Hi Teemu, Teemu Likonen: > Keys with authentication capability can be used with ssh, and GnuPG > 2.1's command --export-ssh-key will export the ssh public key. Right?
Yes, --export-ssh-key has been introduced in gpg with release of version 2.1.11. To set the whole thing up, a few more steps are necessary (--enable-ssh-support in gpg.conf still is necessary AFAIK, but this is the "new" export command. > > Unfortunately I have GnuPG 2.0.26 (as packaged in Debian 8). Can it be > told to export ssh public keys? Yes, but it's a bit more laborious in comparison to gpg >= 2.1.11 A) You do not use a smart card --> B) you use a smart card A1) Install the monkeysphere package (1) that includes openpgp2ssh tool A2) Export the secret subkey you'd like to use for ssh authentication purposes and pipe it through openpgp2ssh gpg2 --export-secret-subkeys \ --export-options export-reset-subkey-passwd [keyID!] | \ openpgp2ssh [keyID] > gpg-auth-keyfile A3) Set correct permissions chmod 0600 gpg-auth-keyfile A4) Add the key to the agent ssh-add gpg-auth-key-file A4) Check that the key effectively is loaded ssh-add -l A5) Extract the *public* key for use in the ~/.ssh/authorized_keys file ssh-add -L OR gpgkey2ssh [keyID] B) You use a smart card and have it inserted Transfer your secret authentication subkey to the smart card by typing first B1) gpg2 --edit-key [keyID] Toggle and select the correct subkey B2) gpg> toggle B3) key [N] N depends on the number of subkeys and describes the position of the key in the listing B4) Transfer the authentication subkey to the card gpg> keytocard Select the correct slot of the card for the auth subkey to be stored Usually, it's "3" B5) Enter passphrase B6) Enter your card ADMIN PIN B7) gpg> save Cheers Stephan List member Damien Goute-Gattat has an excellent write-up to be found at: https://incenp.org/notes/2014/index.html
0x4218732B.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
