gnupg as ssh-agent

Benjamin Donnachie benjamin at
Fri Jul 10 18:25:09 CEST 2009

2009/7/10 Ingo Krabbe <ingo.krabbe at>:
> I now tried to use the gpg-agent as a ssh-agent too, as I always started both
> agents anyway.  Now I wonder if I could also use my GnuPG Key as a key for a
> ssh session too, which would be quite convenient.

man gpg-agent:



    Enable emulation of the OpenSSH Agent protocol.

    In this mode of operation, the agent does not only implement the
gpg-agent protocol, but also the agent protocol used by OpenSSH
(through a separate socket). Consequently, it should be possible to
use the gpg-agent as a drop-in replacement for the well known

    SSH Keys, which are to be used through the agent, need to be added
to the gpg-agent initially through the ssh-add utility. When a key is
added, ssh-add will ask for the password of the provided key file and
send the unprotected key material to the agent; this causes the
gpg-agent to ask for a passphrase, which is to be used for encrypting
the newly received key and storing it in a gpg-agent specific

    Once a key has been added to the gpg-agent this way, the gpg-agent
will be ready to use the key.

    Note: in case the gpg-agent receives a signature request, the user
might need to be prompted for a passphrase, which is necessary for
decrypting the stored key. Since the ssh-agent protocol does not
contain a mechanism for telling the agent on which display/terminal it
is running, gpg-agent's ssh-support will use the TTY or X display
where gpg-agent has been started. To switch this display to the
current one, the following command may be used:

        echo UPDATESTARTUPTTY | gpg-connect-agent

More information about the Gnupg-users mailing list