social.gl-como.it

ssh authentication with an OpenPGP smartcard

I've decided I don't want to keep an ssh key on my traveling laptop, but I still need to be able to authenticate to a number of hosts (and expecially gpg repositories). I also have an OpenPGP smartcard (from the FSFE). A plan is starting to form.

There are a number of guides available, but many of those are obsolete; the following pages are from this decade:





I've had some success from outside X, now I need to find out where I should disable ssh-agent from starting every time a start an X session, so that gpg-agent can take its place.

@Gruppo Linux Como @LIFO #gnupg
Disabling ssh-agent was as simple as removing use-ssh-agent from /etc/X11/XSession.options.

To be sure that /etc/X11/Xsession.d/90gpg-agent does the right thing, you need use-agent in $GNUPGHOME/gpg.conf and enable-ssh-support in $GNUPGHOME/gpg-agent.conf.

(FTR, this was done on debian stretch)