Question about authentication subkeys and SSH

James P. Howard, II jh at
Wed Jul 22 23:50:04 CEST 2009

On Wed Jul 22 2009 16:12:34 GMT-0400 (EDT) , Daniel Kahn Gillmor
<dkg at> wrote:

> On 07/22/2009 03:59 PM, James P. Howard, II wrote:
>> I have created a 2048-bit RSA subkey that is authentication only.
>> I'd like to use this with SSH.  A bit of Googling suggests this
>> cannot be used directly unless it is on a smart card, but it isn't
>> clear.  Have I correctly interpreted this?
> You can use such a subkey without a smartcard by using software
> provided by the monkeysphere project:
> Assuming this is the only authentication-capable subkey on your only
> gpg secret key, you'd simply do:
> monkeysphere subkey-to-ssh-agent
> which would load the key into the agent for use.  You can pass 
> additional parameters to ssh-add at the end of the argument list.
> For example, if you want to ensure that the key is only held by the
> agent for an hour, do:
> monkeysphere subkey-to-ssh-agent -t 3600

That looks like the missing link I was searching for!

Thank you.

James P. Howard, II, MPA
jh at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090722/09902a3d/attachment.pgp>

More information about the Gnupg-users mailing list