ssh, Yubikey NEO smartcard, gpg-agent - simple setup

Florin Andrei's Avatar

Florin Andrei

08 Oct, 2014 06:20 PM

1.0.2 build 602

ssh public/private key authentication, with the private key stored on a smartcard. The card is actually a Yubikey NEO. I am using gpg-agent to plug the gap between ssh and the smartcard. I am following this howto for the most part, which seems to work pretty well:

http://25thandclement.com/~william/YubiKey_NEO.html

Other relevant links:

http://www.yubico.com/products/yubikey-hardware/yubikey-neo/

http://forum.yubico.com/viewtopic.php?f=26&t=1171

The howto claims your smartcard remains tied to the ~/.gnupg keyring on the machine where you've generated the keys. I think that's not true. Reading this howto...

https://blog.habets.se/2013/02/GPG-and-SSH-with-Yubikey-NEO

...it became apparent that I only need the smartcard, and a working gpg-agent, and I could run ssh on any machine. This is what I would expect, since the private key is stored on the smartcard, so why should I care about the keyring?

The only problem is, the second howto shows how to run ssh in a wrapper script with gpg-agent. Is there a more direct method? Basically, what I would expect is to be able to plug the smardcard into USB and, as long as gpg-agent is running, I should be able to just fire up ssh, scp, sftp and have authentication taken care of.

What do you think?

  1. Support Staff 1 Posted by Steve on 09 Jan, 2015 12:09 PM

    Steve's Avatar

    Hi Florin,

    it's best to ask this question on the gnupg users mailing list:
    https://www.gnupg.org/documentation/mailing-lists.html

    All the best,
    steve

  2. 2 Posted by Florin Andrei on 09 Jan, 2015 07:11 PM

    Florin Andrei's Avatar

    I've solved it, I'll write a HOWTO on this topic soon, and perhaps link it here.

  3. Support Staff 3 Posted by Steve on 15 Jan, 2015 10:21 AM

    Steve's Avatar

    Florin, would be great, if you could share how you solved this problem.

  4. 4 Posted by Florin Andrei on 15 Jan, 2015 06:59 PM

    Florin Andrei's Avatar
  5. Support Staff 5 Posted by Steve on 16 Jan, 2015 06:33 PM

    Steve's Avatar

    Great job. I really hope this issue can be resolved. We'll update the discussion you referenced in your blog article as soon as we have news.

    All the best,
    steve

  6. Steve closed this discussion on 16 Jan, 2015 06:33 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac