2022-11-06 03:26:07 +00:00
|
|
|
---
|
|
|
|
|
title: "gpg keys with ssh"
|
|
|
|
|
tags: [ "Documentation", "distros" ]
|
|
|
|
|
---
|
|
|
|
|
|
2022-05-16 22:23:53 +00:00
|
|
|
<!--
|
|
|
|
|
Source:
|
|
|
|
|
https://ryanlue.com/posts/2017-06-29-gpg-for-ssh-auth
|
|
|
|
|
-->
|
|
|
|
|
|
|
|
|
|
Install `gnupg`.
|
|
|
|
|
|
|
|
|
|
Generate a new gpg key just for authentication:
|
|
|
|
|
|
|
|
|
|
> gpg2 --expert --edit-key 024C6B1C84449BD1CB4DF7A152295D2377F4D70F
|
|
|
|
|
|
|
|
|
|
Toggle options `S`, `E`, and `A` until the following output:
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
Current allowed actions: Authenticate
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Add ssh to the gpg key agent.
|
|
|
|
|
|
|
|
|
|
> echo enable-ssh-support >> ~/.gnupg/gpg-agent.conf
|
|
|
|
|
|
|
|
|
|
This won't take effect until you restart the gpg agent, so kill it:
|
|
|
|
|
|
|
|
|
|
> gpgconf --kill gpg-agent
|
|
|
|
|
|
|
|
|
|
> gpgconf --launch gpg-agent
|
|
|
|
|
|
|
|
|
|
Use 2048 (or whatever) bits, save, and exit.
|
|
|
|
|
|
|
|
|
|
Add this to your `~/.bash_profile`:
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
> source ~/.bash_profile
|
|
|
|
|
|
|
|
|
|
Find the ssh key's keygrip with:
|
|
|
|
|
|
|
|
|
|
> gpg -k --with-keygrip
|
|
|
|
|
|
|
|
|
|
It's the one with `[A]` next to it.
|
|
|
|
|
Add it to `~/.gnupg/sshcontrol`.
|
|
|
|
|
|
|
|
|
|
> echo 1P0P6SA7S07Q8198414P126OR0514R3R8Q1389SP > ~/.gnupg/sshcontrol
|
|
|
|
|
|
|
|
|
|
Confirm it's added:
|
|
|
|
|
|
|
|
|
|
> ssh-add -l
|
