Using gpg for ssh access
dgouttegattat at incenp.org
Wed Apr 6 12:48:40 CEST 2016
On 04/06/2016 09:38 AM, CANNON NATHANIEL CIOTA wrote:
> Thanks for the info. Today I had chance to try this out, still having
> trouble using ssh with gpg. Can you please clarify what steps are to be
> used on server side and steps on client side? My current scenario, both
> server and client are linux command line interface only. My smartcard
> has a subkey for use with authentication.
Then if GPG Agent is up and running and configured to act as a SSH
agent, it should automatically detect the authentication subkey and make
it available to SSH clients.
First, could you please tell us which version of GnuPG you are using?
Most importantly, we need to know if you're using 2.0 or 2.1.
Then, check whether SSH support is enabled in GPG Agent. You can use the
gpg-connect-agent "GETINFO ssh_socket_name" /bye
which should print the path to the SSH socket if SSH support is enabled,
or give you an error message if it is not.
If SSH support is not enabled, enable it by adding the following line:
in the configuration for GPG Agent (~/.gnupg/gpg-agent.conf, you may
need to create that file if it does not already exist), then kill the agent:
gpgconf --kill gpg-agent
and re-run the first command again.
Once you have confirmed that SSH support is available from the agent,
check the value of the SSH_AUTH_SOCK environment variable. That variable
must point to the agent's SSH socket (as returned by the GETINFO command
above) in order for SSH clients to know how to contact the agent.
Then, insert your card into your card reader and run `ssh-add -L`. If
everything went fine, that command should print the public part of your
authentication subkey, in a format suitable for inclusion into an
authorized_keys file on your server.
If something did *not* go fine, please report any error message.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 455 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users