Question about authentication subkeys and SSH
James P. Howard, II
jh at jameshoward.us
Wed Jul 22 23:50:04 CEST 2009
On Wed Jul 22 2009 16:12:34 GMT-0400 (EDT) , Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> On 07/22/2009 03:59 PM, James P. Howard, II wrote:
>> I have created a 2048-bit RSA subkey that is authentication only.
>> I'd like to use this with SSH. A bit of Googling suggests this
>> cannot be used directly unless it is on a smart card, but it isn't
>> clear. Have I correctly interpreted this?
>
> You can use such a subkey without a smartcard by using software
> provided by the monkeysphere project:
>
> http://web.monkeysphere.info/
>
> Assuming this is the only authentication-capable subkey on your only
> gpg secret key, you'd simply do:
>
> monkeysphere subkey-to-ssh-agent
>
> which would load the key into the agent for use. You can pass
> additional parameters to ssh-add at the end of the argument list.
> For example, if you want to ensure that the key is only held by the
> agent for an hour, do:
>
> monkeysphere subkey-to-ssh-agent -t 3600
That looks like the missing link I was searching for!
Thank you.
--
James P. Howard, II, MPA
jh at jameshoward.us
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090722/09902a3d/attachment.pgp>
More information about the Gnupg-users
mailing list