Question about authentication subkeys and SSH

Daniel Kahn Gillmor dkg at
Wed Jul 22 22:12:34 CEST 2009

On 07/22/2009 03:59 PM, James P. Howard, II wrote:
> I have created a 2048-bit RSA subkey that is authentication only.  I'd
> like to use this with SSH.  A bit of Googling suggests this cannot be
> used directly unless it is on a smart card, but it isn't clear.  Have I
> correctly interpreted this?

You can use such a subkey without a smartcard by using software provided
by the monkeysphere project:

Assuming this is the only authentication-capable subkey on your only gpg
secret key, you'd simply do:

 monkeysphere subkey-to-ssh-agent

which would load the key into the agent for use.  You can pass
additional parameters to ssh-add at the end of the argument list.  For
example, if you want to ensure that the key is only held by the agent
for an hour, do:

 monkeysphere subkey-to-ssh-agent -t 3600

hope this helps,

	--dkg (one of the monkeysphere developers)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090722/8a6177d0/attachment.pgp>

More information about the Gnupg-users mailing list