> > Why do you add the keygrip to the sshcontrol file? I have never > > needed that step. For me it uses the right key directly. Is it > > because you have another (revoked) A subkey? It sounds somewhat of > > sub-optimal behaviour for gpg-agent's SSH support to use a revoked > > key instead of the non-revoked key. > > I do have a revoked Authentication sub-key on my primary key, but I > no longer use it and that is also not why I added the keygrip entry to > sshcontrol file. I added it at the suggestion of Werner in this post: > > https://lists.gnupg.org/pipermail/gnupg-users/2012-July/045059.html > > And these blog posts: > http://incenp.org/notes/2015/gnupg-for-ssh-authentication.html > http://budts.be/weblog/2012/08/ssh-authentication-with-your-pgp-key > > Is this suggestion outdated?
I don't recall ever using it, and I've been using SSH with smartcards through gpg-agent for over 10 years. What happens if you drop that part? For me it has always selected the right subkey automatically. /Simon
pgpfOOtgB7R5k.pgp
Description: OpenPGP digital signatur
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users