GPG key to authenticate to SSH?
Marco Steinacher
marco+gnupg at websource.ch
Wed Jul 25 13:49:35 CEST 2012
On 25.07.2012 12:04, Werner Koch wrote:
> On Tue, 24 Jul 2012 22:04, jeroen at budts.be said:
>> What I really wanted to accomplish here is to use my GPG
>> authentication subkey for SSH authentication, without having to use an
>> SSH-key at all. But it is still not clear to me how this can be
>> accomplished, if possible at all?
>
> With 2.1-betaX it is easy to do. With older version you need probably
> need to use gpgkey2ssh. But the latter is not weel documented and
> frankly I have not used it at all.
>
> In case you can use 2.1-beta, here what I would do:
>
> $ gpg2 --with-keygrip -k 1E42B367
> pub 2048D/1E42B367 2007-12-31 [expires: 2018-12-31]
> Keygrip = 44B9E7E287B11C0E033A1A93ECCFDBC6AF7CCFAE
> uid Werner Koch <wk at gnupg.org>
> sub 1024D/77F95F95 2011-11-02
> Keygrip = D11C82133CAADCA42A00074D5EE92023B85110DF
> sub 2048R/C193565B 2011-11-07 [expires: 2013-12-31]
> Keygrip = 52A831E2CCCD992BCA0D3082B1D945DA5451BE50
>
> Now assuming 77F95F95 would be an authenticaion key, you run a
>
> echo "D11C82133CAADCA42A00074D5EE92023B85110DF 0" >>~/.gnupg/sshcontrol
>
> and you are done.
I think 'monkeysphere subkey-to-ssh-agent' will do the same with GnuPG
versions before 2.1. See
http://lists.gnupg.org/pipermail/gnupg-users/2009-July/036946.html
It will extract the keygrip of your authentication subkey and add it to
sshcontrol. Then you can use 'ssh-add -L' to get the public part of your
auth key and add it to the .authorized_keys file on your server.
HTH
Marco
--
OpenPGP Key ID: 0x62937F7F
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20120725/5fc516df/attachment.pgp>
More information about the Gnupg-users
mailing list