commit 8df278dae1b5f65e6efb3321360e84715af722eb parent 5c170158df2b265903e06dcf893e8d260f24cb2d Author: pyratebeard <root@pyratebeard.net> Date: Tue, 22 Nov 2022 23:50:27 +0000 where_the_sshadows_lie Diffstat:
| M | entry/where_the_sshadows_lie.md | | | 10 | +++++++++- |
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/entry/where_the_sshadows_lie.md b/entry/where_the_sshadows_lie.md @@ -12,7 +12,7 @@ Could one SSH key pair for _my identity_ be enough? If the private key was secu To get an idea of how others work I put out [a poll](TK){target="_blank" rel="noreferrer"} on Mastodon. - + It surprised me that an equal number of people use one key per device as those that use one key for all. @@ -22,8 +22,16 @@ When a GPG key is loaded into your keyring you don't have to keep the private ke As it turns out you can add an SSH key as a subkey to a GPG key, then `gpg-agent` will provide the authentication instead of `ssh-agent`, and more importantly you can delete you SSH private key. +To add your SSH key as a subkey edit your GPG key in expert mode ``` +gpg2 -a --export-secret-keys <key_id> > gpg_key.asc +mkdir tmp_gpg +chmod 700 tmp_gpg +gpg2 --homedir tmp_gpg --import gpg_key.asc ``` +https://opensource.com/article/19/4/gpg-subkeys-ssh-multiples +https://gist.github.com/grenade/6318301?permalink_comment_id=3527964 +https://unix.stackexchange.com/questions/372879/import-my-ssh-key-as-gpg-sub-key-to-use-for-ssh-authentication Going one step further took [me back](TK){target="_blank" rel="noreferrer"} to hardware keys such as the [Yubikey](TK){target="_blank" rel="noreferrer"}.