blob: b891ec90c1d80a47a8038f1be97737b5dfe79cb5 (
plain) (
tree)
|
|
<!--
author: ahriman
title: Using GPG For SSH Authentication
description: setting gpg-agent to handle ssh authentication on linux
-->
<h2>Using GPG for SSH Authentication</h2>
<p>It's a fairly simply process to have <code>gpg-agent</code> handle your SSH authentication. To start off, you'll need to have a private GnuPG key generated with an appropriate subkey for authentication. Once that's taken care of, open up <code>~/.gnupg/gpg-agent.conf</code></p>
<div class="code">$ cat ~/.gnupg/gpg-agent.conf<br />
enable-ssh-support<br />
default-cache-ttl 60<br />
max-cache-ttl 120</div>
<p>Now you'll need to append the following to ~/.bashrc, or the appropriate rc file for your shell</p>
<div class="code">$ cat ~/.bashrc<br />
export GPG_TTY="$(tty)"<br />
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)<br />
gpg-connect-agent updatestartuptty /bye</div>
<p>Once that's done, you'll need to let gpg-agent know which GnuPG subkey to use for SSH authentication. Run <code>gpg --with-keygrip -k <email></code> and copy the keygrip associated with the subkey you've generated specifically for authentication only. Now, open <code>~/.gnupg/sshcontrol</code> and paste the keygrip into that file. Verify that the correct keygrip has been selected by running <code>ssh-add -L</code> and comparing it against the output of <code>gpg
--export-ssh-key <keyid></code>. If it's correct, kill off gpg-agent with <code>killall gpg-agent</code>, then open up a new terminal and attempt to connect to a server!</p>
<br />
<a href="/wiki">Back to Wiki</a>
|