diff options
| -rw-r--r-- | table.connusers | 3 | ||||
| -rw-r--r-- | table.weekconns | 2 | ||||
| -rw-r--r-- | wiki.php | 1 | ||||
| -rw-r--r-- | wikipages/gpg-for-ssh-auth.wiki | 28 |
4 files changed, 32 insertions, 2 deletions
diff --git a/table.connusers b/table.connusers index 9c212bd..52d934f 100644 --- a/table.connusers +++ b/table.connusers @@ -1,5 +1,6 @@ <ul> -<li>rnelson</li> <li>lorenzo</li> +<li>ahriman</li> <li>nimbius</li> +<li>rnelson</li> </ul> diff --git a/table.weekconns b/table.weekconns index a5c750f..b5045cc 100644 --- a/table.weekconns +++ b/table.weekconns @@ -1 +1 @@ -27 \ No newline at end of file +21 \ No newline at end of file diff --git a/wiki.php b/wiki.php index b7eed31..05cf7c7 100644 --- a/wiki.php +++ b/wiki.php @@ -33,6 +33,7 @@ <a href="wiki.php?page=bchs">BCHS Intro Guide</a><br /> <a href="wiki.php?page=dcss">Dungeon Crawl Stone Soup</a><br /> <a href="wiki.php?page=finger">Finger</a><br /> + <a href="wiki.php?page=gpg-for-ssh-auth">GnuPG for SSH Authentication</a><br /> <a href="wiki.php?page=irc">IRC</a><br /> <a href="wiki.php?page=unixprotips">UNIX ProTips</a><br /> <?php diff --git a/wikipages/gpg-for-ssh-auth.wiki b/wikipages/gpg-for-ssh-auth.wiki new file mode 100644 index 0000000..b891ec9 --- /dev/null +++ b/wikipages/gpg-for-ssh-auth.wiki @@ -0,0 +1,28 @@ +<!-- + author: ahriman + title: Using GPG For SSH Authentication + description: setting gpg-agent to handle ssh authentication on linux +--> + +<h2>Using GPG for SSH Authentication</h2> + +<p>It's a fairly simply process to have <code>gpg-agent</code> handle your SSH authentication. To start off, you'll need to have a private GnuPG key generated with an appropriate subkey for authentication. Once that's taken care of, open up <code>~/.gnupg/gpg-agent.conf</code></p> + +<div class="code">$ cat ~/.gnupg/gpg-agent.conf<br /> +enable-ssh-support<br /> +default-cache-ttl 60<br /> +max-cache-ttl 120</div> + +<p>Now you'll need to append the following to ~/.bashrc, or the appropriate rc file for your shell</p> + +<div class="code">$ cat ~/.bashrc<br /> +export GPG_TTY="$(tty)"<br /> +export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)<br /> +gpg-connect-agent updatestartuptty /bye</div> + +<p>Once that's done, you'll need to let gpg-agent know which GnuPG subkey to use for SSH authentication. Run <code>gpg --with-keygrip -k <email></code> and copy the keygrip associated with the subkey you've generated specifically for authentication only. Now, open <code>~/.gnupg/sshcontrol</code> and paste the keygrip into that file. Verify that the correct keygrip has been selected by running <code>ssh-add -L</code> and comparing it against the output of <code>gpg +--export-ssh-key <keyid></code>. If it's correct, kill off gpg-agent with <code>killall gpg-agent</code>, then open up a new terminal and attempt to connect to a server!</p> + +<br /> + +<a href="/wiki">Back to Wiki</a> |