GPG key to authenticate to SSH?
Jeroen Budts
jeroen at budts.be
Thu Aug 2 14:34:58 CEST 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 07/30/2012 11:50 AM, Werner Koch wrote:
> On Sun, 29 Jul 2012 21:39, jeroen at budts.be said:
>
>> enable a GPG key for SSH with gpg-agent 2.1. What I do not yet
>> understand is how would add your public key to the
>> authorized_keys file on the server? Wouldn't the
>> gpgkey2ssh-script still be needed for
>
> ssh-add -L
>
> (capital L) prints the public key as retrieved from gpg-agent.
>
Aha ok. I now see that I must have missed that in your previous mail.
>> Oh and one other small question: what exactly is a 'keygrip'?
>> Why
>
> That is a protocol neutral way to identify a public key. It is a
> hash over the actual public key parameters. It is GnuPG specific
> but for example, pkcs#15 uses a similar technique. To compute it,
> you should use the respective Libgcrypt function.
>
Thank you for this explanation.
I have now two working setups to use my PGP key for SSH
authentication. One where I use gpg-agent and one where I use GNOME
keyring.
Should it be useful for anybody, I have written a blogpost to
summarize all this:
http://budts.be/weblog/2012/08/ssh-authentication-with-your-pgp-key
I want to thank everybody for the help in gettings this working!
regards,
Jeroen
- --
website: http://budts.be/ - twitter: @teranex
___________________________________
Registered Linux User #482240 - GetFirefox.com - ubuntu.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
iQIcBAEBCAAGBQJQGnPxAAoJEBrqc/v4ufiMG/gP/1yobT/lp/p6R0Ju7QhPuyJf
ynXQoItpqrb/+beb6ITdKRHb+WHF+q/bUICi89GzT/teRGXyQzji7Umy0oi5Y9GZ
PtR7qPhlkBBO2/tM9cUU42OthE2Ump6DPsf4qXaTlS/HV1dhK2J+9gqLo7if2Vad
bqHM5IwzJ7f3vGYZ2gdclOduaOhzCMz0sM4Lfwl3UX0lZLVaHVhlzFK8Tgv6mJsA
/6U/A4t3HjUb9f+Hu818gxKcTzMXPpZTNgsBtsIKX35Wlm2B4vgzM3RWgqF1Jjiw
mVqmbpyT+EiJB9VwS5hqA2M32+0sAF0YCC3dPgKuTnoUL+A/waMqaN/RowCePoEj
aP4iRZPTr8xtFL8HjsQvl3Wbpe9EwQLhYUUULwPO7c5n538bky3WtWKRKi62+1aE
tTlrb0YJZ/NCbFKoB7jnfm+75vQazoSDbP0RhYcjomBksR3H0RvgJVBFcpKo/qV/
T/1Q4eKbNZiiTCQ2Foew/DiWb/usvjWtISsKg6GSPIVKpV5A41AqQC3QJAA1y69j
3TeeI8WI4DprA028bN3iJ3lqaeB7w7XCEuhV6mLh420d9fmeo7WcNvGsKirkO86I
8oMQNkgXrJ6cOFZKwRIjHVIQKITtdDRcMLZGvA7CsX0Tho11VskL0QCZHpMBeG00
eNpQCtzisdSBHCVjal32
=p4Tb
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list