On 17/03/2019 13:17, Brian Exelbierd wrote: > Having done no code examination, I feel like this is where the > identity information for subkeys comes into play. I presume the SSH > request would pass the value of the identity file to the gpg-agent. > This is probably 100% wrong though/
30% wrong? It actually is "the wire encoding of the public key", so key material rather than a filename. Your comment made a click in my mind though. I've solved it. Put this in .ssh/config: --8<---------------cut here---------------start------------->8--- Host your-server.com IdentitiesOnly yes IdentityFile ~/.ssh/testkey7.pub --8<---------------cut here---------------end--------------->8--- Where testkey7.pub is a file containing the *public* key. Usually you would use a private key here, but OpenSSH is just as happy with a public key as long as the agent can do the private operation. > Also, as an aside. It appears that subkeys do not prompt for the key > passphrase. Instead I just get an allow/deny dialog or no dialog at > all if I don't force confirm. The passphrase is cached. The duration can be controlled through default-cache-ttl-ssh and max-cache-ttl-ssh in ~/.gnupg/gpg-agent.conf or on a per-key basis in sshcontrol. It is possible to turn off caching for SSH keys completely. See "man gpg-agent". > Distracting myself with GPG/SSH while doing taxes is a bad idea and > leads to bad internet hygiene :D Hehehe :-D HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
