a guest Jun 17th, 2019 52 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
- In theory, enabling SSH support on the `gpg-agent` is as simple as passing the `--enable-ssh-support` option to the `gpg-agent`
- when initialized. However, this is tricky in Ubuntu (and probably many other Linux systems) because the `gpg-agent` is
- constantly relaunched. If we're on a machine we don't want to modify too much (as in disabling the classic `ssh-agent`), this
- is even trickier.
- Here's how I solved it:
- * Enable SSH support for the `gpg-agent` every time. While this is a system modification, it's a mild one and easy to revert.
- This is accomplished with the command:
- echo enable-ssh-support >> .gnupg/gpg-agent.conf
- * Then, kill the `gpg-agent` manually. It'll be restarted automatically and pick up the new option:
- kill $(pgrep gpg-agent)
- * Finally, have the SSH client point to the `gpg-agent` when looking for keys, instead of the traditional `ssh-agent`. This
- will only affect the current shell, so it won't affect the system beyond that. It's accomplished by rewiring the following
- environment variable:
- export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
- And that's it! If you have an authentication GPG subkey on a smartcard, you can now use that to connect through SSH.
RAW Paste Data