Yubikey, GnuPG 2.1 Modern, and SSH on OS X
Simon Josefsson
simon at josefsson.org
Fri Jan 15 21:30:36 CET 2016
> > Why do you add the keygrip to the sshcontrol file? I have never
> > needed that step. For me it uses the right key directly. Is it
> > because you have another (revoked) A subkey? It sounds somewhat of
> > sub-optimal behaviour for gpg-agent's SSH support to use a revoked
> > key instead of the non-revoked key.
>
> I do have a revoked Authentication sub-key on my primary key, but I
> no longer use it and that is also not why I added the keygrip entry to
> sshcontrol file. I added it at the suggestion of Werner in this post:
>
> https://lists.gnupg.org/pipermail/gnupg-users/2012-July/045059.html
>
> And these blog posts:
> http://incenp.org/notes/2015/gnupg-for-ssh-authentication.html
> http://budts.be/weblog/2012/08/ssh-authentication-with-your-pgp-key
>
> Is this suggestion outdated?
I don't recall ever using it, and I've been using SSH with smartcards
through gpg-agent for over 10 years. What happens if you drop that
part? For me it has always selected the right subkey automatically.
/Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signatur
URL: </pipermail/attachments/20160115/149bc655/attachment.sig>
More information about the Gnupg-users
mailing list