Using a GnuPG crypted RSA key for SSH

Werner Koch wk at
Thu May 2 08:17:58 CEST 2024

On Wed,  1 May 2024 11:50, Henning Follmann said:

> Well, if you have a authentication subkey on your card you could use that
> for ssh authentication directly.
> Your gpg-agent would then act as ssh-agent.

I would even claim that this is the best way to work with ssh - I do
this now for nearly 20 years:

  Noteworthy changes in version 1.9.16 (2005-04-21)

  * gpg-agent does now support the ssh-agent protocol and thus allows
    to use the pinentry as well as the OpenPGP smartcard with ssh.

This even works on Windows as a preplcement of pageant and more recently
ofbthe native OpenSSH Windows client.

On Linux take care to add "enable-ssh-support" to gpg-agent.conf because
on some distros the X config greps for this to decide whether to start
the ssh-agent or leave this to gpg-agent.  Technically the ssh support is
always enabled and thus the option is not really required.



The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list