GPG key to authenticate to SSH?
Jeroen Budts
jeroen at budts.be
Sun Jul 29 21:39:08 CEST 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 07/25/2012 12:04 PM, Werner Koch wrote:
> On Tue, 24 Jul 2012 22:04, jeroen at budts.be said:
>
>> apparently they didn't work. Now I completely disabled 'Launch
>> GNOME services on startup' in XFCE so gnome-keyring is not
>> started anymore. Now I get the correct output from the above
>> command.
>
> Please complain on the xfce and gnome lists and tell them they
> should stop hijacking gpg-agent - at least by default.
In fact I think for most users their ssh-agent implementation is
rather nice. It completely removes the need to manually use ssh-add
and just makes it work out-of-the-box. That they also implement
gpg-agent similarly seems logical to give the user the exact same
user-experience.
Under XFCE the GNOME services are disabled by default, but comming
from GNOME enabled them when I switched to XFCE (running away from
GNOME 3)
>> What I really wanted to accomplish here is to use my GPG
>> authentication subkey for SSH authentication, without having to
>> use an SSH-key at all. But it is still not clear to me how this
>> can be accomplished, if possible at all?
>
> With 2.1-betaX it is easy to do. With older version you need
> probably need to use gpgkey2ssh. But the latter is not weel
> documented and frankly I have not used it at all.
That seems very easy and interesting indeed. I understand now how to
enable a GPG key for SSH with gpg-agent 2.1. What I do not yet
understand is how would add your public key to the authorized_keys
file on the server? Wouldn't the gpgkey2ssh-script still be needed for
this? Or can gnupg output the public key in the correct format?
Oh and one other small question: what exactly is a 'keygrip'? Why
aren't the regular key-ids used for this?
thanks for your help!
Jeroen
- --
website: http://budts.be/ - twitter: @teranex
___________________________________
Registered Linux User #482240 - GetFirefox.com - ubuntu.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
iQIcBAEBCAAGBQJQFZFXAAoJEBrqc/v4ufiMBSkP/ieC0ytn7kvxhGMCMeMwSssq
owDtnnd/DoVEtl60XlYdmdgHeVk3Mqr3cWRnsskrF8S0j19m39AD/3kzoA9bzkvs
vnHz8rQtePvu6R+puoAaMNXFgFqeKVn5wXuJgIpgwcF3WTW2VRmPhfSQrkvY7Khv
IM2zZi0oU3RnzuS8tcZizvMHNxYmaB0LUcus5XHEtUfCsSl1ldBemVGCIVrPtqd9
VJfqPAtaD8N+/ZGPkY//OapetfCKZ7gc36LeulvMXwdn7XbIA1NQVEGWyO4C8I5I
MKqG75XmClwyGaDJw9mdOMKFYTcQ82OeHYQQq+TN6SQRsODaGAFjvR/W/XhIkkOy
Yss+Y6n1WGx4zS+RNpAck+zLArcUTNLtiE23hlJpNX0ev4VjdBIf/G4+y8Eg+heA
84omR7PV7+NUZTTs36ISwfWGkr6fTrHeQDrRj3esrO1caxc6CZJwPvFVMPeC+SOd
2Fk9/Ro85yY2/2wApkowUqseggTUbGfQp0FYDsFxPyEmUH2kP67iy/zrxyUS2IJi
l45+JrFbqfMiE7JxrBgYtklpcnI4cF2AQGFk415n5lo6kkkXAfSBCBhDwUn7O2Cr
h30DVICZQzDcIy/FreDmxBLExWfgbiktCqtZSzOM4tI3PkSW7pk1JcF3PfbAvytA
4+/ZkIES6iPpeyobJGEU
=FC+u
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list