GPG key to authenticate to SSH?

Jeroen Budts jeroen at budts.be
Sun Jul 22 21:52:37 CEST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi all!

A few days ago I started wondering whether it is possible to use my
GPG key to authenticate myself to SSH (instead of using a regular
SSH-key). (To be more correct: an Authentication subkey on my GPG key)

I started Googling and found some information which learned me that it
seems to be possible but that it is not really straight forward.
During this search I learned about (amongst others) gpg-agent with the
- --enable-ssh-support option and the gpgkey2ssh script.
It seemed to me that I would be able to use my GPG keys to
authenticate to SSH using gpg-agent. However, it did not work. (I also
used the gpgkey2ssh script on my subkey so I could add it to the
authorized_keys on the server)
After some more trying and googling, I discovered monkeysphere [1].
While using this I could get it to work, by doing `monkeysphere
subkey-to-ssh-agent`. However this seems to export the subkey as a
passwordless version to hand it over to `ssh-add`. So this would have
to be done everytime after restarting my X-session. Also it seems a
bit duplicate when I'm using gpg-agent, which already knows about my
gpg-keys, that it should export my key and then re-add it to gpg-agent
with ssh-add.
Is it somehow possible to 'automatically' use my GPG subkey for SSH
session when I'm using GPG-Agent? Or am I missing something here?

Please note that I'm using XFCE (Xubuntu) which uses Gnome-Keyring by
default so that might possibly also interfere with some of this.

[1] http://web.monkeysphere.info/getting-started-user/

Thx for any help!
Jeroen

- -- 
website: http://budts.be/ - twitter: @teranex
___________________________________
Registered Linux User #482240 - GetFirefox.com - ubuntu.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)

iQIcBAEBCAAGBQJQDFoFAAoJEBrqc/v4ufiMn4gP/3dyu3L/2Oa7gAANqAr0WlQg
cnotzD/CFhhQ14cc9qVYVQ/FaSO5nCU5GuyHhMV/vFHCyOAxOF4NpSDDXcioJnbJ
jEBI2HM2kliHQrKtx9GkWXr/YCDadmqmIWUD47R8u4fAbeQMVvbynB2TIkBf756Z
CbSZT7rBxDt+whBOzo5t6VW9FO+cAx62GQzGRILoxnx7gQeqztyNxOb1CK905FKU
n5wdxxgXL0MfvihBuU/8Fmt6MzVUS/3eWCCK74IjxALlVTdS/ezlHrk7/P/ZJ7oL
tP8+E+Xp5hVoD/iNxY3k1PbEZgqfJk7EDoTBZ9Bm9Y861vuJPZrzjJfTiCCyzkEh
SmQ/rMjFfSt49DN1B4W8/lwnDcBqVUv/s5NzF9vRUgol9goxif1GCcIdDzK3I2GY
gOzvhhmfSlT0qWI25Q4TaarBttB4xgHKhMIGl6Fq5jSzH2MUsNnIs1muNb/won9f
gQajQUq2+IPL9WV1yFmLF6d90kFRZpXm3s3s4ZVcQSfcAS4VY8zvOAk3d2tfIlEF
nPtUZ/dIr5qGsCravz8W7oKdjP15fmzXHlgpFEUM30nJzXfX5Z2E0eGOBmkQUFGn
gKeFGndTnuKlhuIQaygJoIFNZGek6MdxH7NqHxjemT4e38PtdvPzGO3vD5+iQv5d
lmqMJAlPJ0Xs7OGOzdoP
=A8Fs
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list