ssh authentication with an OpenPGP smartcard
I've decided I don't want to keep an ssh key on my traveling laptop, but I still need to be able to authenticate to a number of hosts (and expecially gpg repositories). I also have an OpenPGP smartcard (from the FSFE). A plan is starting to form.
There are a number of guides available, but many of those are obsolete; the following pages are from this decade:
- Using GnuPG (2.1) for SSH authentication
- Using GnuPG for SSH authentication (from the same author, using GnuPG 2.0, includes still current notes on using a smartcard)
- How to use authentication subkeys in gpg for SSH public key authentication
- SSH authentication with your PGP key
I've had some success from outside X, now I need to find out where I should disable ssh-agent from starting every time a start an X session, so that gpg-agent can take its place.
@Gruppo Linux Como @LIFO #gnupg
Freemor likes this.
Another link that may be useful in the future: https://github.com/lfit/ssh-gpg-smartcard-config
Disabling ssh-agent was as simple as removing use-ssh-agent from/etc/X11/XSession.options.
To be sure that /etc/X11/Xsession.d/90gpg-agent does the right thing, you need use-agent in $GNUPGHOME/gpg.conf and enable-ssh-support in $GNUPGHOME/gpg-agent.conf.
(FTR, this was done on debian stretch)