use gpg-agent for ssh login

Dmitrii Tcvetkov demfloro at demfloro.ru
Fri May 4 10:51:34 CEST 2018


> On 04/05/18 08:58, Dmitrii Tcvetkov wrote:
> > gpg-agent will list identity only if key has Authenticate capability
> > and it's keygrip is listed in ${HOME}/.gnupg/sshcontrol  
> 
> That's incorrect. If you insert an OpenPGP smartcard with a key in the
> Authenticate slot, it will make that key available to the SSH agent
> system. That is regardless of listing in sshcontrol.
> 
> The difference is that if you list it in sshcontrol, and a server
> indicates acceptance of that key, the pinentry will prompt you to
> insert that smartcard for authentication even when the smartcard is
> not inserted. Whereas if it is not in sshcontrol and not currently
> inserted either, the key will never be offered to the server in the
> first place.

Interesting, thanks you.




More information about the Gnupg-users mailing list