Help with SSH and GPG subkey for authentication
Chris Coutinho
chrisbcoutinho at gmail.com
Sat Feb 23 12:43:10 CET 2019
On Feb-22-19, swedebugia wrote:
>Hi
>
>I'm quite a beginner to gnupg.
>
>I would like to have a master key used for both encrypting documents
>and mail and a subkey of that used for SSH.
>
>Following this
>https://incenp.org/notes/2015/gnupg-for-ssh-authentication.html
>
>I first set up the keys:
>
>sec ed25519/CFCD435B280B6CD2
> created: 2019-02-22 expires: 2021-02-21 usage: SC
> trust: ultimate validity: ultimate
>ssb cv25519/4FD4A5C38C7715BB
> created: 2019-02-22 expires: 2021-02-21 usage: E
>ssb ed25519/B84BE844E27BFE21
> created: 2019-02-22 expires: 2021-02-21 usage: A
>[ultimate] (1). swedebugia <swedebugia at riseup.net>
>
>(followed these two guides:
>https://www.gniibe.org/memo/software/gpg/keygen-25519.html and
>https://www.g-loaded.eu/2010/11/01/change-expiration-date-gpg-key/)
>
>I get this after restarting my gpg-agent:
>
>$ gpg-agent --server
>OK Pleased to meet you
>
>and in another terminal:
>
>$ ssh-add -l
>The agent has no identities.
>
>My environment is this:
>
>$ env|grep SSH
>SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent.ssh
>SSH_AGENT_PID=538
>$ gpgconf --list-dirs agent-ssh-socket
>/run/user/1000/gnupg/S.gpg-agent.ssh
>
>My configs are attached.
>
>Thanks in advance!
>
>Cheers
>
>swedebugia
>
>enable-ssh-support
>7338C1836152D95BBCEFF33F45C49516CC810826
>_______________________________________________
>Gnupg-users mailing list
>Gnupg-users at gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users
What is the key that you in include in the .gnupg/sshcontrol file? On my
system, it's the authentication subkey's 'keygrip'. I'm not exactly sure
what the difference is between that and a fingerprint, but you can
determine what it is using:
$ gpg --list-secret-keys --with-keygrip
Then make sure the keygrip in 'sshcontrol' matches the keygrip of your
authentication subkey.
Cheers,
Chris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190223/533f1446/attachment.sig>
More information about the Gnupg-users
mailing list