GPG key to authenticate to SSH?
jeroen at budts.be
Sun Jul 29 21:39:08 CEST 2012
-----BEGIN PGP SIGNED MESSAGE-----
On 07/25/2012 12:04 PM, Werner Koch wrote:
> On Tue, 24 Jul 2012 22:04, jeroen at budts.be said:
>> apparently they didn't work. Now I completely disabled 'Launch
>> GNOME services on startup' in XFCE so gnome-keyring is not
>> started anymore. Now I get the correct output from the above
> Please complain on the xfce and gnome lists and tell them they
> should stop hijacking gpg-agent - at least by default.
In fact I think for most users their ssh-agent implementation is
rather nice. It completely removes the need to manually use ssh-add
and just makes it work out-of-the-box. That they also implement
gpg-agent similarly seems logical to give the user the exact same
Under XFCE the GNOME services are disabled by default, but comming
from GNOME enabled them when I switched to XFCE (running away from
>> What I really wanted to accomplish here is to use my GPG
>> authentication subkey for SSH authentication, without having to
>> use an SSH-key at all. But it is still not clear to me how this
>> can be accomplished, if possible at all?
> With 2.1-betaX it is easy to do. With older version you need
> probably need to use gpgkey2ssh. But the latter is not weel
> documented and frankly I have not used it at all.
That seems very easy and interesting indeed. I understand now how to
enable a GPG key for SSH with gpg-agent 2.1. What I do not yet
understand is how would add your public key to the authorized_keys
file on the server? Wouldn't the gpgkey2ssh-script still be needed for
this? Or can gnupg output the public key in the correct format?
Oh and one other small question: what exactly is a 'keygrip'? Why
aren't the regular key-ids used for this?
thanks for your help!
website: http://budts.be/ - twitter: @teranex
Registered Linux User #482240 - GetFirefox.com - ubuntu.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Gnupg-users