Using a GPG key as ssh key: ssh socket & coments on "rsa" keys.

Pablo Olmos de Aguilera C. pablo at
Sat Dec 27 06:22:46 CET 2014

I've read about using a GPG key as SSH key, but somehow I can't
implement it correctly, I have been following the steps outlined in this
post from 2012[1].

Here's the steps I have been following:

1. Create a new subkey with authentication capabilities:

sub  rsa4096/989A8388
     created: 2014-12-19  expires: 2015-12-19  usage: A

2. Find keygrip:

$ gpg --with-keygrip -k pablo
sub   rsa4096/989A8388 2014-12-19 [expires: 2015-12-19]
      Keygrip = 5541F31ADF830A61126C8F0167A506F9ABF2D324

3. Add the keygrip to sshcontrol

echo '5541F31ADF830A61126C8F0167A506F9ABF2D324 0' >>

This works okay, though, sometimes the SSH_AUTH_LOCK is lost. As a
workaround I'm exporting the default location:

export SSH_AUTH_SOCK=/home/pablo/.config/gnupg/S.gpg-agent.ssh

But I guess something is happening.

Also, when listing keys, with ssh-add -l:

4096 11:22:33:44:55:66:77:88:99..... (none) (RSA)

The keys (obviously?) doesn't have any comment, which makes a bit hard
to manage (when I copy them with ssh-add -L to the desired host, I write
a comment in the `.ssh/authorized_keys` file, but I imagine there that
it should be a more straightforward way.


PS.- Please cc me, since I'm not subscribed to the list.

Pablo Olmos de Aguilera C.

More information about the Gnupg-users mailing list