Using a GPG key as ssh key: ssh socket & coments on "rsa" keys.
Pablo Olmos de Aguilera C.
pablo at odac.co
Sat Dec 27 06:22:46 CET 2014
I've read about using a GPG key as SSH key, but somehow I can't
implement it correctly, I have been following the steps outlined in this
post from 2012[1].
Here's the steps I have been following:
1. Create a new subkey with authentication capabilities:
sub rsa4096/989A8388
created: 2014-12-19 expires: 2015-12-19 usage: A
2. Find keygrip:
$ gpg --with-keygrip -k pablo
sub rsa4096/989A8388 2014-12-19 [expires: 2015-12-19]
Keygrip = 5541F31ADF830A61126C8F0167A506F9ABF2D324
3. Add the keygrip to sshcontrol
echo '5541F31ADF830A61126C8F0167A506F9ABF2D324 0' >>
.config/gnupg/sshcontrol
This works okay, though, sometimes the SSH_AUTH_LOCK is lost. As a
workaround I'm exporting the default location:
export SSH_AUTH_SOCK=/home/pablo/.config/gnupg/S.gpg-agent.ssh
But I guess something is happening.
Also, when listing keys, with ssh-add -l:
4096 11:22:33:44:55:66:77:88:99..... (none) (RSA)
The keys (obviously?) doesn't have any comment, which makes a bit hard
to manage (when I copy them with ssh-add -L to the desired host, I write
a comment in the `.ssh/authorized_keys` file, but I imagine there that
it should be a more straightforward way.
[1]: http://lists.gnupg.org/pipermail/gnupg-users/2012-July/045059.html
PS.- Please cc me, since I'm not subscribed to the list.
Regards
--
Pablo Olmos de Aguilera C.
More information about the Gnupg-users
mailing list