use gpg-agent for ssh login

Peter Lebbing peter at
Fri May 4 10:41:21 CEST 2018

On 04/05/18 08:58, Dmitrii Tcvetkov wrote:
> gpg-agent will list identity only if key has Authenticate capability
> and it's keygrip is listed in ${HOME}/.gnupg/sshcontrol

That's incorrect. If you insert an OpenPGP smartcard with a key in the
Authenticate slot, it will make that key available to the SSH agent
system. That is regardless of listing in sshcontrol.

The difference is that if you list it in sshcontrol, and a server
indicates acceptance of that key, the pinentry will prompt you to insert
that smartcard for authentication even when the smartcard is not
inserted. Whereas if it is not in sshcontrol and not currently inserted
either, the key will never be offered to the server in the first place.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-users mailing list