GPG key to authenticate to SSH?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Jul 25 19:12:10 CEST 2012
On 07/25/2012 07:49 AM, Marco Steinacher wrote:
> I think 'monkeysphere subkey-to-ssh-agent' will do the same with GnuPG
> versions before 2.1. See
> http://lists.gnupg.org/pipermail/gnupg-users/2009-July/036946.html
yes, this is correct.
> It will extract the keygrip of your authentication subkey and add it to
> sshcontrol.
This isn't actually how "monkeysphere subkey-to-ssh-agent" (or, more
concisely, "monkeysphere s") works; instead it actually extracts the
authentication-capable subkey, reformats it in accordance with what ssh
expects, and feeds it to ssh-agent using the standard ssh-add.
reading sshcontrol's documentation in the texi doc, it occurs to me that
this indication of which key should be used for ssh should in many use
cases be visible to ssh servers as well. If for some reason the
authentication-capable flag isn't sufficient to indicate this, perhaps
some sort of OpenPGP notation in the binding signature would be useful?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20120725/3b7e0e0c/attachment.pgp>
More information about the Gnupg-users
mailing list