Amrith Vengalath

How to use gpg as ssh agent

· Amrith Vengalath

How to use gpg as ssh agent

If you don’t know how to create GPG keys read How to create GPG key-pair

This setup is for Mac users

Enable the GPG-agent ssh support by typing this in your terminal

echo enable-ssh-support >> $HOME/.gnupg/gpg-agent.conf

Set SSH_AUTH_SOCK so that SSH will use GPG-agent instead of ssh-agent. Add this to to your .bashprofile or .zshrc

To know your SHELL type

echo $SHELL

this will print /bin/zsh or /bin/bash

open the .zshrc file by typing

cd && nano .zshrc

or open .bashprofile by typing

cd && nano .bash_profile

Add the following to the file (.bashprofile or .zshrc)

unset SSH_AGENT_PID
if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
fi
export GPG_TTY=$(tty)
gpg-connect-agent updatestartuptty /bye >/dev/null

Enable the gpg subkey for ssh authentication

Type the following command to get the the sub-key key grip

gpg --list-keys --with-keygrip

This may print the following

amrith@V ~ % gpg -K --with-keygrip
/Users/amrith/.gnupg/pubring.kbx

---

sec# rsa4096 2021-02-07 [SC] [expires: 2031-02-07]
10B0C3E9867BC44CDA48690C8678CFE303EBDB52
Keygrip = CD02E01C898C378214163C91F3D1E93107B0EBDB
uid [ultimate] Amrith Vengalath
ssb rsa4096 2021-02-07 [E] [expires: 2023-02-09]
Keygrip = 4778AA4AE919B0387C24389FC2E86C4B7749FAD4
ssb rsa4096 2021-02-09 [S] [expires: 2023-02-09]
Keygrip = B19D2224DBBBCC324679AC3CDA97337035477338
ssb rsa4096 2021-02-10 [A] [expires: 2023-02-10]
Keygrip = 53C518FCC568C4D3659AD3FF0C0A567CC9593DB5

Add the keygrip of your subkey in the list of approved keys by the following command

echo 53C518FCC568C4D3659AD3FF0C0A567CC9593DB5 >> ~/.gnupg/sshcontrol

I typed 53C518FCC568C4D3659AD3FF0C0A567CC9593DB5 here since that is my keygrip replace this with yours

Now type the following command to check if the key is present in the ssh identities list

ssh-add -l

output

4096 SHA256:adp8owth5AD41Hk6uHYY3M5rl/GJNzizQIXwRugS5t0 (none) (RSA)

Retrieve the public ssh key for the subkey

for that type the following command

gpg --export-ssh-key 03EBDB52

output

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMPKbaYFylBzBNA79ZOzdoMit7/HpJcqG1qNoegN6gxh/rdUNRA5Lu700ub+Z3PioZHQHm01PczINO5uT9S/kA0FnkoIFJ+gqd4QfAVpPhsPFzkxiEHj9552UnjsEOlCM5gLwXfeVr268VUSEcY0HtHJ8jELF3xOO9JeFDAGWbrEHqKbeClvsUHKn2Ktf2LXITh0tHUFbzPt+LqEopNrkjdAsMTJVUh7mrIeJFbGlqlgUfnaWCOXZ9vdAyj/E2FkK98+lg423svrU5gqCMcAOHww/8qHpuZ3ni6VxbBMo6aEbChGkfNMOXmrelk9+XZOJH6bCZPP6egTwXMBZg9W60hq4r1lc6pprBp48kmdNuj9JDg+I2r2q2ETslzOZJC5GUJv1FifIaztPH9lO6L/e1/xGiKIbQsL7mKSju7pnhAvMfmwGVTzo6CwWm2QKVEVu5pI3dP/dJINwXZ+LoG6q2lkNxt/6xKQPUSDtwCoxmo/Di8lFuHmoi0Q2TJgX1I07uWDurTqci+fafniYcuwABxFrQZKUcNb+ZaSL2L4DifMu+FvC0sZlkprWTQ/R6PnhTzEEuiHLQZG1O3UycI2TyEhUxaPmTulJktlVjH8GXcbp5tWjtk/7WYKBiVu8yvXUtGicMpQ/VQev/Lyd0ucb0eTyGofLDAXwcgAsXenacBw== openpgp:0x4893D8CE

You can test if the key is working with your Github account. The ssh public key generated in the previous step has to be added to your Github SSH keys.

ssh -T [email protected]

output

Hi AmrithVengalath! You've successfully authenticated, but GitHub does not provide shell access.