Using a GnuPG crypted RSA key for SSH

Henning Follmann hfollmann at
Thu May 2 13:44:04 CEST 2024

On Thu, May 02, 2024 at 10:33:15AM +0200, Matthias Apitz wrote:
> El día jueves, mayo 02, 2024 a las 08:17:58 +0200, Werner Koch via Gnupg-users escribió:
> > ...
> > On Linux take care to add "enable-ssh-support" to gpg-agent.conf because
> > on some distros the X config greps for this to decide whether to start
> > the ssh-agent or leave this to gpg-agent.  Technically the ssh support is
> > always enabled and thus the option is not really required.

I do not know what you did, but that looks like a mess
Your pinentry was working before (I guess) and you should not change
anything there.

And there is no need for using trace - way too complicated!

as Werner said add 


to your ~/.gnupg/gpg-agent.conf

You might also create a ~/.gnupg/sshcontrol and add the keygrip of your
authentication subkey in there

and then finally tell ssh where to find the ssh-agnet socket. gpg will tell
you that by:

gpgconf --list-dirs agent-ssh-socket

just put 

export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)

in your ~/.bashrc

and because gpg-agent does not usually run as deamon make shure it is
running before you use ssh

gpgconf --launch gpg-agent

You also could add that to your .bashrc


Henning Follmann           | hfollmann at

More information about the Gnupg-users mailing list