Question about authentication subkeys and SSH
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Jul 22 22:12:34 CEST 2009
On 07/22/2009 03:59 PM, James P. Howard, II wrote:
> I have created a 2048-bit RSA subkey that is authentication only. I'd
> like to use this with SSH. A bit of Googling suggests this cannot be
> used directly unless it is on a smart card, but it isn't clear. Have I
> correctly interpreted this?
You can use such a subkey without a smartcard by using software provided
by the monkeysphere project:
http://web.monkeysphere.info/
Assuming this is the only authentication-capable subkey on your only gpg
secret key, you'd simply do:
monkeysphere subkey-to-ssh-agent
which would load the key into the agent for use. You can pass
additional parameters to ssh-add at the end of the argument list. For
example, if you want to ensure that the key is only held by the agent
for an hour, do:
monkeysphere subkey-to-ssh-agent -t 3600
hope this helps,
--dkg (one of the monkeysphere developers)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090722/8a6177d0/attachment.pgp>
More information about the Gnupg-users
mailing list