Help with SSH and GPG subkey for authentication

Chris Coutinho chrisbcoutinho at gmail.com
Sat Feb 23 12:43:10 CET 2019


On Feb-22-19, swedebugia wrote:
>Hi
>
>I'm quite a beginner to gnupg.
>
>I would like to have a master key used for both encrypting documents 
>and mail and a subkey of that used for SSH.
>
>Following this 
>https://incenp.org/notes/2015/gnupg-for-ssh-authentication.html
>
>I first set up the keys:
>
>sec  ed25519/CFCD435B280B6CD2
>     created: 2019-02-22  expires: 2021-02-21  usage: SC
>     trust: ultimate      validity: ultimate
>ssb  cv25519/4FD4A5C38C7715BB
>     created: 2019-02-22  expires: 2021-02-21  usage: E
>ssb  ed25519/B84BE844E27BFE21
>     created: 2019-02-22  expires: 2021-02-21  usage: A
>[ultimate] (1). swedebugia <swedebugia at riseup.net>
>
>(followed these two guides: 
>https://www.gniibe.org/memo/software/gpg/keygen-25519.html and 
>https://www.g-loaded.eu/2010/11/01/change-expiration-date-gpg-key/)
>
>I get this after restarting my gpg-agent:
>
>$ gpg-agent --server
>OK Pleased to meet you
>
>and in another terminal:
>
>$ ssh-add -l
>The agent has no identities.
>
>My environment is this:
>
>$ env|grep SSH
>SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent.ssh
>SSH_AGENT_PID=538
>$ gpgconf --list-dirs agent-ssh-socket
>/run/user/1000/gnupg/S.gpg-agent.ssh
>
>My configs are attached.
>
>Thanks in advance!
>
>Cheers
>
>swedebugia
>

>enable-ssh-support

>7338C1836152D95BBCEFF33F45C49516CC810826

>_______________________________________________
>Gnupg-users mailing list
>Gnupg-users at gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users

What is the key that you in include in the .gnupg/sshcontrol file? On my 
system, it's the authentication subkey's 'keygrip'. I'm not exactly sure 
what the difference is between that and a fingerprint, but you can 
determine what it is using:

$ gpg --list-secret-keys --with-keygrip

Then make sure the keygrip in 'sshcontrol' matches the keygrip of your 
authentication subkey.

Cheers,
Chris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190223/533f1446/attachment.sig>


More information about the Gnupg-users mailing list