Works on OSx Mojave!
- Install latest Macgpg: https://gpgtools.org/
- Create yourself a gpg key with auth subkey (https://www.linode.com/docs/security/authentication/gpg-key-for-ssh-authentication/)
- Run
gpg -K --with-keygrip
and put the keyid of the auth key in~/.gnupg/sshcontrol
- Install the files below to these locations:
/usr/local/bin/start-gpg-agent.sh
~/Library/LaunchAgents/gpg.agent.daemon.plist
- Run
sudo chmod +x /usr/local/bin/start-gpg-agent.sh
- Run
launchctl load -w ~/Library/LaunchAgents/gpg.agent.daemon.plist
- Run
gpg --export-ssh-key ::insert-your-keyid-here::
and distribute this to the servers you're connecting to (we key our pubkeys in ldap) - Remove any old ssh keys from your
~/.ssh/
directory - Restart your mac
- Run
ps -ef | grep gpg-agent
and verify the gpg agent is running with the--enable-ssh-support
option - Run
ssh-add -L
to see your pubkey
Enjoy!
Have a hardware key? Use ControlPlane to start/stop the gpg-agent on attach/detach of your smartcard. https://www.rempe.us/blog/yubikey-gnupg-2-1-and-ssh