list-public-keys and --list-secret-keys gives the same ID for both public &
secret keys.)
Or is there a trick involved in gpg-agent directly handling private key needed
for SSH client somehow? (by only propagating the gpgkey2ssh extracted public
key to .ssh/authorized_hosts of the remote machines)
Thanks
____________________________________________________________________________________
Get the World's number 1 free email service.
http://mail.yahoo.com.au
More information about the Gnupg-users
mailing list