Loading...

GPF Crypto Stick OpenSSH Authentication

:heavy_exclamation_mark: This post is older than a year. Consider some information might not be accurate anymore. :heavy_exclamation_mark:

For the SSH Authentication the gpgsm package is needed, because we need “scdaemon” = smartcard-daemon

sudo apt-get install gpgsm

gpg-agent is needed because it is the only possibility to use a authentication subkey directly from the smartcard

sudo apt-get install gnupg-agent

deactivate gnome-keyring-daemon ssh-agent dropin-replacement, we want only gpg-agent

gconftool-2 --type bool --set /apps/gnome-keyring/daemon-components/ssh false

configure gpg to use agent (only for smartcard)

echo "use-agent" >> ~/.gnupg/gpg.conf

enable ssh-agent drop in replacement support for gpg-agent

echo "enable-ssh-support" >> ~/.gnupg/gpg-agent.conf

secure gnupg homedir

chmod -R go-rwx ~/.gnupg

update authorized keys file replace “766C78D0” with your authentication subkey-id from before add key to remote host (it’s the first key under the public key or the other public key)

gpgkey2ssh 766C78D0 | ssh root@krios "cat - >> ~/.ssh/authorized_keys"

My authentication key from GnuPG smart card

gpgkey2ssh F981E710 | ssh root@persephone "cat - >> ~/.ssh/authorized_keys"