Yubikey, GnuPG 2.1 Modern, and SSH on OS X

Simon Josefsson simon at josefsson.org
Fri Jan 15 21:30:36 CET 2016

> > Why do you add the keygrip to the sshcontrol file?  I have never
> > needed that step.  For me it uses the right key directly.  Is it
> > because you have another (revoked) A subkey?  It sounds somewhat of
> > sub-optimal behaviour for gpg-agent's SSH support to use a revoked
> > key instead of the non-revoked key.
> I do have a revoked Authentication sub-key on my primary key, but I
> no longer use it and that is also not why I added the keygrip entry to
> sshcontrol file.  I added it at the suggestion of Werner in this post:
> https://lists.gnupg.org/pipermail/gnupg-users/2012-July/045059.html
> And these blog posts:
> http://incenp.org/notes/2015/gnupg-for-ssh-authentication.html
> http://budts.be/weblog/2012/08/ssh-authentication-with-your-pgp-key
> Is this suggestion outdated?

I don't recall ever using it, and I've been using SSH with smartcards
through gpg-agent for over 10 years.  What happens if you drop that
part?  For me it has always selected the right subkey automatically.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signatur
URL: </pipermail/attachments/20160115/149bc655/attachment.sig>

More information about the Gnupg-users mailing list