How to use gpg as ssh agent
If you don’t know how to create GPG keys read How to create GPG key-pair
This setup is for Mac users
Enable the GPG-agent ssh support by typing this in your terminal
echo enable-ssh-support >> $HOME/.gnupg/gpg-agent.conf
Set SSH_AUTH_SOCK so that SSH will use GPG-agent instead of ssh-agent. Add this to to your .bashprofile or .zshrc
To know your SHELL type
echo $SHELL
this will print /bin/zsh or /bin/bash
open the .zshrc file by typing
cd && nano .zshrc
or open .bashprofile by typing
cd && nano .bash_profile
Add the following to the file (.bashprofile or .zshrc)
unset SSH_AGENT_PID
if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
fi
export GPG_TTY=$(tty)
gpg-connect-agent updatestartuptty /bye >/dev/null
Enable the gpg subkey for ssh authentication
Type the following command to get the the sub-key key grip
gpg --list-keys --with-keygrip
This may print the following
amrith@V ~ % gpg -K --with-keygrip
/Users/amrith/.gnupg/pubring.kbx
---
sec# rsa4096 2021-02-07 [SC] [expires: 2031-02-07]
10B0C3E9867BC44CDA48690C8678CFE303EBDB52
Keygrip = CD02E01C898C378214163C91F3D1E93107B0EBDB
uid [ultimate] Amrith Vengalath
ssb rsa4096 2021-02-07 [E] [expires: 2023-02-09]
Keygrip = 4778AA4AE919B0387C24389FC2E86C4B7749FAD4
ssb rsa4096 2021-02-09 [S] [expires: 2023-02-09]
Keygrip = B19D2224DBBBCC324679AC3CDA97337035477338
ssb rsa4096 2021-02-10 [A] [expires: 2023-02-10]
Keygrip = 53C518FCC568C4D3659AD3FF0C0A567CC9593DB5
Add the keygrip of your subkey in the list of approved keys by the following command
echo 53C518FCC568C4D3659AD3FF0C0A567CC9593DB5 >> ~/.gnupg/sshcontrol
I typed 53C518FCC568C4D3659AD3FF0C0A567CC9593DB5
here since that is my keygrip replace this with yours
Now type the following command to check if the key is present in the ssh identities list
ssh-add -l
output
4096 SHA256:adp8owth5AD41Hk6uHYY3M5rl/GJNzizQIXwRugS5t0 (none) (RSA)
Retrieve the public ssh key for the subkey
for that type the following command
gpg --export-ssh-key 03EBDB52
output
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMPKbaYFylBzBNA79ZOzdoMit7/HpJcqG1qNoegN6gxh/rdUNRA5Lu700ub+Z3PioZHQHm01PczINO5uT9S/kA0FnkoIFJ+gqd4QfAVpPhsPFzkxiEHj9552UnjsEOlCM5gLwXfeVr268VUSEcY0HtHJ8jELF3xOO9JeFDAGWbrEHqKbeClvsUHKn2Ktf2LXITh0tHUFbzPt+LqEopNrkjdAsMTJVUh7mrIeJFbGlqlgUfnaWCOXZ9vdAyj/E2FkK98+lg423svrU5gqCMcAOHww/8qHpuZ3ni6VxbBMo6aEbChGkfNMOXmrelk9+XZOJH6bCZPP6egTwXMBZg9W60hq4r1lc6pprBp48kmdNuj9JDg+I2r2q2ETslzOZJC5GUJv1FifIaztPH9lO6L/e1/xGiKIbQsL7mKSju7pnhAvMfmwGVTzo6CwWm2QKVEVu5pI3dP/dJINwXZ+LoG6q2lkNxt/6xKQPUSDtwCoxmo/Di8lFuHmoi0Q2TJgX1I07uWDurTqci+fafniYcuwABxFrQZKUcNb+ZaSL2L4DifMu+FvC0sZlkprWTQ/R6PnhTzEEuiHLQZG1O3UycI2TyEhUxaPmTulJktlVjH8GXcbp5tWjtk/7WYKBiVu8yvXUtGicMpQ/VQev/Lyd0ucb0eTyGofLDAXwcgAsXenacBw== openpgp:0x4893D8CE
You can test if the key is working with your Github account. The ssh public key generated in the previous step has to be added to your Github SSH keys.
ssh -T [email protected]
output
Hi AmrithVengalath! You've successfully authenticated, but GitHub does not provide shell access.