kborovik/How to use a GPG key for SSH authentication

## How to use a GPG key for SSH authentication
# How to use a GPG key for SSH authentication
# Tested on Ubuntu 20.04 LTS

# Enable SSH support in gpg-agent:
echo enable-ssh-support > ~/.gnupg/gpg-agent.conf

# Cache GPG & SSH passwords for 24 hours (the reboot will clear the password cache)
echo max-cache-ttl 86440 >> ~/.gnupg/gpg-agent.conf
echo max-cache-ttl-ssh 86440 86440 >> ~/.gnupg/gpg-agent.conf
echo default-cache-ttl 86440 >> ~/.gnupg/gpg-agent.conf
echo default-cache-ttl-ssh 86440 >> ~/.gnupg/gpg-agent.conf

# Add SSH_AUTH_SOCK config to startup files
vi ~/.zshrc or vi ~/.bashrc
export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)" # set SSH_AUTH_SOCK
gpg-connect-agent updatestartuptty /bye > /dev/null # help pgp find user tty for password prompts

# List public keys with keygrip option
gpg --list-keys --with-keygrip
-------------------------------
pub   ed25519/C2BCF0BF 2020-09-28 [SC]
      Key fingerprint = 89B0 3C51 CF63 1E16 454D  6871 B534 46C2 C0CC F0BF
      Keygrip = 7F852EF146D1A5FCFED6946A9AFAC925610F7FDA
uid         [ultimate] User Name <my@email.com>
sub   cv25519/A75925B3 2020-09-28 [E]
      Keygrip = 50A88462AFFCB5A6B851B5BB76DBB3B6410157C6
sub   ed25519/B1EDF558 2020-09-28 [A]
      Keygrip = 34DE6B37C4ECE3C184A833E45B7C15B26664D75F

# Place authintication subkey keygrip into ~/.gnupg/sshcontrol
echo 34DE6B37C4ECE3C184A833E45B7C15B26664D75F > ~/.gnupg/sshcontrol

# Reboot OS to reload ssh-agent and gpg-angent, just in case

# Verify SSH public keys
gpg --export-ssh-key my@email.com
ssh-add -L
	# How to use a GPG key for SSH authentication
	# Tested on Ubuntu 20.04 LTS

	# Enable SSH support in gpg-agent:
	echo enable-ssh-support > ~/.gnupg/gpg-agent.conf

	# Cache GPG & SSH passwords for 24 hours (the reboot will clear the password cache)
	echo max-cache-ttl 86440 >> ~/.gnupg/gpg-agent.conf
	echo max-cache-ttl-ssh 86440 86440 >> ~/.gnupg/gpg-agent.conf
	echo default-cache-ttl 86440 >> ~/.gnupg/gpg-agent.conf
	echo default-cache-ttl-ssh 86440 >> ~/.gnupg/gpg-agent.conf

	# Add SSH_AUTH_SOCK config to startup files
	vi ~/.zshrc or vi ~/.bashrc
	export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)" # set SSH_AUTH_SOCK
	gpg-connect-agent updatestartuptty /bye > /dev/null # help pgp find user tty for password prompts

	# List public keys with keygrip option
	gpg --list-keys --with-keygrip
	-------------------------------
	pub ed25519/C2BCF0BF 2020-09-28 [SC]
	Key fingerprint = 89B0 3C51 CF63 1E16 454D 6871 B534 46C2 C0CC F0BF
	Keygrip = 7F852EF146D1A5FCFED6946A9AFAC925610F7FDA
	uid [ultimate] User Name <my@email.com>
	sub cv25519/A75925B3 2020-09-28 [E]
	Keygrip = 50A88462AFFCB5A6B851B5BB76DBB3B6410157C6
	sub ed25519/B1EDF558 2020-09-28 [A]
	Keygrip = 34DE6B37C4ECE3C184A833E45B7C15B26664D75F

	# Place authintication subkey keygrip into ~/.gnupg/sshcontrol
	echo 34DE6B37C4ECE3C184A833E45B7C15B26664D75F > ~/.gnupg/sshcontrol

	# Reboot OS to reload ssh-agent and gpg-angent, just in case

	# Verify SSH public keys
	gpg --export-ssh-key my@email.com
	ssh-add -L