gpgkey2ssh
Aaron Toponce
aaron.toponce at gmail.com
Fri Oct 22 03:58:31 CEST 2010
First, there is _ZERO_ documentation for this binary. No manual, no info
page, nothing under /usr/share/doc/, segfaults pasing "-h" or "--help".
Short of digging through the source, this is unacceptable.
Second, and probably as a result, I can't get this working for the life
of me. Correct me if I'm wrong, but I should be able to add this
identity to the running SSH agent through "ssh-add", no? Here's the
steps I've taken thus far, and still failing (SSH agent is already running):
$ echo $SSH_AUTH_SOCK
/tmp/keyring-tikvU1/ssh
$ gpgkey2ssh 8086060F > /tmp/gpg-ssh-key.txt
$ gpg --armor --export-secret-keys 8086060F > /tmp/gpg-private-ssh.txt
$ ssh-add /tmp/gpg-private-ssh.txt
Enter passphrase for /tmp/gpg-private-ssh.txt
At this point, I would expect the passphrase to be the private
passphrase that is protecting my private GPG key, no? Yet, it doesn't
take. At least, this is the way you would do it for OpenSSH keys. You
would add the private key to your running SSH agent.
However, let's go a different direction. Rather than dealing with my GPG
private key, let's just add the /tmp/gpg-ssh-key.txt (the public key) to
the ~/.ssh/authorized_keys file on the remote server, and see what happens:
$ ssh-copy-id -i /tmp/gpg-ssh-key.txt user at server.tld
/usr/bin/ssh-copy-id: ERROR: No identities found
Of course it's not found, "ssh-add -l" doesn't show it listed, because
it hasn't been added to the agent. So, I get to copy it manually. So, I
do that.
Now, instead of using the SSH agent, what if I used the GPG agent
instead? So, I add "enable-ssh-support" to my ~/.gnupg/gpg-agent.conf,
and launch the agent:
$ gpg-agent --daemon
$ ssh user at server.tld
Password:
Nope, didn't add the key to the running agent. Now, I don't see a
"gpg-add", so I'm not entirely sure how to add my GPG identity to the
GPG agent, and I'm not entirely sure how the OpenSSH client will know
that it needs to find the identity in the GPG agent rather than the SSH
agent.
So, as you can see, I'm probably a bit confused. Can't blame me really,
due to the lack of documentation. The only thing I have to go off of is
a blog post:
http://goo.gl/wqAg and http://goo.gl/HA8q
So, help?
--
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o o o o . o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 591 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20101021/71e6fca0/attachment.pgp>
More information about the Gnupg-users
mailing list